[ysh7]

This article's title is misleading, its rather solving issue with ssh key management under WSL.

ssh-agent management has been a non-issue on Linux.

- ssh-agent supports setting up custom socket path while starting up

    -a bind_address
    Bind the agent to the unix-domain socket bind_address. The default is /tmp/ssh-XXXXXXXXXX/agent.<ppid>.

- use SSH_AUTH_SOCK env var to instruct about the ssh-agent's socket path to programs that depend on it viz ssh and git.

- an option is available in ssh config (since 7.2) which lets you load the key when it is required (basically when you run ssh or git clone) or reload it when the ttl expires

    AddKeysToAgent
    Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to yes and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1).

So start the ssh-agent with either xinitrc or systemd user units or even a simple shell conditional in bashrc/zshrc to check and start agent if its not already running. Now set SSH_AUTH_SOCK env var to the socket path set while running the agent.

For reference: https://unix.stackexchange.com/questions/339840/how-to-start...

[michidk]

Hey, thank you for the insight! Setting SSH_AUTH_SOCK to a fixed path and binding it with -a indeed solves some of the problems. I will add this to the blog post. But then you have still the problem that you have to enter your password during startup for every key, right (even though you dont need it)? The advantage I see with gpg-agent, is that it only asks for a password, the first time the key is needed. Also it solves two problems (gpg and ssh keys) at once. And well, you still have to check if it is not already running. I am not sure this would only apply to WSL though, I use the same approach on my Linux machine.