Access WSL Remotely via SSH

🛠 Tools and Programming 💻Programming
1

This article is converted by SimpRead, original address mysteriouspreserve.com

M.P.O. Site

March 1, 2025. A Saturday

Microsoft started adding a new feature to WSL2 in Windows 11 22621 called mirrored networking mode. With mirrored networking mode, the difficulty of configuring WSL2 network topology is minimized as much as possible.

This tutorial aims to be as simple as possible, providing a minimal configuration example to reduce maintenance difficulty and avoid differences caused by system configuration.

  1. Install the SSH server for the Linux distribution. The package name for Ubuntu is openssh-server, and for Arch Linux it is openssh.

  2. Then configure SSH to use key-based authentication. First, generate an ed25519 public/private key pair. Please search online for this step yourself. You will get the private key file id_ed25519 and the public key file id_ed25519.pub.

  3. Use id_ed25519.pub as the SSH server’s authorized public key by running cp id_ed25519.pub ~/.ssh/authorized_keys.

  4. Set the permissions of authorized_keys to 0600 and the .ssh directory to 0700.

  5. Configure the SSH server by editing nano /etc/ssh/sshd_config:
    Set Port 233, PermitRootLogin no, PubkeyAuthentication yes, AuthorizedKeysFile .ssh/authorized_keys, and PasswordAuthentication no.
    Note that 233 is the SSH service port number and should not conflict with Linux or Windows services.

  6. Configure the service to start automatically. For Arch Linux, use systemctl enable sshd; for Ubuntu, use systemctl enable ssh.

  7. Configure WSL2 by editing the .wslconfig file in the Windows user folder with the following content:

    INI

    [wsl2]
networkingMode=mirrored
[expermental]
hostAddressLoopback=true

  8. Restart the WSL2 virtual machine.

  9. Allow the firewall in Windows to permit the WSL2 virtual machine by running the following PowerShell command:
    Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow.

  10. Place the id_ed25519 private key file into the .ssh folder of the SSH client’s home directory on the client computer. For Linux, set the permissions of .ssh and id_ed25519 to 0700 and 0600, respectively.

  11. Use ssh -p 233 username@WindowsIP to connect to the SSH server running inside WSL2.

Additionally, the Arch community is preparing to officially maintain a WSL2 image. The repository is at ArchLinux-WSL. Its advantages are weekly updates and a small image, avoiding issues like keyring expiration and unnecessary dependencies.

References: