TL;DR: ssh-add helper for WSL that stores passphrases in Windows Credential Manager. Get it via cargo install winaskpass and set SSH_ASKPASS=winaskpass.
I’ve been a Linux user for over a decade, or rather two years. Even at work, I’ve used Linux for everything, until now: $corporate made a decision that turned my development world upside down. We’re moving to Windows.
I refused to let it win (pun intended). If I had to use Windows, I’d make it feel as much like Linux as possible. Windows is just the UI; my home is the Windows Subsystem for Linux.
From the tools perspective the migration was easy: I had dotfiles and a provision script and the WSL distro was the same, so everything worked just fine. I only had to remove a few UI tool, but the ones I used daily were there. Even my dotfiles were 99% compatible.
The first problem I faced was having to enter my SSH key password evey time I open a fresh WSL session. My setup uses the standard ssh-agent + askpass, but I was missing a keystore. The web searches suggested using gnome-keyring, named pipes or even removing the key’s password. None of these was suitable, and the reason was simple: there was already a keystore, just outside WSL: the Windows Credential Manager.
I looked into how to interact with WinCred from WSL and the setup without needing to configure anything on Windows was to write a tool that generates a PowerShell script and then uses powershell.exe to run it. Ugly at first glance, okay maybe even at second, but the setup is easy as running cargo install winaskpass and setting SSH_ASKPASS=winaskpass. I liked it.
But after speding a few days in Windows I discovered WinGet. A few more winget install commands later I found that binaries installed this way were already in my $PATH (or %PATH%, I’m still not sure which to use!). At this point it was clear that there’s another (cleaner?) way to ship winaskpass: a Windows native tool available via WinGet.
So, to all the Linux refugees on WSL with SSH protected keys, if you want you can set up a SSH_ASKPASS agent with just two simple commands:
cargo install winaskpass and then set SSH_ASKPASS=winaskpass environment variable or winget.exe install winaskpass and SSH_ASKPASS=winaskpass.exe if you want to avoid the PowerShell call.
Sources are available on GitHub and also mirrored on Codeberg.
Tags: linux, windows, wsl, development