Attempted to use it with fresh ubuntu installation, all packages are upgraded, git installed.

Keys being added to ssh-agent via keepassxc
Relay is launched via following script

#!/usr/bin/env sh

export SSH_AUTH_SOCK=/tmp/ssh-agent-$$.tmp

if [ ! -S "$SSH_AUTH_SOCK" ]; then
  exec socat \
    UNIX-LISTEN:${SSH_AUTH_SOCK},umask=007,fork \
    EXEC:'npiperelay.exe -ep -s //./pipe/openssh-ssh-agent',nofork &
fi

If i do ssh-add -l - it properly shows keys - all the same with host.
BUT!
Attempt to clone repo from remote fails on ssh key validation [email protected]: Permission denied (publickey). (ssh config is empty)

Assuming that host system has same keys - i retried same from host system - everything works fine.
If i remove key from agend and add it manually in host system - verification fails.
If i stop relay, start local agent and add key there - everything works fine.

Cannot download the repo because of this error.

root@Newton: ~/dockerInstall# go get -d github.com/jstarks/npiperelay
root@Newton: ~/dockerInstall# ls -lrt
total 101888
-rw-r--r-- 1 root root 104247844 Oct 26 2017 go1.9.2.linux-amd64.tar.gz
root@Newton: ~/dockerInstall# go get github.com/jstarks/npiperelay

github.com/jstarks/npiperelay

../go/src/github.com/jstarks/npiperelay/overlappedfile.go:15:4: undefined: windows.Handle
../go/src/github.com/jstarks/npiperelay/overlappedfile.go:17:6: undefined: windows.Handle
root@Newton: ~/dockerInstall# ls -lrt
total 101888
-rw-r--r-- 1 root root 104247844 Oct 26 2017 go1.9.2.linux-amd64.tar.gz
root@Newton: ~/dockerInstall#

I am encountering the strangest issue, and since npiperelay.exe is probably the most unique part of the setup, I figured I'd ask here first, if not just to get help figuring out where to even begin debugging.

The issue: SSH login works from Windows but not from within WSL 2.

I am forwarding the agent from Windows into WSL 2 with this command:

socat UNIX-LISTEN:/home/kevin/.ssh/agent.sock,fork EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork

(Specifically, I'm using the script explained in https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/ .)

Like this, I can connect to Bitbucket, GitHub, and GitLab without issue. However, the version of GitLab EE used by drupal.org (git.drupal.org) appears to be problematic. For some reason, connecting there only works in Windows.

I have tried:

• not using the agent from within WSL 2; that works fine, so I have narrowed it down to the agent forwarded to WSL 2
• connecting to other sites with agent keys (works fine)
• dropping keys in the agent and trying various keys (none work with this particular site)
• generating a fresh ED25519 key, adding it to drupal.org, and trying to connect. Works from Windows, not from socat-ed agent in WSL 2

I have run ssh -vvv to try and compare output from a successful connection vs. a failed connection, but all I can surmise is that the moduli are not matching in the way SSH wants, so the public key authentication fails.

There is clearly something about git.drupal.org's configuration involved here, but I don't know what it could be. I haven't seen any obvious errors from ssh either. Is this problem even debuggable?

The Problem

On the new version of the Windows Insider Preview for Windows 11 (10.0.22518.1000), WSL2 is fully installed and maintained via the windows store app. Something about this change (either the version of windows or the new WSL version) causes the npiperelay application to launch new windows every time it is invoked.

This occurs regardless of if the default Terminal app is set to "Windows Console Host" or "Windows Terminal".

Windows, WSL2/g, & Kernel version info

WSL version: 0.50.2.0
Kernel version: 5.10.74.3
WSLg version: 1.0.29
Windows version: 10.0.22518.1000
WIndows Terminal version: 1.11.2921.0

Backstory and use case

I'm using this as directed by the WSL2 workaround specified at: https://github.com/rupor-github/wsl-ssh-agent

My shell rc file contains:

# Set up SSH Agent Compatibility with Windows
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0   ]; then
    rm -f $SSH_AUTH_SOCK
    ( setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"$HOME/winhome/.wsl/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork & ) >/dev/null 2>&1
fi

When SSH activates, it uses this named pipe to interact with the Windows SSH Agent. I don't believe that the issue of a new terminal window appearing each time npiperelay is activated is related to this specific use-case, so I figured it was more appropriate to submit the issue here rather than on the wsl-ssh-agent repo.

