Friday, November 10, 2017

How to get Putty SSH/Telnet to connect to local Windows Subsystem for Linux SUSE Linux Enterprise on Windows 10

Install the Linux Subsystem on Windows 10 - Choosing SUSE Enterprise Linux

Fedora Server 26 not yet available, but due back in May 2017.

How to get a connect using Putty to Windows Subsystem for Linux - SUSE Linux Enterprise Server 12 SP3 or uname "4.4.0-43-Microsoft".

The instructions below "How to run SSH daemon" worked with some modifications; 

1) ssh-keygen -A (I ran this (is supported in SUSE Linux) instead of Step 1 : running  "sudo dpkg-reconfigure openssh-server". I use this to generate initial SSH keys)
2)  Uncommented  and change the PORT=22 or your choice, I used port 2222 in /etc/ssh/sshd_config file.
3)  Added AllowUsers=yourusername (not root) see SUSE openSSH page on for more 

Note: If you want to manually run SSH daemon, just run in a bash session 
(cmd.exe type bash)     "sudo /usr/sbin/sshd -D"  to get daemon running, then connect with Putty. 

In Putty, use HostName: "localhost" and your port number. 

How to run SSH daemon for SUSE WSL

Note that running sshd has security implications. Until WSL's security model has had longer to bake, you should assume that anyone who can ssh into your Windows box has permission to perform any command as the Windows user running sshd, regardless of Linux-level permissions. (Permissions are probably more restrictive than that in practice, but WSL's initial security model is not intended to be very sophisticated.)

Attempting to aggregate the instructions from github:

  • Generate SSH host keys by running "sudo dpkg-reconfigure openssh-server" in a bash shell
  • Run "sudo nano /etc/ssh/sshd_config"; edit the "UsePrivilegeSeparation yes" line to read "UsePrivilegeSeparation no". (This is necessary because "UsePrivilegeSeparation" uses the "chroot()" syscall, which WSL doesn't currently support.)
  • While still editing "/etc/ssh/sshd_config", you may choose to change "PasswordAuthentication no" to "PasswordAuthentication yes". Otherwise you will have to set up SSH keys.
  • Save "/etc/ssh/sshd_config" and exit.
  • Run "sudo visudo" to edit the sudoers file. Add the line "$USER ALL = (root) NOPASSWD: /usr/sbin/sshd -D", replacing "$USER" with your Linux username. Save and exit. If visudo complains that your changes are invalid, fix them until it reports that they are valid; otherwise you can break sudo on your system!
  • On the Windows side, edit the Windows firewall (and any third-party firewalls that you might be running) to allow incoming traffic on port 22. Because this isn't a super-secure setup, I recommend only allowing incoming traffic from home (private) and domain networks, not from the public Internet.
  • Create a text file "autostartssh.vbs" in Windows containing the following:

set ws=wscript.createobject("") "C:\Windows\System32\bash.exe -c 'sudo /usr/sbin/sshd -D'",0

  • Double-click on the script. It should start sshd; you should be able to ssh into your Windows machine.
  • Open Windows's Task Scheduler. Add a task that runs "autostartssh.vbs" on system boot.

And that's it -- your Windows computer should be running a Linux openssh server!

No comments:

Post a Comment