Skip to content

Setting up SSH Server

Jump to bottom
kamack38 edited this page Aug 28, 2022 · 5 revisions

On Windows

Install OpenSSH Server and Client

Using PowerShell

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

OR using Chocolatey

choco install openssh --pre

Setup server

# Start service
Start-Service *sshd*

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*

# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
# If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Connecting to your server

ssh user@your_ipv4

You can get your IPV4 by using ipconfig command or use this :

(Get-NetIPAddress | Where-Object {$_.AddressFamily -eq 'IPv4' -and $_.PrefixOrigin -eq 'Dhcp' }).IPAddress

Notice: It may not work for you

Setup key-based authentication

Generating an SSH Key

ssh-keygen -b 2048 -t rsa

Deploying the public key

Standard user

If ssh host is standard user place your Public Key in ~\.ssh\authorized_keys You can also do this with a command :

scp C:\Users\username\.ssh\id_rsa.pub user1@domain1:C:\Users\username\.ssh\authorized_keys

Administrative user

The contents of your public key ~\.ssh\id_rsa.pub) needs to be placed on the server into a text file called administrators_authorized_keys in C:\ProgramData\ssh\. The ACL on this file needs to be configured to only allow access to administrators and System.

Add line to C:\ProgramData\ssh\sshd_config :

Match Group administratorzy
  AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Place your Public Key into C:\ProgramData\ssh\administrators_authorized_keys. Then setup permissions.

icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administratorzy:F" /grant "SYSTEM:F"
Restart-Service *sshd*

On WSL

Install SSH Server

sudo apt remove openssh-server
sudo apt install openssh-server

Enable password login (optional)

  1. Edit the sshd_config file by running the command sudo vim /etc/ssh/sshd_config
  2. In the sshd_config file:
    • Change PasswordAuthentication to yes
    • Add your login user to the bottom of the file by using this command: AllowUsers yourusername. Don't forget to replace yourusername with your actually username.
    • Do :wq to Save and Exit

Start or restart the SSH service

  • Check the status of the ssh service:
service ssh status
  • Start ssh server
sudo service ssh start
  • Restart ssh server
sudo service ssh --full-restart

Allow SSH service to start without password

  1. Edit visudo
sudo visudo
  1. Add the following line
%sudo ALL=NOPASSWD: /usr/sbin/sshd

after %sudo ALL=(ALL:ALL) ALL

You can test that you don't need a sudo password when you start ssh by running sudo service ssh --full-restart (if ssh is already running) or sudo service ssh start(if ssh is not running)

Add port forward rule

Now you need to set up port forwarding to be able to connect to your WSL server and not interfere in any SSH Servers on your Windows machine.

Note: You DO NOT need to do this if you don't have any SSH servers on your Windows machine

  • listenport= - could be any opened and unused port

  • connectport - is your ssh server port on WSL (by default 22)

  • connectaddress= - is your WSL address (ip addr | grep 'eth0' | grep 'inet ' | awk '{print $2}'). From WSL Build 18945 you can simply use localhost.

  • Example :

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=22 connectaddress=localhost

Test SSH Connection

ssh username@your_computers_ipv4
Clone this wiki locally