jstarks / npiperelay Goto Github PK
View Code? Open in Web Editor NEWnpiperelay allows you to access Windows named pipes from WSL
License: MIT License
npiperelay allows you to access Windows named pipes from WSL
License: MIT License
Attempted to use it with fresh ubuntu installation, all packages are upgraded, git installed.
Keys being added to ssh-agent via keepassxc
Relay is launched via following script
#!/usr/bin/env sh
export SSH_AUTH_SOCK=/tmp/ssh-agent-$$.tmp
if [ ! -S "$SSH_AUTH_SOCK" ]; then
exec socat \
UNIX-LISTEN:${SSH_AUTH_SOCK},umask=007,fork \
EXEC:'npiperelay.exe -ep -s //./pipe/openssh-ssh-agent',nofork &
fi
If i do ssh-add -l
- it properly shows keys - all the same with host.
BUT!
Attempt to clone repo from remote fails on ssh key validation [email protected]: Permission denied (publickey)
. (ssh config is empty)
Assuming that host system has same keys - i retried same from host system - everything works fine.
If i remove key from agend and add it manually in host system - verification fails.
If i stop relay, start local agent and add key there - everything works fine.
Cannot download the repo because of this error.
root@Newton: ~/dockerInstall# go get -d github.com/jstarks/npiperelay
root@Newton: ~/dockerInstall# ls -lrt
total 101888
-rw-r--r-- 1 root root 104247844 Oct 26 2017 go1.9.2.linux-amd64.tar.gz
root@Newton: ~/dockerInstall# go get github.com/jstarks/npiperelay
../go/src/github.com/jstarks/npiperelay/overlappedfile.go:15:4: undefined: windows.Handle
../go/src/github.com/jstarks/npiperelay/overlappedfile.go:17:6: undefined: windows.Handle
root@Newton: ~/dockerInstall# ls -lrt
total 101888
-rw-r--r-- 1 root root 104247844 Oct 26 2017 go1.9.2.linux-amd64.tar.gz
root@Newton: ~/dockerInstall#
I am encountering the strangest issue, and since npiperelay.exe is probably the most unique part of the setup, I figured I'd ask here first, if not just to get help figuring out where to even begin debugging.
The issue: SSH login works from Windows but not from within WSL 2.
I am forwarding the agent from Windows into WSL 2 with this command:
socat UNIX-LISTEN:/home/kevin/.ssh/agent.sock,fork EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork
(Specifically, I'm using the script explained in https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/ .)
Like this, I can connect to Bitbucket, GitHub, and GitLab without issue. However, the version of GitLab EE used by drupal.org (git.drupal.org) appears to be problematic. For some reason, connecting there only works in Windows.
I have tried:
socat
-ed agent in WSL 2I have run ssh -vvv
to try and compare output from a successful connection vs. a failed connection, but all I can surmise is that the moduli are not matching in the way SSH wants, so the public key authentication fails.
There is clearly something about git.drupal.org's configuration involved here, but I don't know what it could be. I haven't seen any obvious errors from ssh
either. Is this problem even debuggable?
On the new version of the Windows Insider Preview for Windows 11 (10.0.22518.1000), WSL2 is fully installed and maintained via the windows store app. Something about this change (either the version of windows or the new WSL version) causes the npiperelay application to launch new windows every time it is invoked.
This occurs regardless of if the default Terminal app is set to "Windows Console Host" or "Windows Terminal".
WSL version: 0.50.2.0
Kernel version: 5.10.74.3
WSLg version: 1.0.29
Windows version: 10.0.22518.1000
WIndows Terminal version: 1.11.2921.0
I'm using this as directed by the WSL2 workaround specified at: https://github.com/rupor-github/wsl-ssh-agent
My shell rc file contains:
# Set up SSH Agent Compatibility with Windows
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK
( setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"$HOME/winhome/.wsl/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork & ) >/dev/null 2>&1
fi
When SSH activates, it uses this named pipe to interact with the Windows SSH Agent. I don't believe that the issue of a new terminal window appearing each time npiperelay is activated is related to this specific use-case, so I figured it was more appropriate to submit the issue here rather than on the wsl-ssh-agent repo.
