As far as I can tell, this is a bug in WSL. Hopefully, Microsoft will fix it in the next build. But for now, we can use this slightly ugly hack.
Update #1: Definitely a bug. Found this issue on Github. Thier proposed workaround of relaunching the shell works for me as well if you don't want to go through all of this.
TL;DR Add this to END your SSH config (usually located at ~/.ssh/config
):
Host *
ProxyCommand nc %h %p %r
Here's why it works:
Our SSH issue is not a firewall issue because nc
and telnet
work to the same host and port (try telnet <host> <port>
or nc <host> <port>
: you should see something like SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
). This we can use to our advantage.
SSH allows the use of proxies that take standard input and send it to the server's port via the ProxyCommand
option. This is normally used to tunnel into networks to a protected host by using an in-between bastion SSH server, sometimes called a jump host (see this link for more info).
This hack tells SSH to use a proxy with no jump host(s). So, it gets around SSH's failed allocation of TCP resources by pushing all of the network resource allocation onto Netcat, which does work. SSH just does its SSH thing without any network connections, and Netcat sends the raw data over a TCP connection to the SSH server.
WARNING: Since this modifies the ProxyCommand
for all hosts, I do not know how it interacts with other SSH config hosts that use ProxyCommand
. I have a few servers with which I can test this, and I will update this answer with the results. There is a chance that there are no detrimental side effects, but I cannot guarantee that.
Update #2: I did some testing with a few of my servers, and this appears to work. SSH uses the uppermost entry in the config when multiple entries apply. Thus, an existing ProxyCommand
present above this hack would override it. When the new SSH command is executed, it re-reads the SSH config, and if there is no other ProxyCommand
, SSH uses our hack ProxyCommand
, allowing it to only apply to the "outermost" SSH session. Word of warning: if you put the hack at the top of the config file (or above the entry you are trying to SSH to), SSH sessions that require a ProxyCommand
will ignore the other ProxyCommand
and instead attempt to resolve the address of the host and connect directly with Netcat.
First guess: Windows Firewall? ps> and welcome on superuser :) Google a little seems instead related with fork. Please [edit] the post and add the command line that give you this error. – Hastur – 2016-07-08T16:26:50.473
related – Ramhound – 2016-07-08T16:30:09.917
just checking that you are using an Insider Preview build of Windows 10 because AFAIK the Linux subsystem is only available in this version, not on 'normal' Windows 10. Otherwise maybe you are using Cygwin? – gogoud – 2016-07-08T16:32:40.043
@ggoud - I have updated the question to include the operating system. It is indeed the Insider Preview build. – kell – 2016-07-08T19:59:48.260
@Hastur - Thanks for the welcome. I have updated the question with the command I used. Let me know if the edit makes sense. – kell – 2016-07-08T20:04:37.643
@Ramhound - I reviewed the link you sent and am not sure if any of that applies. I am not seeing any of the extra detail information. – kell – 2016-07-08T20:04:47.537
2I am also having this issue. It affects all programs supported by ssh such as
git
andapt-get
– scicalculator – 2016-08-09T14:55:20.017I observed the same behavior on
ssh
, butgit
worked for me. Additional testing showed that the server was reachable from Cygwin, and interestingly, fromtelnet
on WSL (telnet <hostname> <ssh port number>
). So it doesn't appear to be a firewall issue since the machine can connect to the server at that port. It's probably something deeper in the WSL kernel. – computergeek125 – 2016-08-14T19:03:49.123