128

I have Windows 10 Anniversary Edition with "Bash on Ubuntu on Windows" installed and working. I'd like to be able to SSH into this Ubuntu instance, but although I have openssh-server installed and configured (and listening on port 2200), when I try to ssh to "localhost:2200", it tells me "Server unexpectedly closed network connection".

Has anyone been able to successfully accomplish this?

enter image description here

magicandre1981
  • 97,301
  • 30
  • 179
  • 245
Mick
  • 1,961
  • 6
  • 19
  • 22
  • Using Process Hacker and looking at the 'Network' tab, it shows sshd (running on Ubuntu on Windows 10) is listening on the 2200 local port. – Mick Aug 09 '16 at 15:08
  • and if you try to connect to the ip address of the system? Ubuntu often maps loopback addresses differently than windows does, and uses additional values in 127.0.0.0/8 (often 127.0.1.1) – Frank Thomas Aug 09 '16 at 15:29

5 Answers5

146

I got it to work; here's how.

Uninstalled ssh-server, reinstalled it and made sure it's started with

sudo service ssh --full-restart

Make sure you turned off root access and added another user in the config file.

I was able to connect to the subsystem on 127.0.0.1:22 as expected.  I hope this will help you.

Here's a screenshot.

  1. sudo apt-get purge openssh-server
  2. sudo apt-get install openssh-server
  3. sudo nano /etc/ssh/sshd_config and disallow root login by setting PermitRootLogin no

  4. Then add a line beneath it that says:

    AllowUsers yourusername

    and make sure PasswordAuthentication is set to yes if you want to login using a password.

  5. Disable privilege separation by adding/modifying : UsePrivilegeSeparation no

  6. sudo service ssh --full-restart

  7. Connect to your Linux subsystem from Windows using a ssh client like PuTTY.

D. Konstantinou
  • 3
  • 3
Master Azazel
  • 1,700
  • 2
  • 11
  • 16
  • This worked, but I also had to follow @d1val suggestion to set `UsePrivilegeSeparation no` – Mick Aug 17 '16 at 20:23
  • 3
    i didnt have to do that - strange.. but remember this is still in beta stage so results may vary – Master Azazel Aug 17 '16 at 21:26
  • 8
    Additionally I had to: Stop/Disable Windows 10 SSH Server Broker Services from the services control panel and set: PubkeyAuthentication no in the sshdconfig – math0ne Sep 16 '16 at 03:49
  • 7
    I also needed to add a firewall rule. There was an existing rule, but that was only for the Windows SSH Server Proxy, and when I stopped that service, the firewall blocked traffic on port 22. – Pierre-Luc Paour Sep 29 '16 at 08:54
  • 1
    Worth noting that on build 14936 this BSOD's Windows: https://github.com/Microsoft/CommandLine-Documentation/releases/tag/14936 – rmobis Oct 06 '16 at 19:45
  • 1
    `UsePrivilegeSeparation no` was all I needed to do. You can still login as root; `PermitRootLogin yes` works fine. – Milos Ivanovic Oct 29 '16 at 04:49
  • of course it technically works.. i included it because u shouldnt give access to root – Master Azazel Oct 29 '16 at 23:28
  • Any way to make it start on boot ? Thanks ^-^ – Magix Dec 22 '16 at 18:06
  • 1
    the linux subsystem? just add it to the windows startup programs ssh should autostart once installed.. so it starts with the subsystem i didnt test tough – Master Azazel Dec 22 '16 at 21:28
  • @MasterAzazel not sure, because when I start the subsystem manually, the ssh server also has to be started manually :/ – Magix Dec 23 '16 at 03:31
  • http://upstart.ubuntu.com/ that should help you – Master Azazel Dec 23 '16 at 08:13
  • 4
    I also had to change ports (`Port 2222` in `/etc/ssh/sshd_config` file), if not the ssh server of windows picked up the connection on port 22. – arod Jan 13 '17 at 02:12
  • 1
    yeah. thats what u have to do when port 22 is occupied by anything else. – Master Azazel Jan 13 '17 at 07:03
  • Sorry to bring this thread back from the dead, but has anyone gotten this to work remotely from a different computer? I can connect to localhost with no problems, but when I tried to Putty in from a Windows 7 computer, it just doesn't respond. I can ping the Windows 10 computer that runs Ubuntu bash with no problem. Is this the limit that you can't connect to it from the outside of the computer? – Patratacus Jan 16 '17 at 20:47
  • Using the windows machines public ip address and the proper configuration for the ssh-server on the subsystem; I dont see why connecting to the linux subsystem should be a problem. Can you log in to the subsystem locally? If so, on which port? – Master Azazel Jan 17 '17 at 07:59
  • Thanks for this answer. What is the "Uninstalled ssh-server, reinstalled it" dance for? – Jonathan Hartley Mar 01 '17 at 15:39
  • And if you suddenly get `failed: Address already in use.` no matter what port you use try to uncomment `ListenAddress` it worked for me - my laptop with Insider Preview 14986 will however work without it same `/etc/ssh/sshd_config` however. – dza Mar 08 '17 at 02:21
  • I had to turn off Windows's ssh services and on ubuntu bash set ssh to auto start: Can you add to your tutorial: 1) Dissable Windows ssh proxy and broker via 'services. 2) On ubuntu, set ssh to start on startup: edit ~/.bashrc and add "sudo service ssh status || sudo service ssh start" (start ssh if not started". (For me, updating update-rc didn't seem to work) – Leo Ufimtsev Jun 30 '17 at 20:00
  • I lose the ssh connection in my ssh client every time I shut down bash. Is there a way around that? Also, restarting bash does't revive the ssh server - I need to `sudo service ssh --full-restart` once I connect to bash for ssh to work again. Why? – Artem Russakovskii Jul 10 '17 at 21:58
  • 2
    @ArtemRussakovskii they stop the whole Linux subsystem whenever you close the bash window... – Saw Jul 20 '17 at 22:16
  • 1
    @JonathanHartley Something amiss in how the server is set up in an out-of-the-box LXSS installation, I guess. Out of this answer, uninstalling and reinstalling `openssh-server` was in fact the only step I needed to do to make the server respond. – Daniel Saner Jul 27 '17 at 12:07
  • 1
    Windows has a firewall rule for port 22, but it is for windows SSH version (SSH broker) or something like that. When firewall was up, connection from remote computer has failed. Without firewall remote connection worked. So, I put Linux SSH on a custom port 2022 and created an inbound rule for this port and not for application. It worked with firewall up. – Sergei G Aug 01 '17 at 06:24
  • 1
    @SergeiG, you can disable the default SSH rule, then add a custom rule for port 22. It works just fine, without requiring a different port. – Mark Ingram Nov 02 '17 at 20:27
  • This worked for me but also needed to allow the port through Windows Firewall – Norman Breau Jun 25 '18 at 23:04
  • I can't get a connection if I change my port to 2222, even if I add it to the Windows Firewall – mFeinstein Aug 27 '19 at 22:40
  • I remember reading this when I first started using ssh server on WSL a few years ago. Today I realized there's no need to uninstall and reinstall -- `sudo dpkg-reconfigure openssh-server` is really the best practice for generating host keys on Ubuntu (and likely all Debian based distros). – NotTheDr01ds Jul 23 '21 at 07:30
40

