Using a single OpenSSH configuration for the native Windows and WSL OpenSSH clients.

Posted on

Nowadays (since 2018?) it is possible to run OpenSSH natively on Windows (see here for installation instructions). Moreover, OpenSSH can be configured via a configuration file (~/.ssh/config) which allows us to use aliases and set specific settings per host. But how can we use the same SSH configuration for the Windows Subsystem for Linux-ssh client and the native Windows version?

  1. In WSL, create a symbolic link for the ssh configuration directory: ln -s /mnt/c/Users/<username>/.ssh ~/.ssh

Problem: .ssh/config does not have the correct permissions and ssh refuses to use the configuration file .ssh/config.

  1. Option a): Explicitly pass the configuration file to the ssh command: ssh -F ~/.ssh/config me@foo.com. If you go down this route, you may want to define an alias in your ~/.bashrc file: alias ssh="ssh -F ~/.ssh" To be honest, I don’t quite understand why this works at all, because OpenSSH doesn’t complain about the wrong key file permissions in this case.
  2. Option b): activate file permission metadata on WSL. The documentation describes how file permissions are translated from Windows, if a Windows file is accessed through WSL. tl;dr: you can mount the windows partition with additional metadata, such that WSL annotates all files with additional permission information. To mount the windows partitions with metadata enabled, edit /etc/wsl.conf and add the following section (from the docs):
[automount]
enabled = True
options = metadata,umask=0022,uid=1000,gid=1000

It enables the metadata feature, mounts all files with your user and user group (check if 1000 is the correct user id by calling id) and mounts files and directories with u+rwx,go+rx permissions. Now, restart your computer or restart WSL, e.g. via the powershell, run with administrator privileges: Get-Service LxssManager | Restart-Service. Open another WSL terminal, type mount -l and ‘metadata’ should now be listed as part of the mount settings:

C:\ on /mnt/c type drvfs (rw,noatime,uid=1000,gid=1000,umask=22,metadata,case=off)

Now, change the permissions of your ssh config file: chmod 600 ~/.ssh/config. Et voilà.