Tux went to sleep, It’s all about WSL now

Have you ever tried to set up a git repository and its ssh key inside a WSL/WSL2 machine? Have you hit a wall or got frustrated? If the answer is yes, then I invite you to read this article, I may be able to help you with the ssh-agent and file permissions.

There are few things you need to know about WSL that are not quite obvious for the beginners. For starters, by default WSL permissions and ownership changes do not have effect on the underlying files. Let me illustrate that.

ls -l gitkey
-rwxr-xr-x 1 kali kali 464 May 28 22:00 gitkey
sudo chmod 600 gitkey && sudo chown root:root gitkey
ls -l gitkey
-rwxr-xr-x 1 kali kali 464 May 28 22:00 gitkey 

Notice in the example above, that there was no change to the permissions nor have we received any error that would indicate that. Linux subsystem is happy to run the commands that take no effect without any complaints. This gets really confusing, really fast. I didn’t know about that so my trouble began after running the usual eval $(ssh-agent -s) followed by ssh-add "gitkey"as one would do to add the ssh key to the agent for use with git. This error (see below) came as quite a surprise.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for 'gitkey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "gitkey": bad permissions

It was caused by the default WSL configuration which mounts all the drives without Linux metadata, instead all the file permissions are derived from the Windows filesystem and can’t be manipulated from the subsystem.

So how can we solve this problem? There are different options for doing so, but here is the cleanest solution. You’ll need to create a file under /etc/wsl.conf with the following contents:

[automount]
enabled  = true
root     = /mnt/
options  = "metadata,umask=22,fmask=11"

This makes sure that our drive is automatically mounted with all the Linux metadata and correct mask. After the file was created, you’ll need to close the terminal and re-open it for the changes to take effect. You can verify the changes by creating a file and changing its ownership and/or permissions. If you wish to restart your WSL instance instead of killing the terminal you can do so by running the following commands in powershell:

wsl --shutdown distroName
wsl -d distroName

EXTRA TIP: Please remember that by default your ssh-agent does not start automatically. So you would need to do the eval $(ssh-agent -s) after each start of the system or automate the process (this is a topic for separate article). For the development purposes i just add the following at the bottom of my ~/.bashrc file:

# start ssh agent and load the key for git
eval `ssh-agent -s`
ssh-add "/mnt/c/Users/kkurz/OneDrive/Training/Gitkeys/gitkey"