Skip to content

Windows 10 to WSL Linux bridge setup for YubiKey SSH and GPG services

Notifications You must be signed in to change notification settings

Gadgetoid/Yubi2WSL

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 

Repository files navigation

Yubi2WSL

Yubi2WSL is a bash script to set up tunneling of YubiKey GPG and SSH features from a Windows 10 Host into a WSL1 Guest.

Yubi2WSL supports features such as:

  • SSH authentication- your SSH key will show in ssh-add -L when your YubiKey is plugged in
  • Viewing/editing details of your YubiKey with gpg --edit-card

What it does:

  • Downloads, installs and configures your chosen GPG service for windows
  • Installs socat if it's not available
  • Downloads npiprelay and pageant
  • Creates start.sh and stop.sh for starting/stopping the services
  • Creates env.sh for exporting necessary environment variables

Everything but the GPG service (installation of which is managed in Windows) is installed to the --install-target.

Why?

Having SSH and GPG passed through to WSL allows git commits to be signed and securely pushed without dropping to Windows or switching to a Linux client. It's convoluted- for sure- but I'm sure I am not alone in using WSL as part of my workflow in this way.

Requirements

Yubi2WSL relies on the following packages, which can be automatically installed for you:

Installing

Yubi2WSL must be installed in a path that's visible both to the Linux Guest and Windows 10 Host, ie somewhere in: /mnt/c/

A typical installation will include either GPG4WIN (--install-gpg4win) or GnuPG for Windows (--install-gnupg).

For example:

./yubi-to-wsl.sh --install-target /mnt/c/yubi2wsl

Once installed and running, plug in your YubiKey and verify operation of SSH with:

ssh-add -l

And GPG with:

gpg --edit-card

Don't forget to run fetch when editing the card, to fetch the public keys from the keyserver and install them locally.

Installer Options

  • --version - Show name/version and quit
  • --help - Show help and quit
  • --install-target - Installation path, must be available in WSL and Windows (IE: /mnt/c/yubi2wsl)
  • --download-gpg4win - Download GPG4WIN (GnuPG, Kleopatra, GPA, GpgOL, GpgEX and Compendium)
  • --install-gpg4win - Download GPG4WIN and start installation
  • --download-gnupg - Download GnuPG
  • --install-gnupg - Download GnuPG and start installation
  • --force-update - Force re-download of binary files

References

I wrote this after reviewing the YubiKey 5Ci and finding the Windows to WSL process somewhat more complex than I was willing to try at the time: https://www.gadgetoid.com/2020/07/08/yubikey-5ci-reviewed/

This tool wouldn't have been possible without the instructions at CodingNest: https://codingnest.com/how-to-use-gpg-with-yubikey-wsl/#wslgpgbridge

The arg parsing code was borrowed heavily from Fan SHIM's service installer: https://github.com/pimoroni/fanshim-python/blob/master/examples/install-service.sh

Colour-coded output messages were borrowed from Pimoroni's get scripts: https://github.com/pimoroni/get/tree/master/installers

About

Windows 10 to WSL Linux bridge setup for YubiKey SSH and GPG services

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages