Remember git passphrase in WSL

Asked 20/9, 2018 at 11:2 Answered 9/9, 2020 at 2:19

Solved git windows-subsystem-for-linux ssh-agent

I run Windows 10 with WSL. I have the desired behaviour on one computer, but cannot replicate elsewhere. Here's what I'm after:

First time I run a remote git command using my ssh key, git prompts me for the passphrase
Subsequent times no prompt, including in new terminal windows (I use ConEmu)
When all console windows are closed, back to #1

Things I've tried:

using eval $(ssh-agent), followed by ssh-add; it will remember the passphrase, but if I put it in my ~/.bash_profile then it prompts me for every new console window, and I open a lot - many of which I'm not using git in.
setting git config --global credential.helper to cache or store
everything here
using bash.exe and wsl.exe to get git-credentials-manager.exe to work

Here's an example of what I've put in my ~/.gitconfig: [credential] helper = "/mnt/c/Program\\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"

I've installed the git credential manager from here and have also tried the main Git For Windows installation as an alternative.

How can I encourage it to remember my passphrase?

Latinity answered 20/9, 2018 at 11:2 Comment(0)

I tried the option to add AddKeysToAgent yes to ~/.ssh/config but it doesn't keep it between new tabs on the terminal.

The best solution I found so far is to do the following:

sudo apt install keychain

Find your hostname using the terminal:

hostname

Then add the following to your ~/.bashrc or ~/.zshrc file:

/usr/bin/keychain --nogui ~/.ssh/id_rsa
source $HOME/.keychain/YOUR-HOSTNAME-HERE-sh

Now, each time you reboot, you’ll have to enter your passphrase. But you only have to do it one time until you reboot or terminate WSL.

If you want to use the same key you already have on Windows you can follow this post Sharing SSH keys between Windows and WSL 2

Impromptu answered 1/8, 2020 at 15:36 Comment(4)

This worked for me, thank you :) One thing I would recommend is using the --quiet flag to suppress the logs outputted each time a new terminal is opened. – Curly 12/8, 2020 at 23:36

Switching accepted answer to this, as I've tried it and it works even better - now I get asked for my passphrase once within a windows session, and it lasts across all WSL sessions. Neat! – Latinity 27/3, 2021 at 12:20

@Conan, your answer allows deferring the passphrase entry until the first use of a key. Is it possible to achieve the same behavior with keychain? – Raji 17/6, 2021 at 20:45

Not to my knowledge, I think you'd have to mess around with ssh-agent to get that behaviour. Note that keychain only asks once, and it remembers until you restart WSL, so it's very unobtrusive – Latinity 25/6, 2021 at 13:17

I found the answer!

First, make sure you have ssh-agent running all the time by adding eval $(ssh-agent) to your .bash_profile.

Then add AddKeysToAgent yes to your ssh config:

touch ~/.ssh/config
chmod 600 ~/.ssh/config
echo "AddKeysToAgent yes" >> ~/.ssh/config

You'll get prompted when you first do some ssh, but the passphrase will be automatically added to the ssh-agent so you won't have to type it again until you end your session and start a new one.

Latinity answered 15/11, 2018 at 10:54 Comment(5)

It must not be the same on Mac. I followed your instructions, and when I closed and re-opened Terminal, I got Bad configuration option: addkeystoagent – Oxymoron 8/1, 2019 at 0:31

@Oxymoron Maybe this is related (sorry I don't have a mac): #43383271 – Latinity 8/1, 2019 at 21:27

Thanks for sending. – Oxymoron 8/1, 2019 at 21:32

Somehow didn't work for me. I ended up with adding following lines at the end of bash_profile.sh file: echo "Starting the ssh-agent..." eval $(ssh-agent) cd "C:\MyGitRepos" ssh-add (Note: each command is on new line). This way each time you open the git bash it prompts for the passphrase automatically and you enter it once per session. – Fenestra 17/8, 2020 at 10:50

On WSL2 I added eval $(ssh-agent) to my .profile instead of .bash_profile and it worked perfectly. – Bisson 7/12, 2022 at 7:11

I tried both methods in previous answers (as well as others found elsewhere) on WSL 2 and they either did not work or had caveats I couldn't live with. This is what worked for me.

Install keychain:

sudo apt install keychain

Then add the following line to your shell's configuration file (likely ~/.bashrc or ~/.zshrc):

eval `keychain --quiet --eval --agents ssh path_to_your_ssh_key`

Now you will only have to enter your password when booting WSL!

Thank you Birk Holland for this article.

Chapiter answered 9/9, 2020 at 2:19 Comment(3)

Oh thanks for adding this, keychain never used to work as there was a missing dependency that want available in WSL. Good to know it’s been added, this makes things much easier! – Latinity 16/9, 2020 at 8:9

I have tried every other suggestions, but yours worked at first. Thank you. – Physics 17/6, 2021 at 16:4

nice. except dont blindly copy ssh keys around. make new ones for every new combination of source and target. You'll thank me later when one or the other gets comprimised or you want to deprecate the key. – Senzer 25/8, 2023 at 1:21

Recommended topics

Hot tags