Im trying to connect the serial port as described in the instructions, but when the script is run, it just hangs and goes no further?
Hi, when i am trying to build npiperelay.exe under WSL+Ubuntu 18.04 i get error below:
โ ~ go get -d github.com/jstarks/npiperelay
go/src/github.com/jstarks/npiperelay/npiperelay.go:12:2: build constraints exclude all Go files in /home/pvm/go/src/golang.org/x/sys/windows
Please advise if there any workaround.
I installed "golang" in Ubuntu in WSL2, followed the cross-build instructions, and tried to run npiperelay.exe, but no matter what I do it just prints the usage message.
I tried modifying the source to see what's up and I find that "len(args)" is always the full number of command line parameters, including the executable name, and that none of the flag variables are set correctly.
I can't see how this can be something either you or I are doing wrong when "flag" is a library package and I'm just running it from bash in the usual way?
And yet, the only way I could get it to work is to hard code the values I want into the source (and then it works lovely, thanks).
Hi all, I'm trying to follow this article to forward msys2's ssh-agent request to the "native" windows openssh agent using this command:
socat UNIX-LISTEN:/tmp/ssh-agent-pipe EXEC:"npiperelay.exe -ep -v -s //./pipe/openssh-ssh-agent"
and I'm getting this error:
2020/06/03 15:36:00 connecting to //./pipe/openssh-ssh-agent
2020/06/03 15:36:00 connected
2020/06/03 15:36:00 copy from stdin to pipe failed: read /dev/stdin: invalid argument.
which I don't quite understant. I've done quite a bit of research, but I'm no go developer nor windows expert and I'm stuck with this error and no idea how to fix it. I found uber-go/zap#328 which says something about the error being ignorable, but commenting the log.Fatalln
call after io.Copy
doesn't fix the problem.
Let me know how I can help, <3
Running into the following failure:
stillwater@sw-desktop-300:~$ sudo ./docker-relay &
[1] 41
stillwater@sw-desktop-300:~$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[1]+ Stopped sudo ./docker-relay
From a PS, confirmed that the docker deamon is running
PS C:\Users\tomtz> docker info
Client:
Debug Mode: false
Server:
Containers: 36
Running: 36
Paused: 0
Stopped: 0
Images: 26
Server Version: 19.03.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.184-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.63GiB
Name: docker-desktop
ID: 7TG2:NXNU:DPH4:PK2T:OKQT:6AZC:DCNM:NVH5:QHY6:3I7Y:QPBL:XQXR
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 126
Goroutines: 119
System Time: 2019-09-07T14:10:57.2339252Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
So, how do I debug what is failing?
Scoop is the Windows command-line installer. Could you please add and maintain manifest file for npiperelay in the Scoop Extras repository? Thank you.
Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection
Is anyone experiencing slowness issues on Windows 11?
I'm using this from WSL2 to connect to the OpenSSH Agent, like so
# KeepassXC as SSH agent
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK
(setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"$HOME/npiperelay/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
fi
And it works, but it takes about 25-30 seconds for any SSH or Git-over-SSH operations.
I even tried a straight up, direct call to it.
time $HOME/npiperelay/npiperelay.exe --help
And that took 25 seconds. Everything else in the WSL2 is fast, no slowdowns that I can see, so I think it's just this npiperelay. I've tried building it via go, and also getting it from the Releases of this repo, same problem.
I'm not famliar with ss, or socat or nipiperelay so I'm not sure how to troubleshoot this or figure out what's going wrong.
Hi!
I use npiperelay as part of wsl-vpnkit to solve networking issues in WSL2 when connected to VPN, but my corporate security department brought this to my attention:
Can anything be done about this? My colleague noted that the code is not signed, which may explain part of the issue.
