Setting up SSH Access to WSL from External Machines

This guide explains how to configure SSH access to Windows Subsystem for Linux (WSL) from external machines.


Prerequisites

- Windows 10/11 with WSL2 installed

- Administrative access to Windows

- Ubuntu or similar Linux distribution running in WSL


1. Configure SSH Server in WSL


First, open your WSL terminal and run these commands:


Update and install OpenSSH server:

sudo apt update && sudo apt install openssh-server


Configure SSH:

sudo nano /etc/ssh/sshd_config


In the sshd_config​ file, ensure these settings:

PasswordAuthentication yes

Start the SSH service:

sudo service ssh start


2. Get WSL IP Address


In WSL, run:

ip addr show


Look for the eth0​ interface IP address (typically starts with 172.x.x.x).


3. Configure Port Forwarding on Windows


Open PowerShell as Administrator and run:
Replace 172.x.x.x with your actual WSL IP address

netsh interface portproxy add v4tov4 listenport=22 listenaddress=0.0.0.0 connectport=22 connectaddress=172.x.x.x


Verify the port proxy configuration:

netsh interface portproxy show all


4. Configure Windows Firewall


In PowerShell as Administrator:

New-NetFirewallRule -Name "SSH-WSL" -DisplayName "SSH WSL" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 22


5. Verify Configuration


While in PowerShell, check that the service is listening:

netstat -an | findstr ":22"


You should see output including:

TCP    0.0.0.0:22             0.0.0.0:0              LISTENING


6. Connect from External Machine


From another machine, connect using:

ssh username@windows-ip


Replace windows-ip​ with your Windows host's IP address, or FQDN.


Troubleshooting


1. Verify Port Forwarding

netsh interface portproxy show all


2. Check Firewall Rules

Get-NetFirewallRule | Where-Object {$_.LocalPort -eq 22}


3. Test Connectivity

Test-NetConnection -ComputerName windows-ip -Port 22


4. Check SSH Service in WSL

sudo service ssh status


Optional: Automatic SSH Start (it may not be neccessary, do your own hueristics).

To automatically start SSH when WSL launches, add to your `~/.bashrc`:

sudo service ssh start


Security Considerations

1. Consider using SSH keys instead of password authentication

2. Regularly update your WSL distribution

3. Configure more restrictive firewall rules if needed

4. Consider using a non-standard port for SSH


Maintenance


The WSL IP address might change after restart. You may need to:

1. Check the new IP address

2. Remove old port proxy rules

3. Add new port proxy rules with the updated IP


To remove old port proxy rules:

netsh interface portproxy reset


This completes the basic setup for SSH access to WSL from external machines.

in Dev
Secure Multi-Version Odoo Development: Client Confidentiality in Practice