How to enable SSH server to WSL2 in Windows

sshd_wsl2.md

SSH to WSL2 Linux inside Windows

Instructions to enable OpenSSH on Windows 10/11 that gives you access to WSL2 Linux

Based on this blog article with several changes and additions.

Last update: 2026-01-17

Enable SSH access from your own computer

Start figuring out some information. Open a Powershell terminal as an administrator:

# Check what is your Windows username with:
whoami

# You could use "bash.exe" as the WSL2 distro to run when logging into SSH.
# But if you have a customized distro, its better to use that. Check which is with:
wsl --list

# If the default distro you want to use is called "Debian", the file to run it should be debian.exe
# bash.exe is located at c:\Windows\System32\bash.exe, but customized WSL2 distros will be located
# at on your user profile directory.

# You verify the path to your WLS2 distro with (the executable will be size 0, that's normal),
# using Powershell with:
dir $env:USERPROFILE\AppData\Local\Microsoft\WindowsApps\debian.exe

# If you use the wrong path, when trying to log in you will just get a "wrong password" response,
# so better verify it executing in Powershell:
& $env:USERPROFILE\AppData\Local\Microsoft\WindowsApps\debian.exe

Now enable SSH server on Windows

# Open an admin elevated powershell terminal:

# Check if you have the SSH server (and client) on Windows
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

# Add the server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Manually start the server
Start-Service sshd
Get-Service sshd

# Set it to start automatically on boot
Set-Service -Name sshd -StartupType 'Automatic'

# Set that SSH should use your WSL2 distro (f.e. "debian.exe") as your shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
  -Value "$env:USERPROFILE\AppData\Local\Microsoft\WindowsApps\debian.exe" -PropertyType String -Force

# Change Windows OpenSSH configuration to allow it to log in, edit sshd_config:
notepad $env:programdata\ssh\sshd_config
# ...and add (replace "youruser" for your Windows username)
AllowUsers youruser

# Test that you can locally log in, from the Powershell terminal.
# Remember to use your Windows password, not the password you may have set to WSL2 distro.
ssh youruser@localhost

If your password doesn't seem to work, make sure login with password is enabled in Windows:

1. Open Settings.
2. Go to Accounts.
3. Click Sign-in Options.
4. Disable the Require Windows Hello Sign-in for Microsoft accounts.
5. Restart your computer.

If you need to restart the sshd service in Windows, use:

Restart-Service sshd

More info at https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration

Enable SSH access from another computer

Open firewall port 22 in your Windows machine

New-NetFirewallRule -Name sshd -DisplayName "OpenSSH Server (sshd)" `
  -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Try to log in using SSH from a different computer

# Check your Windows computer that is ssh server IP address, run in a terminal
ipconfig /all

# Log into yor Windows computer, if the IP is 192.168.1.10 and your Windowsusername is "youruser", 
# use in your remote computer:
ssh youruser@192.168.1.10

# Remember to use your Windows password, not the password you may have set to WSL2 distro.

From your client machine, you can assign a hostname to the Windows IP address.

sudo nano /etc/hosts

Add your custom hostname (replace IP address with your own)

192.168.1.100   remotewin

Sign in using keys

If you try to use ssh-copy-id, it won't work, as it tries to copy your public key to WSL $HOME/.ssh/auhorized_keys, and instead it should be copied to specific Windows directories.

If your user is not an Administrator, public key should be referenced in:

Run a powershell terminal as an administrator, and edit (or create) the file:

notepad $env:USERPROFILE\.ssh\authorized_keys

Paste there the content of your public key, it's possible that the original is located at id_rsa.pub or id_ed25519.pub:

cat $HOME/.ssh/id_rsa.pub

If remote connection still doesn't work with the key, maybe you need to disable accessing the administrator authorized keys that may have a file permission issue. Run an administrative powershell terminal and edit:

notepad c:\ProgramData\ssh\sshd_config

Change the lines

Math Group administrators
  AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

...and comment them

#Math Group administrators
#  AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

When it works, it is recommended that then you disable password authentication afterwards.

Use a Powershell terminal run as administrator and edit authorized_keys:

notepad c:\ProgramData\.ssh\authorized_keys
# change
PasswordAuthentication yes
# to
PasswordAuthentication no

More info here.

Fixing terminal glyph characters

Some prompt utils like spaceship use special characters that look like icons. If your local computer from where you want to conect with SSH to your Windows/WSL2 machine doesn't have a font that can render them, you will see strange glyph like boxes or chinese characters.

It's recommended to use a font that has a complete set of glyphs like MesloLGS NF.

When changing that setting in Visual Studio Code terminal, add to settings:

"terminal.integrated.fontFamily": "MesloLGS NF"

Connecting to SSH server with Visual Studio Code

If you try to connect to the remote server using Visual Studio Code, it will be confused as the SSH server will tell it it's running Windows.

To fix that, edit Visual Studio Code configuration. Click {command/windows} + {shift} + P to open the command pallete, search/select "Preferences: Open User Settings (JSON)", and add to the configuration file:

"remote.SSH.remotePlatform": {
  "192.168.1.100": "linux"
}

Replace 192.168.1.100 with your Windows IP address (or hostname if you use it to log into the Windows computer)