Scott Hanselman

THE EASY WAY how to SSH into Bash and WSL2 on Windows 10 from an external machine

August 04, 2020 Comment on this post [12] Posted in Linux | Open Source | Win10
Sponsored By

Some folks always trying to ice skate up hillThis is an interesting blog post on How to SSH into WSL2 on Windows 10 from an external machine. Read it. Know how it works. Learn it. AND DO NOT DO IT BECAUSE IT'S TOO COMPLEX.

DO NOT DO THIS. It's fine. It works. But it's baroque. You're forwarding ports into a little VM'ed local subnet, you're dealing with WSL2 IP addresses changing, you'll have to keep your VM running, and you're generally trying to ice skate up hill.

Here's the thing. In that post - which you should not do - you're turning off the Windows Firewall for your port, forwarding to an internal subnet, and then letting WSL take over.

BUT! Windows 10 already knows how to accept SSH connections. In fact, it's shipped OpenSSH as a "Feature on Demand" for years. The issue is that you (Mac and Linux switchers) don't like the default shell - PowerShell.

So why not change the default Windows shell for SSH to WSL2's Bash?

Boom. Now you have no port forwarding, firewalls are only opening for one process, and your WSL2 instance starts up on entry. Literally the best of all worlds.

How do you set up SSH'ing into WSL2 on your Windows 10 machine

First, open an admin PowerShell prompt (Start menu, type PowerShell, hold ctrl+shift, and hit enter) type this:

> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

See how I have the Client and not the OpenSSH Server? Add it:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Now either start the SSHD service, or set it to start automatically:

Start-Service sshd
Get-Service sshd

or automatic:

Set-Service -Name sshd -StartupType 'Automatic'

Configuring the Default Shell for OpenSSH in Windows 10

On my server (the Windows machine I'm SSHing into) I will set a registry key to set the default shell. In this case, I'll use open source cross platform PowerShell Core. You can use whatever makes you happy and WSL2's bash makes me happy.

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force

Note that bash.exe in this context starts up "wsl -d YOURDEFAULTDISTRO" so you'll want to know what your Default is, and if you don't like it, change it with wsl --set-default DISTRO.

HEADS UP: You need the FULL AND CORRECT PATH in that command above. It works for any shell. Since I'm using bash.exe, I get WSL2 starting up for free but SSH with this solution is using Windows's SSH keys and Windows auth. Note that when you're entering your password for authentication!

Even better if I wanted to add a menu item (profile) to one local Windows Terminal with an entry to ssh into my WSL on my remote Windows Machine that would automatically log me into it from elsewhere using public keys, I could do that also!

To conclude and sum up:

  • This blog post - the one you are reading uses Windows' OpenSSH and authenticates with Windows and then runs WSL2. WSL2 starts up, uses bash, and Windows handles the TCP traffic.
  • This other blog post - over here - has Windows only forwarding ports, and uses WSL2's Linux OpenSSH and authenticates against Linux. Windows is only involved peripherally. The WSL2 IP address changes on reboot and you'll need to maintain your portproxy rules and firewall rules with the script listened at the end of that post.

Understand what you want and use the right one for you.

Enjoy!


Sponsor: Bug in prod? Get to the bottom of it, fast, with live production log search in Seq 2020.1.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
August 04, 2020 13:21
Works like magic. You are a lifesaver.
August 04, 2020 20:25
I thought it will be much harder to accomplish. But it's quite easy, using way you described it. Thanks
August 04, 2020 20:32
What's not to hate in a shell with the colours of the blue screen of yore and error messages in dark red on black? :-)
August 04, 2020 23:28
After following the instructions but using port 22:

1) ssh localhost from PowerShell works, with a password. I would like to use certificates instead of a password. Where is the Windows ssh_config?

2) ssh locahost from an Ubuntu prompt on the same machine fails with: "ssh: connect to host localhost port 22: Connection refused".

3) ssh "Mike Slinn"@mymachine works same as for #1 above. I would prefer to alias my full name (which includes spaces) to something like mslinn. Is that possible?
August 05, 2020 17:47
@Mike Slinn - for your question #1, look for the .ssh directory under %USERPROFILE% (so, in your case, something like c:\users\mslinn\.ssh). In there, you'll find all the usual ssh files, including your various keys and, of course, the config.
August 06, 2020 1:18
Doing that for a while now, so from MBP i am ssh-ing towards my Windows 10 machine, which runs WSL2 so connecting to that directly by port forwarding. Question here is if:

MBP is first level
Win10 is second level
WSL2 is the third level

what should be my ultimate limbo to commemorate the 10 years anniversary of Inception.
August 09, 2020 0:17
It worked great for me too
August 12, 2020 1:20
Excellent example of why I quit doing IT administrative work years ago. No time for this level of unsupportable tribal knowledge in productive work.
August 12, 2020 18:07
Hi Scoot,
Thanks for the blog post. I am learning new thing everyday in this pandemic situation and got it meanwhile.
Cheers!
October 14, 2020 14:28
Thanks for this - I can definitely see the use of this.
However, when I attempt to login to the remote machine it doesn't accept my password for WSL2, I keep getting permission denied. Any idea what might be causing this? I'm pretty sure I am getting the password for WSL2 correct :)

C:\Users\andrew>ssh andrew@Kheldar
andrew@kheldar's password:
Permission denied, please try again.
October 14, 2020 14:45
Haha - I worked it out - it uses the Windows password not WSL2's one... Silly me
November 05, 2020 18:28
Thanks for this solution - it saved me a headache during wsl1 upgrade to wsl2 when it appeared that I can no longer normally use localhost ssh on port 2222 in IDE.
When using this method in IDE you do not even need windows password.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.