1

I set-up a VPN and I can SSH into my WSL2 on Windows via any other computer, by running:

ssh microsoft_account_email@ipaddress

from another computer's terminal. I created other users on my WSL by running

sudo adduser -name

and I tried running:

ssh username@ipaddress

however that won't work. I realised I can only ssh if I put my microsoft email as the username rather than the actual WSL username.

How can I ssh into chosen users rather than into root? The idea is to have several people being able to ssh into their own accounts on WSL.

MilTom
  • 113

2 Answers2

2

The process of exposing WSL1/2 SSH to the public you will find detailed in the article
Configuring SSH access into WSL 1 and WSL 2.

I expose here only the parts which I think are missing from what you did, found in the section "WSL 2-specific steps". The article assumes 2022 as the incoming port for SSH.

Creating the firewall rule to allow incoming traffic on port 2022 with PowerShell:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd) for WSL' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 2022

To route incoming traffic on the physical interface to the WSL interface, is complicated because the IP given to the WSL instance changes over time. To figure that dynamically, one needs to update the batch script %USERPROFILE%\sshd.bat as follows:

@echo off
setlocal

C:\Windows\System32\bash.exe -c "sudo /usr/sbin/service ssh start"


C:\Windows\System32\netsh.exe interface portproxy delete v4tov4 listenport=2022 listenaddress=0.0.0.0 protocol=tcp


for /f %%i in ('wsl hostname -I') do set IP=%%i


C:\Windows\System32\netsh.exe interface portproxy add v4tov4 listenport=2022 listenaddress=0.0.0.0 connectport=2022 connectaddress=%IP%


endlocal

Once this is done, you should be able to SSH using the user-name, rather than the Microsoft account.

For more details, see the linked article.

harrymc
  • 498,455
1

The idea is to have several people being able to ssh into their own accounts on WSL.

First, make sure you fully understand the security implications of this process. Each user in WSL will be running with the same permissions as your Windows user. By default, they will have the ability to run Windows applications (like PowerShell or CMD) with your permissions. They will have the ability to access and modify files (even some encrypted) as your Windows user.

If you are okay with this -- Great. Proceed.

If not, you will have to lock down WSL to restrict access to Windows -- If that's even possible. See this answer for some details, but realize that even that might not be enough.

As for your particular problem, there are likely a few things going on here:

  • First, if you are having to enter a Microsoft account to access SSH, that means you are running the Windows OpenSSH server on port 22. That server is not going to know about WSL usernames.

  • From the comments on @harrymc's answer, you mention that you are seeing Permission denied (publickey). after configuring the WSL instance for SSH on port 2022.

    That's likely because the default /etc/ssh/sshd_config for the distribution that you are using has password authentication disabled. You can change this by sudo -e /etc/ssh/sshd_config and commenting out #PasswordAuthentication no.

NotTheDr01ds
  • 28,025