106
72
I have Windows 10 Anniversary Edition with "Bash on Ubuntu on Windows" installed and working. I'd like to be able to SSH into this Ubuntu instance, but although I have openssh-server installed and configured (and listening on port 2200), when I try to ssh to "localhost:2200", it tells me "Server unexpectedly closed network connection".
Has anyone been able to successfully accomplish this?
Mick
Posted 2016-08-09T14:52:46.110
Reputation: 1 651
125
I got it to work; here's how.
Uninstalled ssh-server, reinstalled it and made sure it's started with
sudo service ssh --full-restart
Make sure you turned off root access and added another user in the config file.
I was able to connect to the subsystem on 127.0.0.1:22 as expected. I hope this will help you.
sudo apt-get purge openssh-serversudo apt-get install openssh-serversudo nano /etc/ssh/sshd_config and disallow root login by setting PermitRootLogin noThen add a line beneath it that says:
AllowUsers yourusername
and make sure PasswordAuthentication is set to yes if you want to login using a password.
Disable privilege separation by adding/modifying : UsePrivilegeSeparation no
sudo service ssh --full-restart
Connect to your Linux subsystem from Windows using a ssh client like PuTTY.
Master Azazel
Posted 2016-08-09T14:52:46.110
Reputation: 1 441
This worked, but I also had to follow @d1val suggestion to set UsePrivilegeSeparation no – Mick – 2016-08-17T20:23:18.177
3i didnt have to do that - strange.. but remember this is still in beta stage so results may vary – Master Azazel – 2016-08-17T21:26:26.093
7Additionally I had to: Stop/Disable Windows 10 SSH Server Broker Services from the services control panel and set: PubkeyAuthentication no in the sshdconfig – math0ne – 2016-09-16T03:49:15.237
7I also needed to add a firewall rule. There was an existing rule, but that was only for the Windows SSH Server Proxy, and when I stopped that service, the firewall blocked traffic on port 22. – Pierre-Luc Paour – 2016-09-29T08:54:57.187
1
Worth noting that on build 14936 this BSOD's Windows: https://github.com/Microsoft/CommandLine-Documentation/releases/tag/14936
– rmobis – 2016-10-06T19:45:45.8401UsePrivilegeSeparation no was all I needed to do. You can still login as root; PermitRootLogin yes works fine. – Milos Ivanovic – 2016-10-29T04:49:35.417
of course it technically works.. i included it because u shouldnt give access to root – Master Azazel – 2016-10-29T23:28:45.483
Any way to make it start on boot ? Thanks ^-^ – Magix – 2016-12-22T18:06:18.243
1the linux subsystem? just add it to the windows startup programs ssh should autostart once installed.. so it starts with the subsystem i didnt test tough – Master Azazel – 2016-12-22T21:28:31.430
@MasterAzazel not sure, because when I start the subsystem manually, the ssh server also has to be started manually :/ – Magix – 2016-12-23T03:31:44.297
http://upstart.ubuntu.com/ that should help you – Master Azazel – 2016-12-23T08:13:24.687
3I also had to change ports (Port 2222 in /etc/ssh/sshd_config file), if not the ssh server of windows picked up the connection on port 22. – arod – 2017-01-13T02:12:31.083
1yeah. thats what u have to do when port 22 is occupied by anything else. – Master Azazel – 2017-01-13T07:03:51.350
Sorry to bring this thread back from the dead, but has anyone gotten this to work remotely from a different computer? I can connect to localhost with no problems, but when I tried to Putty in from a Windows 7 computer, it just doesn't respond. I can ping the Windows 10 computer that runs Ubuntu bash with no problem. Is this the limit that you can't connect to it from the outside of the computer? – Patratacus – 2017-01-16T20:47:48.583
Using the windows machines public ip address and the proper configuration for the ssh-server on the subsystem; I dont see why connecting to the linux subsystem should be a problem. Can you log in to the subsystem locally? If so, on which port? – Master Azazel – 2017-01-17T07:59:42.560
Thanks for this answer. What is the "Uninstalled ssh-server, reinstalled it" dance for? – Jonathan Hartley – 2017-03-01T15:39:36.857
And if you suddenly get failed: Address already in use. no matter what port you use try to uncomment ListenAddress it worked for me - my laptop with Insider Preview 14986 will however work without it same /etc/ssh/sshd_config however. – dezza – 2017-03-08T02:21:55.543
I had to turn off Windows's ssh services and on ubuntu bash set ssh to auto start:
Can you add to your tutorial: 1) Dissable Windows ssh proxy and broker via 'services. 2) On ubuntu, set ssh to start on startup: edit ~/.bashrc and add "sudo service ssh status || sudo service ssh start" (start ssh if not started". (For me, updating update-rc didn't seem to work) – Leo Ufimtsev – 2017-06-30T20:00:02.050
I lose the ssh connection in my ssh client every time I shut down bash. Is there a way around that?
Also, restarting bash does't revive the ssh server - I need to sudo service ssh --full-restart once I connect to bash for ssh to work again. Why? – Artem Russakovskii – 2017-07-10T21:58:07.103
2@ArtemRussakovskii they stop the whole Linux subsystem whenever you close the bash window... – Sakher – 2017-07-20T22:16:31.900
1@JonathanHartley Something amiss in how the server is set up in an out-of-the-box LXSS installation, I guess. Out of this answer, uninstalling and reinstalling openssh-server was in fact the only step I needed to do to make the server respond. – Daniel Saner – 2017-07-27T12:07:16.893
1Windows has a firewall rule for port 22, but it is for windows SSH version (SSH broker) or something like that. When firewall was up, connection from remote computer has failed. Without firewall remote connection worked.
So, I put Linux SSH on a custom port 2022 and created an inbound rule for this port and not for application. It worked with firewall up. – Sergei G – 2017-08-01T06:24:12.897
1@SergeiG, you can disable the default SSH rule, then add a custom rule for port 22. It works just fine, without requiring a different port. – Mark Ingram – 2017-11-02T20:27:43.517
This worked for me but also needed to allow the port through Windows Firewall – Norman Breau – 2018-06-25T23:04:44.450
I can't get a connection if I change my port to 2222, even if I add it to the Windows Firewall – mFeinstein – 2019-08-27T22:40:54.333
28
The above answers came close, but I still had a Connection closed by 127.0.0.1 issue.
Starting over from scratch and removing the sshd package with the --purge option (as shown below), solved my variation of this issue:
user$ sudo apt-get remove --purge openssh-server # First remove sshd with --purge option.
user$ sudo apt-get install openssh-server
user$ sudo vi /etc/ssh/sshd_config # **See note below.
user$ sudo service ssh --full-restart
# ** Change Port from 22 to 2222. (Just in case MS-Windows is using port 22).
# Alternatively, you can disable MS-Windows' native SSH service if you
# wish to use port 22.
I hope this helps. =:)
NYCeyes
Posted 2016-08-09T14:52:46.110
Reputation: 431
2Why the downvote? These instructions alone didn't work in my case, as mentioned, and the additional step above worked. I don't get it. – NYCeyes – 2017-05-16T04:54:12.513
1I was having a very different error "No supported authentication methods available (server sent: publickey)" and these steps fixed it. – Mike Viens – 2017-09-02T11:52:27.490
2For some reason, Windows just didn't appreciate that I was running on Port 2222. It didn't ever show any other processes using it, and there was no evidence of port conflict, but as soon as I changed ports, it began to work. – forresthopkinsa – 2018-01-11T02:16:57.567
1Port 2222 doens't work for me either, no other service running, but 22 works, which is a problem since I want to have multiple SSH connections. – mFeinstein – 2019-08-27T22:52:27.360
27
Since windows implementation doesn't provide chroot you need to modify the /etc/ssh/sshd_config
UsePrivilegeSeparation no
Also you will need to create a user using useradd command or so.
d1val
Posted 2016-08-09T14:52:46.110
Reputation: 371
4This step was essential in getting it to work. – Mick – 2016-08-17T20:27:48.910
1
I was curious, so I found this at https://www.freebsd.org/cgi/man.cgi?sshd_config(5):
UsePrivilegeSeparation:
Specifies whether sshd(8) separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The argument must be "yes", "no"', or "sandbox". If UsePrivilegeSeparation is set to "sandbox" then the pre-authentication unprivileged process is subject to additional restrictions. The default is "sandbox". – krs013 – 2016-09-01T07:46:23.440
7WSL implemented chroot in September 2016 (after this answer). – GreenReaper – 2017-04-28T08:21:44.877
5
I did everything as Master Azazel suggested and had the problem. When I connected to port 22 I was asked for a password, but the password I set in the Linux subsystem didn't work.
Solution #1:
change the SSH port in /etc/ssh/sshd_config and restart the SSH server in the subsystem
Solution #2:
disable/stop the "SSH Server Broker Services" in services control panel of Windows and restart the SSH server in the subsystem.
scotty86
Posted 2016-08-09T14:52:46.110
Reputation: 159
1This only applies if you have something running on windows on port 22. – Master Azazel – 2016-12-04T10:14:51.130
3Ofcz, as you see on my default installation of win10 there was a service running on 22... – scotty86 – 2016-12-05T11:47:37.487
2
The reason why you cannot ssh to it is shown in the logging from the server:
chroot("/var/run/sshd"): Function not implemented [preauth]
The Linux subsystem doesn't seem to have chroot implemented and the ssh server needs it so the connection is not allowed.
Sami Kuhmonen
Posted 2016-08-09T14:52:46.110
Reputation: 2 052
3Which is correct.. but the other answers explain how to work around the chroot requirement. – Mahmoud Al-Qudsi – 2016-12-12T20:46:04.070
Using Process Hacker and looking at the 'Network' tab, it shows sshd (running on Ubuntu on Windows 10) is listening on the 2200 local port. – Mick – 2016-08-09T15:08:09.880
and if you try to connect to the ip address of the system? Ubuntu often maps loopback addresses differently than windows does, and uses additional values in 127.0.0.0/8 (often 127.0.1.1) – Frank Thomas – 2016-08-09T15:29:12.533