WSL 2 Setup for SSH Remote Access

Tristan Wu
4 min readDec 20, 2023

--

WSL 2 is an abbreviation for Windows Subsystem for Linux. Using WSL 2 for development would be a good way to ensure a stable environment. If you want to try WSL as a mini Linux server, this article might serve as a guide for you.

Reinstalling SSH

  • Uninstall: sudo apt remove openssh-server
  • Reinstall: sudo apt install openssh-server

Configuring SSH

  • Open SSH config file: sudo vi /etc/ssh/sshd_config
  • Change #Port 22 to Port 22 to enable the default port.
  • Change #PasswordAuthentication yes to PasswordAuthentication yes to enable password authentication.

Restarting the SSH Service

sudo service ssh restart

Testing SSH Connection

systemctl status sshd

Setting Up Port Forwarding for Remote Access

Run Network Shell Port Forwarding Command

What we need to do is to configure the Windows system to listen on a specific port and redirect incoming traffic from that port to a different port. Run the following command in PowerShell.

netsh interface portproxy add v4tov4 `
listenaddress=<windows_local_ip> `
listenport=<listen_port_on_windows> ` # Any unused port number
connectaddress=<wsl_internal_ip> `
connectport=<ssh_service_port>

Questions and Answers

Q: Why is setting up port forwarding on Windows necessary?
A:
- Because the WSL 2 VM has its own separate network adapter.
- Because the WSL 2 VM IP address is only reachable from the Windows host machine, not reachable from other devices on your local network.
- Because the network settings and IP addresses you see on the Windows vEthernet adapter associated with WSL 2 are not exposed to the local network through the same subnet as your physical network.

Q: How to find my Windows IP address?
A:
Open PowerShell and run the command ipconfig. Look for the IPv4 Address associated with your active network adapter.

Q: Do you have any listen port number suggestion?
A:
Port 2222 can be used an example for SSH or other services, though you may select any available port number above 1024 and below 65535 to avoid conflicts with system and well-know ports.

Q: How to find my WSL Internal IP?
A:
1. Open your WSL terminal.
2. Run the command ip addr | grep eth0 .
3. Look for the network interface (usually eth0) and note the IP address following inet.

Enabling Inbound Rules for SSH in Windows Firewall

After setting up port forwarding, it will expose a service running on a private network to a public network. The Windows Firewall will protect its system and network by controlling inbound and outbound network traffic. So the Windows Fire wall is not configured to allow incoming connection on the port you’re forwarding.

Run the following command in PowerShell to enable Inbound Rules within the port:

netsh advfirewall firewall add rule `
name="<any_name>" `
dir=in `
action=allow `
protocol=TCP `
localport=<listen_port_on_windows>

Explanation:
- name=WSL2 is the rule name. You can rename as needed.
- dir=in specifies the direction of the rule as inbound, meaning it allows connections from outside into the local machine.
- action=allow specifies the action for the connections that match this rule; here, it allows those connections.
- protocol=TCP specifies the protocol type that the rule applies to.
- localport=<listen_port_on_windows> specifies the local port number that the rule applies to.

Set up Port Forwarding on Router (For WAN)

Navigate to Port Forwarding settings in the router’s settings menu.

Configure the router to forward traffic from a specific external port on the public internet to a corresponding local destination port on your windows computer identified by its IP address.

The specific external port can be set to any value of your choice. The local destination port is <listen_port_on_windows> . The IP address of your Windows machine is <windows_local_ip> .

Connecting to WSL via SSH

From Local Area Network (LAN)

Run following command in the terminal on a different device within the LAN to verify connectivity:

ssh <wsl_username>@<windows_ip> -p <listen_port_on_windows>

You will see a successful content message after running the command, indicating that port forwarding has been set up successfully! 🥳🥳🥳

From Wide Area Network (WAN)

To connect to a device within a local network form a WAN, you my need to configure port forwarding on the router. The route services as the gateway between the internal an external networks.

Run the following SSH command in the terminal from a device on a different network to verify connectivity:

ssh <wsl_username>@<public_wan_ip> -p <external_ssh_port>

Explanation:
- <public_wan_ip>: The public WAN IP address of your network.
- <external_ssh_port>: The external port number designated for SSH in your router’s port forwarding settings.

Summary

The content above covered the steps and some explanations. Now let’s briefly go over all the action steps for quick guidance.

Step 1: Reinstalling SSH on WSL 2

Remove SSH:

sudo apt remove openssh-server

Install SSH:

sudo apt install openssh-server

Step 2: Configuring SSH on WSL 2

Edit SSH config:

sudo vi /etc/ssh/sshd_config, enable Port 22 and PasswordAuthentication yes

Restart SSH:

sudo service ssh restart

Step 3: Configuring Port Forwarding on Windows

Run in PowerShell:

netsh interface portproxy add v4tov4 `
listenaddress=192.168.100.1 `
listenport=2222 `
connectaddress=192.168.100.2 `
connectport=22

Step 4: Enabling Inbound Rule on Windows Firewall

Execute in PowerShell:

netsh advfirewall firewall add rule `
dir=in `
protocol=TCP `
localport=2222
action=allow `

Step 5: Set up Port Forwarding on Router (For WAN)

Navigate to Port Forwarding settings in the router’s configuration page.

Forward traffic from port 2220 to port 2222 on the IP address of your Windows machine, which is 192.168.100.1 .

Step 6: Verifying SSH to WSL

Verifying on a Local Area Network

ssh wsl2username@192.168.100.2. -p 2222

Verifying on a Wide Area Network

ssh wsl2username@172.16.254.3 -p 2220

--

--