Im trying to connect the serial port as described in the instructions, but when the script is run, it just hangs and goes no further?

Hi, when i am trying to build npiperelay.exe under WSL+Ubuntu 18.04 i get error below:
➜ ~ go get -d github.com/jstarks/npiperelay
go/src/github.com/jstarks/npiperelay/npiperelay.go:12:2: build constraints exclude all Go files in /home/pvm/go/src/golang.org/x/sys/windows

Please advise if there any workaround.

I installed "golang" in Ubuntu in WSL2, followed the cross-build instructions, and tried to run npiperelay.exe, but no matter what I do it just prints the usage message.

I tried modifying the source to see what's up and I find that "len(args)" is always the full number of command line parameters, including the executable name, and that none of the flag variables are set correctly.

I can't see how this can be something either you or I are doing wrong when "flag" is a library package and I'm just running it from bash in the usual way?

And yet, the only way I could get it to work is to hard code the values I want into the source (and then it works lovely, thanks).

Hi all, I'm trying to follow this article to forward msys2's ssh-agent request to the "native" windows openssh agent using this command:

socat UNIX-LISTEN:/tmp/ssh-agent-pipe EXEC:"npiperelay.exe -ep -v -s //./pipe/openssh-ssh-agent"

and I'm getting this error:

2020/06/03 15:36:00 connecting to //./pipe/openssh-ssh-agent
2020/06/03 15:36:00 connected
2020/06/03 15:36:00 copy from stdin to pipe failed: read /dev/stdin: invalid argument.

which I don't quite understant. I've done quite a bit of research, but I'm no go developer nor windows expert and I'm stuck with this error and no idea how to fix it. I found uber-go/zap#328 which says something about the error being ignorable, but commenting the log.Fatalln call after io.Copy doesn't fix the problem.

Let me know how I can help, <3

Running into the following failure:

stillwater@sw-desktop-300:~$ sudo ./docker-relay &
[1] 41
stillwater@sw-desktop-300:~$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

[1]+  Stopped                 sudo ./docker-relay

From a PS, confirmed that the docker deamon is running

PS C:\Users\tomtz> docker info
Client:
 Debug Mode: false

Server:
 Containers: 36
  Running: 36
  Paused: 0
  Stopped: 0
 Images: 26
 Server Version: 19.03.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.9.184-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.63GiB
 Name: docker-desktop
 ID: 7TG2:NXNU:DPH4:PK2T:OKQT:6AZC:DCNM:NVH5:QHY6:3I7Y:QPBL:XQXR
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 126
  Goroutines: 119
  System Time: 2019-09-07T14:10:57.2339252Z
  EventsListeners: 1
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

So, how do I debug what is failing?

Scoop is the Windows command-line installer. Could you please add and maintain manifest file for npiperelay in the Scoop Extras repository? Thank you.

Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection

Is anyone experiencing slowness issues on Windows 11?

I'm using this from WSL2 to connect to the OpenSSH Agent, like so

# KeepassXC as SSH agent
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock

ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
    rm -f $SSH_AUTH_SOCK
    (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"$HOME/npiperelay/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
fi

And it works, but it takes about 25-30 seconds for any SSH or Git-over-SSH operations.

I even tried a straight up, direct call to it.

time $HOME/npiperelay/npiperelay.exe --help

And that took 25 seconds. Everything else in the WSL2 is fast, no slowdowns that I can see, so I think it's just this npiperelay. I've tried building it via go, and also getting it from the Releases of this repo, same problem.

I'm not famliar with ss, or socat or nipiperelay so I'm not sure how to troubleshoot this or figure out what's going wrong.

Hi!

