OpenSSH sshd on Windows Subsystem for Linux: Difference between revisions
Jump to navigation
Jump to search
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=External= | |||
* https://superuser.com/questions/1112007/how-to-run-ubuntu-service-on-windows-at-startup | |||
* https://superuser.com/questions/1111591/how-can-i-ssh-into-bash-on-ubuntu-on-windows-10 | |||
=Internal= | =Internal= | ||
| Line 6: | Line 11: | ||
=Overview= | =Overview= | ||
This article contains the procedure to configure a [[Windows Subsystem for Linux]] sshd to start at boot. | This article contains the procedure to configure a [[Windows Subsystem for Linux]] sshd to start at boot and allow ssh access to the Windows host. | ||
=Procedure= | =Procedure= | ||
= | ==Installation== | ||
OpenSSH server should be installed by default: /usr/sbin/sshd should exist. | |||
If it is not, download and install the appropriate packages: | |||
dpkg -i ./libssl1.0.2_1.0.2l-2_amd64.deb \ | |||
./openssh-client_7.4p1-10_amd64.deb \ | |||
./libprocps6_3.3.12-3_amd64.deb \ | |||
./libncurses5_6.0+20161126-1_amd64.deb \ | |||
./procps_3.3.12-3_amd64.deb \ | |||
./openssh-server_7.4p1-10_amd64.deb | |||
==UsePrivilegeSeparation== | |||
Turn [[Sshd_Configuration#UsePrivilegeSeparation|UsePrivilegeSeparation]] off by setting: | |||
UsePrivilegeSeparation no | |||
in /etc/ssh/sshd_config. | |||
This is required to prevent sshd startup error that manifests in logs as: | |||
chroot("/var/run/sshd"): Function not implemented [preauth] | chroot("/var/run/sshd"): Function not implemented [preauth] | ||
==Regenerate Server Keys== | |||
Regenerate the server keys following the procedure described here: | |||
{{Internal|Sshd Regenerate Server Keys|Regenerate Server Keys}} | |||
This is required to prevent sshd startup error that manifests in the logs as: | |||
debug1: list_hostkey_types: | debug1: list_hostkey_types: | ||
No supported key exchange algorithms | No supported key exchange algorithms | ||
==Configure User Access== | |||
Add allowed public keys in ~/.ssh/authorized_keys | |||
Set acceptable permissions: | |||
cd ~ | cd ~ | ||
chmod -R go-rwx .ssh | chmod -R go-rwx .ssh | ||
==Start the sshd Server== | |||
<syntaxhighlight lang='bash'> | |||
bash | |||
sudo su - | |||
/etc/init.d/ssh start | |||
</syntaxhighlight> | |||
==Start the sshd Server at Boot== | |||
===Passwordless Sudo=== | |||
Give passwordless sudo privileges the user that is supposed to start the server, by editing the sudo configuration file with visudo. More details: [[Sudo#Allow_a_user_to_run_all_commands_as_root_without_a_password| Allow a user to run commands as root without a password]]. | |||
===Windows Startup Script=== | |||
Create autostartssh.vbs with the following content: | |||
set ws=wscript.createobject("wscript.shell") | |||
ws.run "C:\Windows\System32\bash.exe -c 'sudo /etc/init.d/ssh start'",0 | |||
===Automatically Execute the Windows Startup Script at Boot=== | |||
Task Scheduler -> Create Basic Task -> ... | |||
<font color=red>TODO: this did not work, revisit.</font> | |||
==Configure the Windows Firewall== | |||
{{Internal|Windows_Configuration#Add_a_Custom_Rule_that_allows_SSH_Access|Add a Custom Windows Firewall Rule}} | |||
=Status= | =Status= | ||
Latest revision as of 19:20, 2 July 2018
External
- https://superuser.com/questions/1112007/how-to-run-ubuntu-service-on-windows-at-startup
- https://superuser.com/questions/1111591/how-can-i-ssh-into-bash-on-ubuntu-on-windows-10
Internal
Overview
This article contains the procedure to configure a Windows Subsystem for Linux sshd to start at boot and allow ssh access to the Windows host.
Procedure
Installation
OpenSSH server should be installed by default: /usr/sbin/sshd should exist.
If it is not, download and install the appropriate packages:
dpkg -i ./libssl1.0.2_1.0.2l-2_amd64.deb \
./openssh-client_7.4p1-10_amd64.deb \
./libprocps6_3.3.12-3_amd64.deb \
./libncurses5_6.0+20161126-1_amd64.deb \
./procps_3.3.12-3_amd64.deb \
./openssh-server_7.4p1-10_amd64.deb
UsePrivilegeSeparation
Turn UsePrivilegeSeparation off by setting:
UsePrivilegeSeparation no
in /etc/ssh/sshd_config.
This is required to prevent sshd startup error that manifests in logs as:
chroot("/var/run/sshd"): Function not implemented [preauth]
Regenerate Server Keys
Regenerate the server keys following the procedure described here:
This is required to prevent sshd startup error that manifests in the logs as:
debug1: list_hostkey_types: No supported key exchange algorithms
Configure User Access
Add allowed public keys in ~/.ssh/authorized_keys
Set acceptable permissions:
cd ~ chmod -R go-rwx .ssh
Start the sshd Server
bash
sudo su -
/etc/init.d/ssh start
Start the sshd Server at Boot
Passwordless Sudo
Give passwordless sudo privileges the user that is supposed to start the server, by editing the sudo configuration file with visudo. More details: Allow a user to run commands as root without a password.
Windows Startup Script
Create autostartssh.vbs with the following content:
set ws=wscript.createobject("wscript.shell")
ws.run "C:\Windows\System32\bash.exe -c 'sudo /etc/init.d/ssh start'",0
Automatically Execute the Windows Startup Script at Boot
Task Scheduler -> Create Basic Task -> ...
TODO: this did not work, revisit.
Configure the Windows Firewall
Status
/etc/init.d/ssh status
Start/Stop
/etc/init.d/ssh start|stop