Adding ssh key in WSL permanently
I am relatively new to Linux. Using Ubuntu on WSL2. I added a private key for github with no passphrase using ssh-add
. I used it a few times throughout the session but the next day I couldn't connect. When I list all keys using ssh-add -l
there aren't any.
Am I supposed to add the key for every session or create an automation for it? Or is this a normal (lack of) persistence behaviour with WSL?
Standard OpenSSH ssh-agent
indeed has no persistence. The problem is that it has nowhere to safely store the decrypted keys. (If it stored them on disk, that would be no better than the key files that you already have.)
Only the "OpenSSH for Windows" ssh-agent service in Windows 10 has persistence built-in, but that's a custom feature added by Microsoft, and it works because Windows has a generic OS-level data protection feature – the SSH keys remain encrypted with your login password – which is not universal at all in the Linux/BSD world.
(And similarly, the full version of Ubuntu (with graphical interface) replaces ssh-agent with GNOME Keyring, which is a password storage service (similar to "Credential Manager" in Windows) and automatically loads your SSH keys using the passphrase stored in the Keyring. This probably won't work in WSL2.)
So yes, you're supposed to start ssh-agent and load keys into it every time the computer is started. For example, you can adjust your ~/.profile in WSL-Ubuntu to automatically load keys (you'll still get a passphrase prompt, just won't need to run ssh-add) – there are several posts about doing this.
The GnuPG gpg-agent can be configured to emulate an ssh-agent but with persistence – though it still relies on something else to remember the passphrase across reboots (such as the aforementioned GNOME Keyring), so within WSL it will only save you the need to run ssh-add
at most.
There are a few projects on GitHub which bridge all signing requests to an SSH agent that runs outside of WSL, e.g. the Linux 'ssh' thinks it's talking to a Linux ssh-agent but it's really talking either to the Windows ssh-agent, or even to PuTTY's Pageant.