I use npiperelay as part of wsl-vpnkit to solve networking issues in WSL2 when connected to VPN, but my corporate security department brought this to my attention:

https://www.virustotal.com/gui/file/9a9beb0286434d7250f4d95777210a61cbea23abf73f275625b813b05c562570/detection

Can anything be done about this? My colleague noted that the code is not signed, which may explain part of the issue.

Thanks!

When running docker-compose commands, which opens several simultaneous sockets at once, the relay generates error messages:

2019/06/14 08:51:50 open //./pipe/docker_engine: All pipe instances are busy.

On the docker-compose side, this shows itself in several ways, but mostly seen as:

ERROR: for my-service  ('Connection aborted.', BadStatusLine('No status line received - the server has closed the connection',))
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?

I don't know anything about go, never mind go get, but when I installed the latest version 1.18 inside WSL2, I was alerted to use go install instead of go get. So, what I ended up having to do to use this to pipe through windows:

GOOS=windows go install github.com/jstarks/npiperelay@latest

For future people who land here:

you'll want to check your GOPATH via

go env GOPATH

and then make sure that npiperelay.exe is in your GOBIN -- which might be something like /home/<USER>/go/bin/. I then ended up having to setup a symlink as so

sudo ln -s /home/<USER>/go/bin/windows_amd64/npiperelay.exe /usr/local/bin/npiperelay.exe

there was no need to link this back to my windows user.

LibAssuan is used in GnuPG to abstract away file sockets on multiple platforms.
On systems that do not support file sockets (i.e. Windows) they instead create a TCP socket on 127.0.0.1, saving the human readable port number to the file along with a newline (0x0A) and 16 byte nonce.

nzsmartie@Laptop:~$ xxd /mnt/c/Users/nzsmartie/AppData/Roaming/gnupg/S.gpg-agent
00000000: 3234 3534 340a 50bb 0b13 a7c5 c6c4 da2d  24544.P........-
00000010: 4505 9648 b3da                           E..H..

The nonce is required to be sent as the first payload to the socket when once connected before any messages may be received or sent. (Observations based on source code)

Adding support for LibAssuan would allow windows users to relay their gpg-agent to WSL for example to be used with signing git commits, or SSH keys if configured correctly.

This issue is more informative and I may take up this challenge myself.

jshort@JSHORT-X1:~$ ./docker-relay 2020/03/31 14:34:08 socat[3220] E "/var/run/docker.sock" exists jshort@JSHORT-X1:~$ docker images error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json: EOF

I get this error message with any docker command I try to run. It looks like everything worked, I have the docker.sock is running, I am a member of the group, etc. I don't know where else to try.

There is something nice to do with npiperelay, if you are using the native OpenSSH ssh-agent in Windows 10.

Add this to ~/.bash_profile in WSL2 or WSL:

export SSH_AUTH_SOCK=/tmp/ssh-agent-$$.tmp

exec socat \
  UNIX-LISTEN:${SSH_AUTH_SOCK},umask=007,fork \
  EXEC:'npiperelay.exe -ep -s //./pipe/openssh-ssh-agent',nofork &

That way you can use the same agent in PowerShell, WSL2 and WSL, which seems like a nice thing to do, and may be a good enough reason to stop using PuTTY+Pageant.

Sorry to report this as an issue. I couldn't think of a better way of proposing this addition to the docs.

Hi,

I am not so much into developing for Windows, nor do I have any clue how Windows names pipes work. But as I understand this tool, it uses the possiblity to run both Linux and Windows binaries in the WSL. So with socat the WSL-side socket is read and with npiperelay.exe being a Windows executable this is the bridge to pipe into the Windows socket.

I would like to use my Windows ssh-agent in a Docker container. which we use as a common development environment (VSCode Remote). But as with your approach the Windows binary is the bridge, this cannot be used straight forward for my use case.

Do you see a chance, that the pipe could be relayed through an http tunnel or any other ways?

Executing go get -d github.com/jstarks/npiperelay results in the following:

package golang.org/x/sys/windows: unrecognized import path "golang.org/x/sys/windows" (https fetch: Get https://golang.org/x/sys/windows?go-get=1: dial tcp: i/o timeout)