SSH daemon with WSL without admin rights

Installing an SSH server on Windows usually requires admin rights. This is the case when using portable OpenSSH with PowerShell or Windows features (Windows 10).

When I was using Cygwin on Windows 7, I found a convenient solution to start an SSH server without admin rights and with the only downside that the SSH server would not run as a service. In other words, I had to open my Windows session to start the server.

Now that I have switched to WSL on Windows 10, I found a solution very similar to the one used with Cygwin. This has obviously the same inconvenience of not starting the server until I log in (which is acceptable in my case). In addition, this also request entering the Linux admin password at the start of the server. This can be made avoided if you follow an optional step below. Below are the steps:

  1. Activate your SSH daemon using sudo service ssh --full-restart.
  2. If you get an error message regarding host keys not available, run ssh-keygen -A and restart the daemon as above.
  3. Test your connection to your computer using SSH from a remote server. During this process, I run into a specific issue because I was using the local machine name (machine.local) but *.local was configure in the /etc/host to point elsewhere which generated host key conflicts, preventing me to login. I had to add the host key of my desktop (on which the new SSH daemon was running) using ssh-keyscan -H machine.local >> ~/.ssh/known_hosts (replace machine.local by the actual name of the computer).
  4. If the test is successful (i.e., you can log in from the server to your computer), so the SSH server is running.
  5. To start the server at the beginning of each Windows session, create a shortcut in windows startup folder. Open a run box (Windows key + r) and enter shell:startup. In the folder create an empty shortcut. Open the shortcut properties. Add in the Target field the following command C:\Windows\System32\wsl.exe sudo service ssh start. Stop the SSH server (sudo service ssh --stop), double click on the shortcut to restart the server, and try to connect from a remote server again.
  6. If you don’t want to type the Linux admin password when the SSH server starts (essentially after each reboot), type sudo visudo in a terminal and add the following line at the end of the file %sudo ALL=NOPASSWD: /usr/sbin/service ssh start.

This should also work with WSL2. Alternatively, SSH server could probably be started using systemd on this version 2 of WSL. However, I did not had a chance to test this yet.

N.B.: I came across a solution here using the task scheduler that could have been nicer. However, I am not allowed on my Windows computer to start tasks before I log in preventing me to use this method.

top