Launch SSH server at Windows startup

Utilities, scripts, and other programs that help users of WSL

Launch SSH server at Windows startup

Postby aseering » Wed Jul 20, 2016 12:39 am

This was originally discussed and sorted out by github users imjakey, fpqc, qris, therealkenc, Manouchehri, and aseering (myself) here:

https://github.com/Microsoft/BashOnWindows/issues/612

Note that running sshd has security implications. Until WSL's security model has had longer to bake, you should assume that anyone who can ssh into your Windows box has permission to perform any command as the Windows user running sshd, regardless of Linux-level permissions. (Permissions are probably more restrictive than that in practice, but WSL's initial security model is not intended to be very sophisticated.)

Attempting to aggregate the instructions from github:

  • Generate SSH host keys by running "sudo dpkg-reconfigure openssh-server" in a bash shell
  • Run "sudo nano /etc/ssh/sshd_config"; edit the "UsePrivilegeSeparation yes" line to read "UsePrivilegeSeparation no". (This is necessary because "UsePrivilegeSeparation" uses the "chroot()" syscall, which WSL doesn't currently support.)
  • While still editing "/etc/ssh/sshd_config", you may choose to change "PasswordAuthentication no" to "PasswordAuthentication yes". Otherwise you will have to set up SSH keys.
  • Save "/etc/ssh/sshd_config" and exit.
  • Run "sudo visudo" to edit the sudoers file. Add the line "$USER ALL = (root) NOPASSWD: /usr/sbin/sshd -D", replacing "$USER" with your Linux username. Save and exit. If visudo complains that your changes are invalid, fix them until it reports that they are valid; otherwise you can break sudo on your system!
  • On the Windows side, edit the Windows firewall (and any third-party firewalls that you might be running) to allow incoming traffic on port 22. Because this isn't a super-secure setup, I recommend only allowing incoming traffic from home (private) and domain networks, not from the public Internet.
  • Create a text file "autostartssh.vbs" in Windows containing the following:
Code: Select All Code
set ws=wscript.createobject("wscript.shell")
ws.run "C:\Windows\System32\bash.exe -c 'sudo /usr/sbin/sshd -D'",0

  • Double-click on the script. It should start sshd; you should be able to ssh into your Windows machine.
  • Open Windows's Task Scheduler. Add a task that runs "autostartssh.vbs" on system boot.

And that's it -- your Windows computer should be running a Linux openssh server!
aseering
Site Admin
 
Posts: 27
Joined: Sun Jul 17, 2016 11:26 pm

Re: Launch SSH server at Windows startup

Postby aseering » Wed Aug 10, 2016 8:14 am

Note that this can be used for other services as well. The key thing is, the command that you give to bash.exe must not exit; when it exits, the Windows "bash.exe" process will exit, and WSL will tear down any remaining Linux processes including your server process.

If you normally start your service using a command such as "sudo service <servicename> start", which exits immediately, you can append "; sleep 9999999999999999999999999" to artifically force the shell to stay open.

Note that running services at system startup has security implications. Make sure that you have a good firewall that is configured to prevent external users from connecting to services that you have started on your own computer. Only expose services on the network if you have system-administration experience and are confident that you are doing so in a secure manner. Linux is not a security panacea; weak passwords and improperly configured services are hacked all the time.
aseering
Site Admin
 
Posts: 27
Joined: Sun Jul 17, 2016 11:26 pm

Re: Launch SSH server at Windows startup

Postby rodrymbo » Fri Aug 12, 2016 11:11 am

I've been able to start things "At log on of user" but all my efforts to do it with "At system startup" have failed. Have you folks actually been able to make this work before the user logs in?
rodrymbo
 
Posts: 6
Joined: Sun Aug 07, 2016 9:51 am

Re: Launch SSH server at Windows startup

Postby aseering » Fri Aug 12, 2016 11:13 am

Hm... I haven't actually tried; I can try tonight. But I vaguely recall a bug-report comment saying that you need to include some command to restart the lxss service in that case?
aseering
Site Admin
 
Posts: 27
Joined: Sun Jul 17, 2016 11:26 pm

Re: Launch SSH server at Windows startup

Postby rodrymbo » Fri Aug 12, 2016 12:50 pm

Yes, I've seen that too - stopping the lxssmanager service. But I haven't been able to make that work. I've tried stopping, starting, stopping and starting, starting and stopping.

I've only been using Task Scheduler. I saw something about needing to wait for the network services to settle down before the Task Manager job tries to log in to the User Account. And I've gotten a CMD script running. Just can't start bash.exe

Good Luck. ;)
rodrymbo
 
Posts: 6
Joined: Sun Aug 07, 2016 9:51 am

Re: Launch SSH server at Windows startup

Postby poma » Mon Aug 15, 2016 4:58 am

Ubuntu is installed in user's AppData folder and each user has his own linux instance. You can't start per-user programs on system start up.
poma
 
Posts: 2
Joined: Wed Aug 10, 2016 5:49 pm

Re: Launch SSH server at Windows startup

Postby aseering » Mon Aug 15, 2016 8:15 pm

poma -- why not? You would have to pick a user account. But the user exists; the data exists.
aseering
Site Admin
 
Posts: 27
Joined: Sun Jul 17, 2016 11:26 pm

Re: Launch SSH server at Windows startup

Postby rodrymbo » Tue Aug 16, 2016 8:21 pm

poma Wrote:You can't start per-user programs on system start up.


Why would Task Scheduler offer that as an option (running as a particular user, with that user's credentials and environment and credentials) if it wasn't going to work?
rodrymbo
 
Posts: 6
Joined: Sun Aug 07, 2016 9:51 am


Return to Tools and Instructions

Who is online

Users browsing this forum: No registered users and 2 guests