Windows 10/11 WSL SSH Certificate problems

Developers can access the power of both Windows and Linux at the same time on a Windows machine. The Windows Subsystem for Linux (WSL) lets developers install a Linux distribution (such as Ubuntu, OpenSUSE, Kali, Debian, Arch Linux, etc.) and use Linux applications, utilities, and Bash command-line tools directly on Windows, unmodified, without the overhead of a traditional virtual machine or dual-boot setup. With the introduction of WSL version 2, a full Linux kernel is installed.

However, there is a significant problem using Windows 10/11 Windows Subsystem for Linux WSL. It shows up when adjusting SSH private key permissions to Read Only using chmod 400. This is a requirement when trying to connect SSH (port 22) to a remote Linux server. It is required when connecting to any version of Linux.

When using WSL to SSH to a Linux VM, chmod will not work properly when you run the command within the WSL terminal. This is due to the disk being NTFS. You can adjust permissions via Windows, but it’s very difficult to use acls.exe to adjust permissions. This is the easy way to fix the problem of WSL running on and NTFS disk.

Configure WSL for Linux metadata

When creating an SSH key pair via ssh-keygen, on a Windows 10/11 system, they are placed in the Home/user/.ssh folder. This is an NTFS file system. To set permissions correctly, open the WSL bash shell and create a file called wsl.conf under /etc. (eg: vi /etc/wsl.conf). Insert the text below and save.

[automount]
options = "metadata"

Shutdown WSL by opening a windows command prompt and running

wsl --shutdown

There are two dashes in front of “shutdown”.

Relaunch WSL. Change the directory to the /.ssh or whatever directory you store your .pem file and run chmod 400 on the <private key>. When you run ls -al, you can see that the file permissions are set properly. Run this command with your specific information to connect to the remote Linux machine.

SSH -i <pem file> <user>@<ipaddress>

That’s it. Now you can use your private key to connect to another Linux system from Windows 10 or 11. Go here to learn how to install WSL properly. Also you can get more detailed information about other WSL options here.

Leave a Reply

%d bloggers like this: