SSH'ing from windows 10 into wsl2 ubuntu - ssh

I am fairly new to this business and I fail to understand how to SSH from my win10 machine into my installed wsl2 ubuntu 20.4
Basically, I followed this tutorial, But I keep getting the following errors:
when I try to SSH using the public port (using curl ifconfig.me) gives me the error "connection timed out"
when I try to SSH using the private port (using ip route get 1.2.3.4 | awk '{print $7}') it gives me the error "Permission denied"
at some point I got the error "sshd: no hostkeys available -- exiting" so I followed this fix but then I got the errors mentioned before. Should I delete any from the /etc/ssh folder?
The end-goal is ssh'ing through vs-code, but I guess once I could do it from powershell, it's the same from vs-code.

It appears that you need to enter /etc/ssh/sshd_config (with sudo permissions) and change the following lines:
ChallengeResponseAuthentication yes
PasswordAuthentication yes

Since you seem to have fixed your issue with ssh, let me propose that your ultimate goal ("ssh into WSL from VSCode) might be better accomplished using Microsoft's "Remote Development" extension pack, which includes several extensions. While it sounds like you are considering using the "Remote - SSH" extension, you can also use the "Remote - WSL" extension directly.
After installing either the extension pack or the WSL extension directly, just open your WSL instance, cd to the directory with your code and then code . (including the period). This will open VSCode and install a shim into the WSL instance which will allow communication between the two.
See the docs from Microsoft for more detail.
Also, on the topic of your original question, you said that you edited sshd_config to permit password authentication (I don't think the ChallengeResponseAuthentication change was necessary). That's one way to go, but ultimately I'd recommend generating an SSH key pair, copying the private key to something like C:\Users\yourid\.ssh\id_rsa and using that instead of a password login.
And you mentioned in your original question that you were unable to access SSH on the public port. This is because WSL2 does not do NAT, so it also won't be accessible from a second computer without (a lot of) additional effort (manual port-forwarding from Windows to WSL, which will have to be reset on reboot since the WSL interface address will change).
As you've discovered, the WSL interface address will work, but remember that it will change on each reboot of Windows (technically, I think, any time the WSL subsystem is shut down and restarted). IMHO, you're better off using 127.0.0.1 or localhost.
But really, my preferred method of accessing WSL remotely is to install OpenSSH on Windows 10, port 22. Then you can simply do something like ssh -t windowsusername#mycomputername.local wsl to get access to the WSL instance. You can even do this when you have multiple WSL instances on your machine with ssh -t windowsusername#mycomputername.local wsl -d WSLInstanceName.
If you use this technique, of course, and you still want to run an SSH server in a WSL instance, you'll need to use a different port. But I really think you should do this anyways when running SSH under WSL. Otherwise, you are likely to spin up a second WSL instance at some point and run into port conflicts anyway.
The downside is that the Windows OpenSSH -> WSL hack won't allow you to run things like VSCode through SSH, but it does provide super-simple access to WSL through SSH, and works remotely (if you ever need that) as well.

Related

Can I run one WSL2 virtual machine instance on two system?

I'm new to the WSL2 and wondering if it's possible to run the same WSL2 ubuntu instance on both my desktop and laptop.
Now I am able to use wsl --export and wsl --import method to save and load the system to/from my portable hard drive. But these methods takes a long time.
I notice that wsl --import load a file named ext4.vhdx. Is there a way to load straightly from this file?
Update v2.0:
I was able to get a workaround and it works great.
Thanks to Booting from vhdx here, I was able to load straightly from my vhdx file on my portable hard disk. Windows track down its subsystem with regedit, So we can write our own(p.s: make sure to get BasePath right, it starts with "\\\\?", or you will not be able to access the subsystem' filesystem on your host system.):
Windows Registry Editor Version 5.00
[HKEY_USERS\【your SID here】\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss\{【UUID here】}]
"State"=dword:00000001
"DistributionName"="distribution name"
"Version"=dword:00000002
"BasePath"="vhdx folder path" 【 e.g. "\\\\?\\E:\\S061\\WSL\\ubuntu-20"】
"Flags"=dword:0000000f
"DefaultUid"=dword:000003e8
I suppose the best way to do this would be to store ext4.vhd on a network storage device accessible to both devices.
I have previosly mentioned how to move ext4.vhd. You can check that out here
Basically you need to export from one machine and import it while making sure the vhd file is configured for wsl to access from the network storage
Since this should *officially* not supported expect some performance hits
Another way would be to run WSL on one computer and ssh/remote desktop to it from another device on the network
I'm of the strong belief that sharing the same ext4 vhd between two VM's simultaneously would be a bad idea. See this and this Unix & Linux StackExchange, including the part about ...
note that sharing LVs/partitions on a single disk between the servers at the same time is NOT very safe. You should only access whole disks from any of the servers at one time.
However, as dopewind's answer mentioned, you can access the WSL instance on one computer (probably the desktop) from another (e.g. the laptop). There are several techniques you can use:
If you have Windows 10 Professional or Enterprise on one of the computers, you can enable Remote Desktop, which allows you to access pretty much everything on one computer from another. RDP ("Remote Desktop Protocol") even works from other devices such as an iPad or Android tablet (or even a phone, although that's a bit of a small screen for a "desktop"). That said, there are better, more idiomatic solutions for WSL ...
You could enable SSH server on the Windows 10 computer with the WSL instance (instructions). This may sound counterintuitive to some people, since Linux itself running in the WSL instance also includes an SSH server (by default). But by SSH'ing from (for example) your laptop into your desktop's Windows 10, you can then launch any WSL instance you have installed (if you choose to install more than one) via wsl -d <distroName>. You also avoid a lot of the network unpleasantness in the next option ...
You could, as mentioned above, enable SSH on the WSL instance (usually something like sudo service ssh start) and then ssh directly into it. However, note that WSL2 instances are NAT'd, so there's a whole lot more hackery that you have to do to get access to the network interface. There's a whole huge thread on the WSL Github about it. Personally, I'd recommend the "Windows SSH Server" option mentioned about to start out with, then you can worry about direct SSH access later if you need it.
Side note: Even though I have SSH enabled on my WSL instances, I still use Windows SSH to proxy to them, to avoid these networking issues.

Ansible SSH Key Setup

I'm dipping my toes into Ansible and I'm having trouble configuring SSH keys.
I currently have two Ubuntu 14.04 VMs running and present in the Ansible hosts file.
I also have an extra VM which is being used for Ansible management.
I have created an SSH key on the management machine and 'ssh-copy-id' them to both of the Ubuntu 14.04 VMs.
Based on watching videos and following tutorials of Ansible configuration, I should now be able to run 'ansible instancegroupname -m ping' sequentially on both of the machines without having to enter a password.
However when running that command on the management VM, I am prompted to enter the SSH passphrase for the management VM itself, something I have not seen in the tutorial videos. It just seems to work for them?
Thanks guys.
This was solved by adding the ssh-key to the ssh-agent.

How to block applications from using SSH tunnel

I am using Little Snitch to control my local applications' internet connection. But when I am at the University, I have to tunnel via ssh to a network-server in order to get an internet connection there.
The problem: If I do so, Little Snitch is not able to control my applications anymore, because then every application uses my ssh tunnel. What's the best way to handle that? Should I block ports on my ssh or is Little Snitch able to manage this?
I am using a Mac and open the ssh connection over the terminal with the following line:
ssh -D 2001 -o ServerAliveInterval=60 username#servername.com
If you use mac MacProxy and for Windows Proxifier are easiest solutions with more benefits. in addition to blocking any program from connecting to your SSH Tunnel you can also set direct access to your internet for some other programs.
Also you can specify ports and/or IPs for each program and lots more...

Get remote cmd from linux termnal

I need to run some scripts in a windows remote machine from a terminal linux, I've tried using telnet however in the windows machine it's unable and there isn't installed a ssh server. So I need other way to run the command remotely without a graphical interface.
I have the possibility for run the command from a windows machine, however I need to open a SSH Tunnel to see the remote machine, I've used psexec but it didn't work for me.
Do you have access to install software on the remote server?
Your SSH client will not be able to connect to the remote machine unless that machine is running an SSH server to respond to your client's connection request.
There are a number of possible options for SSH servers to run on Windows.
(Google for ssh server windows)
Because SSH gives an external user some access to/control over your server it is designed to be a secure tool. I would therefore recommend using an SSH server which is still actively maintained, and keep it up to date. Servers which are old and no longer supported are are likely to contain known security issues which may never be addressed, thereby leaving your server vulnerable.
There are a number of good free open-source solutions for this, so you shouldn't need to buy anything.
In the past I've worked with Windows machines running Cygwin, with the OpenSSH ssh server installed. Depending how much of the Cygwin system you choose to install, it can make the target Windows host rather like logging into another Linux box in terms of environment.
You can download the installer for Cygwin from http://www.cygwin.com/

Ubuntu on VirtualBox and Rails server

I have Windows 7. Installed VirtualBox and Ubuntu 11.04 as guest OS.
Networking is done by NAT.
Everything is fine: I have internet on Ubuntu.
I can access Windows from Ubuntu by its ip.
But i can't access Ubuntu by it's ip which is shown by ifconfig.
I run rails on Ubuntu.
How can I solve this problem: connect to Ubuntu/Rails server on ort 3000 from my Windows?
By default, VirtualBox's NAT allows the virtual machine to access the Internet ; but doesn't allow the physical machine to access the Virtual one.
The simplest solution would be to use another networking setting than NAT, for your Virtual Machine -- for instance, bridge should work fine (your VM would be visible on your network, though).
Another solution would be to use port forwarding ; about that, this article might help : Howto Access via ssh a Virtualbox Guest machine.
I used to struggle with configuring a similar setup until I found Vagrant. Vagrant makes it very simple to setup, connect to and work with a Linux virtual machine. After Vagrant is configured you can just type vagrant ssh to enter the virtual machine and your account has automatic sudo rights and everything works as expected - you don't even have to deal with logging into the vm. The initial setup for ssh does look to be a little more work under Windows though as you need to configure Putty before you can connect.
There is a simple configuration file in Vagrant that you use to specify which ports from the VM you want forwarded to your machine using a syntax like:
config.vm.forward_port("rails", 80, 3000)
config.vm.forward_port("tomcat", 8000, 8080)
and everything is taken care of. Details are here
If, for example, you are using Rails and you start vagrant with the command vagrant up in your Rails project directory than that directory is available on the VM. Since it is the same shared directory between machines, any changes you make in your Rails project directory on your machine using your regular editor is seen on the VM also. This makes testing in other environments very easy.
Instructions for setting Vagrant up with Windows are here and a RailsCast about it is here. Note that Vagrant has nothing to do directly with Rails - you can use it for setup of any virtual machine environment you need.
In short, you can't.
It is a local host not a public domain therefore not publicly accessible outside of your virtualbox environment.
Maybe someone has a clever hack for this but why would you want to do this in the first place?
Your solution is to either use firefox to browse to your localhost within your virtualbox linux session or develop on windows.
Personally I work the other way round I run Ubuntu 11.04 and I have virtualbox installations of xp, 2,000, me, vista and 7 so I can test in different environments. Inevitably I end up sharing my project folder from Ubuntu so that I can run the project in whatever OS I am testing for.