Future's blog
0%

WSL-Container-ssh-Setup

Posted on Edited on In

We usually use WSL and docker container for development. In most cases, when we install the WSL and container, we may need setup the SSH (secure shell) configuration by ourselves. This article shares my experience in setting up SSH in these environments.

1. Install & Config

Step 1: Install (Optional): If your the system has no ssh installed, you may use the package manager (e.g., yum, apk, apt based on which operating system you are using). E.g., 

1
2
3
4
5
6
7
8
9
10
11
# Ubuntu/Debian:
sudo apt update
sudo apt install openssh-server
# CentOS 7 and earlier:
sudo yum install openssh-server
# CentOS 8 and later:
sudo dnf install openssh-server
# Arch Linux:
sudo pacman -S openssh
# Alpine Linux:
sudo apk add openssh-server

Step 2: Configuring:

  1. set up keys for SSH. Run following codes.
1
2
3
ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
  1. (Optional): If you haven’t set the password yet, set one first.
1
passwd <user_name>
  1. set up configs in sshd_config

Use any text editor, like vim, to modify the /etc/ssh/sshd_config if needed. Some important configs are:

1
2
3
4
5
6
7
8
# indicates which port listening to
Port 22
# Use public key authentication
PubkeyAuthentication yes
# Use password authentication
PasswordAuthentication yes
# Use X11 forwarding to forward a display in the remote shell
X11Forwarding yes
  1. Start the sshd service:
1
2
3
4
5
6
7
8
# Ubuntu/Debian:
sudo systemctl start ssh
# CentOS:
sudo systemctl start sshd
# Arch Linux:
sudo systemctl start sshd
# Alpine Linux:
sudo rc-service sshd start

2. Connect

Use ssh -p <port> <username>@<ip_address> to start a SSH connection.

2.1 WSL

<port>: Unless specified in the /etc/ssh/sshd_config, the default port number is 22.

username: The one in the WSL.

The WSL is an independently installed operating system running on your machine, so it has a different ip address. To get the ip address, you can use the following command in the host’s powershell to get the <ip_address>:

1
2
$wsl_ip = (wsl hostname -I).trim()
Write-Host "WSL Machine IP: ""$wsl_ip"""

2.2 Container

<port>: When configuring the container, we usually forward the container’s 22 port to one in the host machine. Use that port number at the host machine.

<username>: Unless create other user, the container has only one default user, root.

ip_address: Since we have port forwarding, the ip_address is the host machine, 127.0.0.1 (or equivalently, the ip address from command ipconfig (Windows), or ifconfig/iwconfig (Linux))

3 Remote Visiting

In some cases, we may want to visit the WSL/docker on this host machine from other machines in the same local network.

3.1 WSL

Host Port Forwarding. Since WSL behaves like a separate machine, it has its own ip address. We should perform port forwarding so that the remote connection to this host machine can be forwarded to the WSL. Run the following command to set port forwarding through Powershell in admin privilage.

1
2
3
4
5
$wsl_ip = (wsl hostname -I).trim()

Write-Host "WSL Machine IP: ""$wsl_ip"""

netsh interface portproxy add v4tov4 listenport=2222 connectport=22 connectaddress=$wsl_ip

Firewall rules. We should set firewall permission rules, so that the connection would not be refused by the host machine. You may search additional online materials for how to allow TCP connection to the <listenport> you defined above, e.g., here.

Connect. Then, we can access by ssh -p 2222 <wsl_username>@<host_ipaddr>. The <host_ipaddr can be obtained by command ipconfig (Windows), or ifconfig/iwconfig (Linux).

Additional note: if something goes run, use netsh interface portproxy reset to reset the port forwarding.

3.2 Container

Connect by ssh -p <port> <wsl_username>@<host_ipaddr>, where:

<port> is the forwarded port number, and

<host_ipaddr> is the host’s ip address in the local network, obtained by command ipconfig (Windows), or ifconfig/iwconfig (Linux).