ssh setup - ScottKirvan/WSL GitHub Wiki

Guide for configuring Password

  1. Edit /etc/ssh/sshd_config and change the listening port. For this demo I used port 22
  2. Change UsePrivilegeSeparation to 'no' (because the implementation of the Windows subsystem for Linux doesn't provide chroot)
  3. Change PasswordAuthentication to 'yes'
  4. Add a firewall rule on the Windows side for SSH to your new listening port
  5. sudo ssh-keygen -A
  6. Restart the ssh service: sudo service ssh restart (Ignore the message: "initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused")
  7. Test ssh connection locally with verbose mode enabled (verbose mode optional): ssh localhost -p "your-port-here" -v
  8. Test from another system. (All should be working)

Guide for configuring Password-less SSH

  1. Edit /etc/ssh/sshd_config and change the listening port. For this demo I used 22
  2. Change the UsePrivilegeSeparation to 'no' (because the implementation of the Windows subsystem for Linux doesn't provide chroot)
  3. Add a firewall rule on the Windows side for ssh to your new listening port
  4. sudo ssh-keygen -A
  5. Restart the ssh service: sudo service ssh restart (Ignore the message: "initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused")

Do this from client machine (system tunneling to Bash on Ubuntu on Windows)

  1. cd ~/.ssh
  2. ssh-keygen -t rsa [Pause to complete step 1 on server side]
  3. scp -P "port-goes-here" ~/.ssh/id_rsa.pub username@server-ip-address:~/.ssh

Tip – If you have trouble copying the .pub file to your server, you might want to temporarily enable PasswordAuth on the server (using the above instructions) to complete the scp transfer and then disable PasswordAuth promptly after. [Proceed to complete steps 2 – 5 on server side]

Do this from server machine (system running Bash on Ubuntu on Windows)

  1. mkdir -p ~/.ssh/ [Pause to complete step 3 on client side]
  2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  3. chmod 700 .ssh
  4. chmod 600 .ssh/authorized_keys
  5. rm .ssh/id_rsa.pub

To connect to your system running Bash on Ubuntu on Windows (server) from your client, run the following: ssh username@server-ip-address -p "your-port-here"

Configure SSH to auto-start SSH -- NOTE: THIS DOESN'T WORK - NEED PASSWORDLESS START

  1. Open Windows Task Scheduler
  2. Click Create Basic Task...
  3. set Name: "Start Bash SSH Server" & Description: "Start the WSL SSh Serer via a bash command"
  4. click Next
  5. Set Trigger to When the computer starts
  6. click Next
  7. set 'Action' to 'Start a program'
  8. click Next
  9. under Start a Program, set Program/script: %windir%\System32\bash.exe
  10. set Add arguments(optional): -c "sudo /etc/init.d/ssh start"
    NOTE: This will require you enter your WSL password at startup
    NOTE: I don't think this is going to work until I figure out how to run sudo service ssh --full-restart without a password. I tried modifying sudo visudo to let me start sshd without passwords, but I can't get it to work in wsl.

fix: Win10 has OpenSSH available as part of the install -- see here: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse