How to prevent ssh key passphrase prompt every time you launch WSL
I am assuming you already know about SSH, used SSH key with passphrase and got annoyed for seeing password prompt for your key every time you launch WSL and stumbled upon my post while searching for a solution to get rid of this.
In Linux, you can run ssh-add <your key location>
and then the SSH authentication agent stores your key safely and you never need to type your passphrase again. This doesn’t work on WSL. It works only as long as your terminal session is running. Once you close it, or open a new window, you need to add it again or type the passphrase every time. There are some workaround solutions, custom scripts I have found on other people’s solutions, but they all require you to type the passphrase at least once after you reboot your computer. I don’t like it. I have figured out another solution that doesn’t need that.
If you didn’t know, Windows 10 and 11 now comes with OpenSSH built-in. If you save your SSH key on windows’ SSH authentication agent, that is persisted. So my solution is to share the SSH service of Windows with WSL!
Key Generation
If you already have your key, move it to the default location C:\Users\<username>\.ssh
folder, or somewhere you want, and skip to the Key Storing part. If you want to generate a new key pair, follow this part.
First you need to have OpenSSH-server. The client comes pre-installed but you might need to install the server manually. Lets check if you have it installed already. For Windows 10, go to ‘Settings > Apps > Apps & Features > Optional Features’ (update: this seems to have moved to ‘Settings > System > Optional Features’) or for Windows 11 go to ‘Settings > Apps > Optional Features’ and search ‘ssh’, if you see server, you have it, if not, lets install it.
Click the ‘View features’ button on ‘Add an optional feature’ option (Windows 11) or ‘Add a feature’ (Windows 10), search for the server and install it.
After installing it, run PowerShell as Administrator, and run the following code,
Get-Service ssh-agent | Set-Service -StartupType AutomaticStart-Service sshdssh-keygen #add additional parameters here as you like
This will generate your new Public-Private key pair. The default location where the files will be saved is C:\Users\<username>\.ssh
.
Key Storing
To save the key in ssh authentication agent, run the following code in PowerShell as Administrator,
Get-Service ssh-agent | Set-Service -StartupType AutomaticStart-Service ssh-agentGet-Service ssh-agent
ssh-add <key file location>
This will prompt you to type your key passphrase. Enter it and you are done!
Let’s check if it asks again when you try to use the ssh key. Add the public key to your Github account (open <your key>.pub
with any text editor to copy the key), and then run the following on your Windows machine’s terminal, (cmd or powershell)
ssh -T git@github.com
You should get Hello from Github without needing your passphrase.
Configuring WSL
Now it’s time to tell WSL to use Windows’ SSH client. We can explicitly tell git to use Windows’ ssh, by running,
git config --global core.sshcommand "ssh.exe"
If you test your connection with Github again, now from WSL, you will see you are not asked for your passphrase!
And to use it for other ssh connection from WSL, instead of typing ssh user@host
, type ssh.exe user@host
and you will be using the ssh service from Windows! If you don’t like to type .exe
, you can set an alias for it in your ~/.bash_aliases
or equivalent file,
alias ssh='ssh.exe'#linux distro's ssh if you want
#alias sshw='/usr/bin/ssh'
# I guess there is a better way to rename it other than setting alias?
Outro
WSL2 is one of the best things Windows have offered. You now can use the best of the both worlds in a single machine, without needing to switch OS. Combine that with Windows Terminal (which now comes pre-installed with Windows 11, downloadable from Microsoft Store for Windows 10), you now have a powerful developer machine.
(If you found this article helpful, give it some claps! If you want to connect with me, send me a request on Twitter@AhsanShihab_.)