Thanks!
When running docker-compose commands, which opens several simultaneous sockets at once, the relay generates error messages:
2019/06/14 08:51:50 open //./pipe/docker_engine: All pipe instances are busy.
On the docker-compose side, this shows itself in several ways, but mostly seen as:
ERROR: for my-service ('Connection aborted.', BadStatusLine('No status line received - the server has closed the connection',))
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
I don't know anything about go
, never mind go get
, but when I installed the latest version 1.18
inside WSL2, I was alerted to use go install
instead of go get
. So, what I ended up having to do to use this to pipe through windows:
GOOS=windows go install github.com/jstarks/npiperelay@latest
For future people who land here:
you'll want to check your GOPATH via
go env GOPATH
and then make sure that npiperelay.exe
is in your GOBIN
-- which might be something like /home/<USER>/go/bin/
. I then ended up having to setup a symlink as so
sudo ln -s /home/<USER>/go/bin/windows_amd64/npiperelay.exe /usr/local/bin/npiperelay.exe
there was no need to link this back to my windows user.
LibAssuan is used in GnuPG to abstract away file sockets on multiple platforms.
On systems that do not support file sockets (i.e. Windows) they instead create a TCP socket on 127.0.0.1, saving the human readable port number to the file along with a newline (0x0A
) and 16 byte nonce.
nzsmartie@Laptop:~$ xxd /mnt/c/Users/nzsmartie/AppData/Roaming/gnupg/S.gpg-agent
00000000: 3234 3534 340a 50bb 0b13 a7c5 c6c4 da2d 24544.P........-
00000010: 4505 9648 b3da E..H..
The nonce is required to be sent as the first payload to the socket when once connected before any messages may be received or sent. (Observations based on source code)
Adding support for LibAssuan would allow windows users to relay their gpg-agent to WSL for example to be used with signing git commits, or SSH keys if configured correctly.
This issue is more informative and I may take up this challenge myself.
jshort@JSHORT-X1:~$ ./docker-relay 2020/03/31 14:34:08 socat[3220] E "/var/run/docker.sock" exists jshort@JSHORT-X1:~$ docker images error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json: EOF
I get this error message with any docker command I try to run. It looks like everything worked, I have the docker.sock is running, I am a member of the group, etc. I don't know where else to try.
There is something nice to do with npiperelay
, if you are using the native OpenSSH ssh-agent in Windows 10.
Add this to ~/.bash_profile
in WSL2 or WSL:
export SSH_AUTH_SOCK=/tmp/ssh-agent-$$.tmp
exec socat \
UNIX-LISTEN:${SSH_AUTH_SOCK},umask=007,fork \
EXEC:'npiperelay.exe -ep -s //./pipe/openssh-ssh-agent',nofork &
That way you can use the same agent in PowerShell, WSL2 and WSL, which seems like a nice thing to do, and may be a good enough reason to stop using PuTTY+Pageant.
Sorry to report this as an issue. I couldn't think of a better way of proposing this addition to the docs.
Hi,
I am not so much into developing for Windows, nor do I have any clue how Windows names pipes work. But as I understand this tool, it uses the possiblity to run both Linux and Windows binaries in the WSL. So with socat
the WSL-side socket is read and with npiperelay.exe
being a Windows executable this is the bridge to pipe into the Windows socket.
I would like to use my Windows ssh-agent in a Docker container. which we use as a common development environment (VSCode Remote). But as with your approach the Windows binary is the bridge, this cannot be used straight forward for my use case.
Do you see a chance, that the pipe could be relayed through an http tunnel or any other ways?
Executing go get -d github.com/jstarks/npiperelay
results in the following:
package golang.org/x/sys/windows: unrecognized import path "golang.org/x/sys/windows" (https fetch: Get https://golang.org/x/sys/windows?go-get=1: dial tcp: i/o timeout)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.