Skip to content

Instantly share code, notes, and snippets.

@vicenteherrera

vicenteherrera/sshd_wsl2.md

Last active July 27, 2022 20:49
Show Gist options
  • Save vicenteherrera/9240234bfb5f6313fc89f214dc5e2c30 to your computer and use it in GitHub Desktop.
Save vicenteherrera/9240234bfb5f6313fc89f214dc5e2c30 to your computer and use it in GitHub Desktop.
Download ZIP
How to enable SSH server to WSL2 in Windows
Raw
sshd_wsl2.md

SSH to WSL2 Linux inside Windows

Instructions to enable OpenSSH on Windows 10/11 that gives you access to WSL2 Linux Based on: https://www.hanselman.com/blog/the-easy-way-how-to-ssh-into-bash-and-wsl2-on-windows-10-from-an-external-machine

# Open an admin elevated powershell terminal:
# push Windows key to display start menu, search "Powershell", right click on its entry item 
# and select "Run as administrator"

# Check if you have the SSH server (and client) on Windows
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

# Add the server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Manually start the server
Start-Service sshd
Get-Service sshd

# Set it to start automatically on boot
Set-Service -Name sshd -StartupType 'Automatic'

# You could use "bash.exe" as the distro to log in, and you will see your personal directory with it's file
# but if you have a customized distro, its better to use that. Check which is with:
wsl --list

# If the default distro you want to use is called "Debian", the file to run it should be debian.exe
# bash.exe is located at c:\Windows\System32\bash.exe, but customized ones will be on your profile
# You can check that is the case with (the executable will be size 0, that's normal),
# using Powershell with:
dir $env:USERPROFILE\AppData\Local\Microsoft\WindowsApps\debian.exe
# Or using cmd.exe with:
dir %userprofile%\AppData\Local\Microsoft\WindowsApps\debian.exe

# If you use the wrong path, when trying to log in you will just get a "wrong password" response, so better 
# check it executing on Powershell:
$env:USERPROFILE\AppData\Local\Microsoft\WindowsApps\debian.exe
# Or using cmd.exe:
%userprofile%\AppData\Local\Microsoft\WindowsApps\debian.exe

# To set that SSH should use "bash.exe" as your shell (or change to your default Linux distro location)
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force

# If instead you want to use debian.exe, better use the full path like this:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Users\youruser\AppData\Local\Microsoft\WindowsApps\debian.exe" -PropertyType String -Force

# If you use a Microsoft account to log into your computer, use instead your short username.
# If identity is machine\youruser, you only need the "youruser" part, check it with:
whoami

# Test that you can locally log in, from the Powershell terminal.
# Remember to use your Windows password, not the password you may have set to WSL2 distro.
ssh youruser@localhost

# If your user is not an Administrator, you have to change Windows OpenSSH configuration to allow it to log in.
# Edit %programdata%\ssh\sshd_config and add:
# More info: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration
AllowUsers youruser

# Test again that you can locally log in, open a powershell terminal:
# Remember to use your Windows password, not the password you may have set to WSL2 distro.
ssh youruser@localhost

# If your password doesn't seem to work, make sure login with password is enabled in Windows:

# 1.Open Settings.
# 2.Go to Accounts.
# 3.Click Sign-in Options.
# 4.Disable the Require Windows Hello Sign-in for Microsoft accounts.
# 5.Restart your computer.

# Now to SSH from another machine, check what is your Windows PC IP address
ipconfig /all
## From another computer

# Log into yor Windows computer, if the IP is 192.168.1.10 and your username is "youruser", use:
# Remember to use your Windows password, not the password you may have set to WSL2 distro.
ssh [email protected]

# If local login works but not from another computer, you may need to set up Windows firewall to allow 
# trafic through port 22. To do so, on the elevated Powershell terminal on Windows, execute:

iex "netsh advfirewall firewall add rule name='WSL2 SSH' dir=in action=allow protocol=TCP localport=22"

Sign in using keys

If you try to use ssh-copy-id, it won't work, as it tries to copy your public key to WSL $HOME/.ssh/auhorized_keys, and instead it should be copied to specific Windows directories.

If your user is not an Administrator, public key should be referenced in:

c:\users\youruser\.ssh\authorized_keys

If your user is an Administrator, it should be referenced in:

c:\ProgramData\.ssh\authorized_keys

That file may not exist, and writing in that directory is restricted. To create and edit it, run a Powershell as an administrator as described at the beginning of this document, change to that folder and create the file with notepad.

cd c:\ProgramData\.ssh
notepad authorized_keys

You can paste the content of your public key there.

More info here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment