I wanted to be able to SSH into my Windows laptop directly into Linux. I also wanted to disable password authentication and only allow public key (RSA in my case) authentication.

Scott Hanselman wrote a blog post on how to make your default WSL2 distro your default shell for SSH. Windows OS Hub published an article on using public key authentication. These were both helpful resources.

I'll assume you're already familiar with using SSH keys. If not, this article at DigitalOcean is very informative.

Add your public key to your authorized keys file

First thing you want to do is create the file $HOME\.ssh\authorized_keys. If you run into issues, it could be due to incorrect file ownership.

Paste your public key into this file. The SSH server checks the user's authorized_keys file to see if the private key being used by the SSH client matches one of the public keys in this file.

Install the OpenSSH package

Note

These instructions use win32-openssh via Scoop, not the native Windows OpenSSH.

Run PowerShell as Administrator as you'll need elevated privileges.

# Install the package.
scoop install win32-openssh

# Allow inbound connections on port 22.
netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22

# Create the SSH Server service and set it to start automatically.
cd "$Env:USERPROFILE\scoop\apps\win32-openssh\current"
.\install-sshd.ps1
Set-Service -Name sshd -StartupType 'Automatic'

# You need to start the server once to generate the configuration files.
Start-Service sshd

# Set WSL2 as the default shell for SSH sessions.
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force

Configure the SSH server

In the same Administrator PowerShell session, open the SSH server config file in VS Code.

cd C:\ProgramData\ssh
code .

VS Code should have [Administrator] in the title bar and you'll need it.

You want to edit the sshd_config file, specifically changing the below settings. All of the settings are documented here.

# The default is "yes", but it's worth mentioning that this MUST be yes!
PubkeyAuthentication yes

# The default is ".ssh/authorized_keys .ssh/authorized_keys2", but we only want/need the first one.
AuthorizedKeysFile .ssh/authorized_keys

# The default is "yes", but we want this to be "no".
PasswordAuthentication no

If your account is in the Administrators group, then this setting will override the above AuthorizedKeysFile.

If this is your computer, then you are likely in that group. You should delete these lines unless you want to store your keys in C:\ProgramData instead of $HOME.

Match Group administrators
  AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

I also like to set the SSH Server to IPv4 only and listen on all interfaces.

AddressFamily inet
ListenAddress 0.0.0.0

Restart the SSH server

You need to restart the server every time you make changes to sshd_config.

Restart-Service sshd

Connect to your Windows PC over SSH

First get the network IP address for your Windows PC.

Get-NetIPAddress -AddressFamily ipv4 -PrefixOrigin dhcp

Now go to another PC that has the matching private key to the public key you pasted into the authorized_keys file.

Replace my name with your Windows username (whatever $Env:USERNAME is in PowerShell). If your username has spaces in it, wrap your entire name in 'single quotes'.

ssh Adam@1.2.3.4

Troubleshooting

On the server-side, you'll want to stop the sshd service if it's running and then run sshd -d manually to see debug output.

On the client-side, you'll want to try connecting to the server with the -v flag to see verbose output.