Skip to content

USB/IP

We simply need to install the usbipd-win software on our Windows machine.

Make sure to reopen any shell/terminal and check that uspipd.exe is available on your PATH.

GUI

The process can be greatly simplified, by installing wsl-usb-gui (shortcut is called WSL USB) on the Windows side. You can do everything you desire from within the GUI, even set up auto attachments, without a hassle.

CLI

First, list available devices using

Terminal window
usbipd.exe list

Take note of the BUSID of the desired (smartcard) device.

Then simply execute

Terminal window
usbipd.exe bind -b BUSID

replacing BUSID with the one you took note of earlier.

Now the only thing left to do is attaching the smartcard to WSL

Terminal window
usbipd.exe attach -w -b BUSID

You can even have it auto-attached with

Terminal window
usbipd.exe attach -w -a -b BUSID

FIDO2

Despite all this, some utilities, for example ssh-keygen, utilize a direct smartcard access using e.g. the /dev/hidraw devices the USB/IP setup produces.

For that to work, you simply need to add an udev rule

/etc/udev/rules.d/99-yubikey.rules
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", TAG+="uaccess", GROUP="plugdev", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406"

You might need to change the vendor and/or product ID. You can easily check the IDs using the

Terminal window
lsusb

command.

Simply locate the Yubikey line in the output, and locate the IDs following the pattern: [Bus IDs]: ID <vendor>:<product> [Name of the device]

After that add your user to the plugdev group, restart WSL and you should be good to go.

Terminal window
sudo groupadd plugdev
sudo usermod -aG plugdev <username>