ssh into WSL2 works on only some IP addresses

On Win10, in WSL 2 running Ubuntu 20, I’ve installed sshd running on a port different from 22, namely 2222. To the firewall I’ve added an incoming rule for TCP port 2222.
From the windows command prompt, ssh -p 2222 works. So does ssh -p 2222, to the dotted quad reported by WSL’s ifconfig.

From the windows command prompt (not WSL), ipconfig reports 192.168.1.yyy, its address on my router. Through that address, Windows reaches and is reached by other 192.168.1 hosts on that router (Windows, Mac, Linux; ping, http, mounting disks, ssh only from WSL).

From the windows command prompt, ssh -p 2222 192.168.1.yyy fails with Connection refused. How can I make that work?

  • PuTTY 0.74 behaves the same as the windows command prompt’s ssh.

  • ssh -v -v -v adds possibly useful diagnostics:

    debug1: Connecting to [192.168.1.yyy] port 2222.
    debug3: finish_connect - ERROR: async io completed with error: 10061, io:000002E243EDC460
    debug1: connect to address 192.168.1.yyy port 2222: Connection refused
  • If in sshd_config I restrict ListenAddress to 192.168.1.yyy:2222, then the other incoming ssh’s fail as expected. So what needs configuring may be not ssh but WSL itself. ifconfig -a doesn’t mention any 192.168’s.

  • Context: this is a stepping stone to enable ssh into WSL from the router’s other hosts. For now WSL’s /etc/ssh/sshd_config uses PasswordAuthentication; I’ll later change that to PubKeyAuthentication.


Short answer for WSL2 – Use Windows OpenSSH as a jumphost into the WSL instances. You can do this either by ssh’ing to Windows then running the wsl command (e.g. ssh user@windowsip wsl) or, if you need something more complicated (“real” ssh access), then using SSH on both the Windows host and WSL instance (e.g. ssh -o "ProxyCommand ssh -W %h:%p windowshost.local" -o "StrictHostKeyChecking=no -p 2224 localhost).

For more details, see this answer.

Leave a Reply

Your email address will not be published. Required fields are marked *