Windows 10 - Using GPG for SSH authentication. Win32-OpenSSH Edition.
A few years ago I wrote about Using GPG for SSH authentication on Windows. With newer versions of Windows 10 shipping with Win32-OpenSSH it's even easier to use than before. In addition, using native SSH instead of PuTTY means you don't have to connect to servers with PuTTY first.
Installation
Make sure OpenSSH is installed. As of this writing, Windows 10 ships with version 7.7p1
. This has been working fine for me, but there are newer versions that can be installed in other ways if desired.
In addition, you will need:
gpg
- both plaingpg
andGpg4Win
should workwsl-ssh-pageant
- this creates a named pipe for gpg to communicate with sshcmdow
- optional
All of these packages are available through scoop
>.
Configuration
gpg
Add the following line to <gpghome>/gpg-agent.conf
:
enable-putty-support
git
git
on Windows uses its own bundled gpg
& ssh
, so direct it to use gpg
in .gitconfig
:
[gpg]
program = <path_to_gpg_bin>/gpg.exe
And set your environment to your Win32-OpenSSH
directory:
GIT_SSH=C:\\Windows\\System32\\OpenSSH\\ssh.exe
Startup
You need to start gpg-connect-agent
& wsl-ssh-pageant
. If you want to start these on login, there are a few ways to do this, but the easiest is to just drop shortcuts in your startup directory (shell:startup
).
gpg-connect-agent
:
gpg-connect-agent.exe /bye
wsl-ssh-pageant
:
cmdow.exe /run /hid wsl-ssh-pageant.exe -winssh ssh-pageant
Environment
Finally, ensure ssh
knows about the authentication socket. Set your environment to point to the pipe created by wsl-ssh-pageant
:
SSH_AUTH_SOCK=\\.\pipe\ssh-pageant
Usage
Everything should now 'just work'. If you have a smartcard for gpg
it should correctly prompt for the pin and work as normal.