The above answers came close, but I still had a Connection closed by 127.0.0.1 issue.

So starting over from scratch and supplying the --purge option when removing the sshd package (as I demonstrate below), solved my variation of this issue:

user$ sudo apt-get remove --purge openssh-server # First remove sshd with --purge option.
user$ sudo apt-get install openssh-server
user$ sudo vi /etc/ssh/sshd_config # **See note below.
user$ sudo service ssh --full-restart

# ** Change Port from 22 to 2222. (Just in case MS-Windows is using port 22).
#    Alternatively, you can disable MS-Windows' native SSH service if you 
#    wish to use port 22.
Ramhound
  • 41,734
  • 35
  • 103
  • 130
NYCeyes
  • 631
  • 6
  • 9
  • 2
    Why the downvote? These instructions alone didn't work in my case, as mentioned, and the additional step above worked. I don't get it. – NYCeyes May 16 '17 at 04:54
  • 1
    I was having a very different error "No supported authentication methods available (server sent: publickey)" and these steps fixed it. – Mike Viens Sep 02 '17 at 11:52
  • 2
    For some reason, Windows just didn't appreciate that I was running on Port 2222. It didn't ever show any other processes using it, and there was no evidence of port conflict, but as soon as I changed ports, it began to work. – forresthopkinsa Jan 11 '18 at 02:16
  • 1
    Port 2222 doens't work for me either, no other service running, but 22 works, which is a problem since I want to have multiple SSH connections. – mFeinstein Aug 27 '19 at 22:52
  • 2
    Just a simple remove then install worked for me. – BaiJiFeiLong Mar 20 '20 at 11:15
  • 1
    I did only the first two steps (uninstall, install). There was no need to edit sshd_config or change ports in my case. – Wlad May 13 '20 at 23:15
  • 1
    Removing openssh-server with `--purge` flag was key for it to work for me. – sagunms May 31 '20 at 10:07
27

Since windows implementation doesn't provide chroot you need to modify the /etc/ssh/sshd_config

UsePrivilegeSeparation no

Also you will need to create a user using useradd command or so.

d1val
  • 371
  • 2
  • 2
  • 4
    This step was essential in getting it to work. – Mick Aug 17 '16 at 20:27
  • 1
    I was curious, so I found this at https://www.freebsd.org/cgi/man.cgi?sshd_config(5): UsePrivilegeSeparation: – krs013 Sep 01 '16 at 07:46
  • Specifies whether sshd(8) separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The argument must be "yes", "no"', or "sandbox". If UsePrivilegeSeparation is set to "sandbox" then the pre-authentication unprivileged process is subject to additional restrictions. The default is "sandbox". – krs013 Sep 01 '16 at 07:46
  • 7
    [WSL implemented chroot in September 2016](https://msdn.microsoft.com/en-gb/commandline/wsl/release_notes#build-14936) (after this answer). – GreenReaper Apr 28 '17 at 08:21
5

I did everything as Master Azazel suggested and had the problem. When I connected to port 22 I was asked for a password, but the password I set in the Linux subsystem didn't work.

Solution #1:
change the SSH port in /etc/ssh/sshd_config and restart the SSH server in the subsystem

Solution #2:
disable/stop the "SSH Server Broker Services" in services control panel of Windows and restart the SSH server in the subsystem.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
scotty86
  • 199
  • 2
  • 4
2

The reason why you cannot ssh to it is shown in the logging from the server:

chroot("/var/run/sshd"): Function not implemented [preauth]

The Linux subsystem doesn't seem to have chroot implemented and the ssh server needs it so the connection is not allowed.

Sami Kuhmonen
  • 2,123
  • 1
  • 20
  • 29