WSL2 SSH can't connect to any public SSH server

[mresetar]

Environment

Windows build number: 

Microsoft Windows [Version 10.0.19041.450]
Your Distribution version: Release:        20.04
Whether the issue is on WSL 2 and/or WSL 1: Linux version 4.19.104-microsoft-standard (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Feb 19 06:37:35 UTC 2020

Steps to reproduce

In the console try to connect to any public SSH service. For instance:

ssh -vvv new@sdf-eu.org
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "sdf-eu.org" port 22
debug2: ssh_connect_direct
debug1: Connecting to sdf-eu.org [178.63.35.195] port 22.
debug1: connect to address 178.63.35.195 port 22: Connection timed out
ssh: connect to host sdf-eu.org port 22: Connection timed out

Timed out is observed

Expected behavior

Successful connection.

Actual behavior

Timeout (no connection).

Running the same command in cmd makes successfull connection:

ssh -vvv new@sdf-eu.org OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 debug3: Failed to open file:C:/Users/mresetar/.ssh/config error:2 debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2 debug2: resolving "sdf-eu.org" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to sdf-eu.org [178.63.35.195] port 22. debug1: Connection established. debug1: identity file C:\Users\mresetar/.ssh/id_rsa type 0 ....

I don't observe any other network issues in the WSL2 Bash. Curl, apt-get, git clone etc.. they all work fine. Only SSH is problematic. My computer is recent install.

I've just tried ssh from docker (WSL2) and from container it works:

miro@mresetar:~$ docker run -it --rm kroniak/ssh-client bash bash-5.0# ssh -vvv new@sdf-eu.org OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "sdf-eu.org" port 22 debug2: ssh_connect_direct debug1: Connecting to sdf-eu.org [178.63.35.195] port 22. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1

It looks to me like ssh client is broken on WSL2.

[1josh13]

I just tried that from both my PS 7 and ubuntu 18.04 on WSL 2 and it worked.

[mresetar]

That's good to know. I have another scenario that works from WSL2

~$ ssh.exe -vvv new@sdf-eu.org

It is just Linux ssh which is stuck connecting. I guess it could be Win10 adapter / firewall that get's in the way. But that is just guess.

[mresetar]

I've tried to re-install the distribution. If I try ssh in the WSL 1 version of Ubuntu-20.04 it works. As soon I convert the distro to the version 2 with wsl --set-version Ubuntu-20.04 2, ssh client stops to work.

This is really annoying.

Current list:

C:\Users\mresetar>wsl -l -v
  NAME                   STATE           VERSION
* Ubuntu-20.04           Running         2
  docker-desktop         Running         2
  docker-desktop-data    Running         2

[ibilous]

exactly same situation It worked for me but one day it stopped. I guess something is wrong with network configuration. I tried to reinstall windows linux subsystem but it is ended the same. Maybe there is a way to re-init whole network settings in wsl ? i tried to install debian but it has same trouble with ssh as ubuntu. Imust some global wsl config

[tolaini]

Check if you have SEP (Symantec Endpoint Protection) firewall enabled. Disable it and try again.

If you connect successfully, it is the same issue I'm facing and that I was not able to resolve.

[mresetar]

@tolaini you are 100% correct. I'm using SEP and had firewall turned on. I've requested admin rights to turn off the firewall. After turning it off, temporarily, I can connect successfully. We need a solution for this. Microsoft and Symantec should figure this out together.

[mresetar]

@tolaini you are 100% correct. I'm using SEP and had firewall turned on. I've requested admin rights to turn off the firewall. After turning it off, temporarily, I can connect successfully. We need a solution for this. Microsoft and Symantec should figure this out together.

[mresetar]

It appears this wasn't WSL issue but SEP policy issue. In my active policy, port 22 wasn't allowed for hyper-v group. As a solution, guys opened port 22 and with that, I can use SSH command from WSL 2. It is annoying but there is nothing to be done in WSL to circumvent this. It is a matter of changing the SEP policy. Thank you all, especially, @tolaini for pinpointing this. I hope you will also solve this with your admins as I did. Closing now.

[tolaini]

@mresetar can you share a screenshot of the SEP console with the relevant firewall rule that was added?

[mresetar]

Hi, I just spoke with my SEP admin and I can share few details. It looks there is no magic involved there. Symantec doesn't by magic recognize WSL as Hyper-V and treat it differently. It is just a Group policy in our case that was named Hyper-V. So for people who use Hyper-V admins created a special Group policy where they allow some ports. What is important to note that ports allowed have Incoming TCP port opened. I would say that to Win10 it looks like incoming traffic when WSL2 tries to open SSH connection. So screenshots of the group policy with the special (No 1) rule:

Details of the rule:

Notice that there are few other ports besides 22. I wasn't only one requesting some ports to be opened :)

[Karlheinzniebuhr]

Same issue on WSL2, must be due to the latest windows update.

ssh -vvv asdf
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/karl/.ssh/config
debug1: /home/karl/.ssh/config line 1: Applying options for *
debug1: /home/karl/.ssh/config line 7: Applying options for asdf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "asdf.com.py" port 22
debug2: ssh_connect_direct
debug1: Connecting to asdf.com.py [165.227.191.148] port 22.
debug1: connect to address 165.227.191.148 port 22: Connection timed out
ssh: connect to host asdf.com.py port 22: Connection timed out

[h4de5]

Same here - I can no longer ssh out of WSL2. while running the same command using ssh.exe from cmd works.

[Karlheinzniebuhr]

Same here - I can no longer ssh out of WSL2. while running the same command using ssh.exe from cmd works.

I fixed it by changing the subnet of my local IP address. Once it was in the same subnet as my home router it worked again. For configuration reasons I had switched subnets. Internet worked fine but ssh from wsl stopped working for some reason.

[ibilous]

guys, try this one. It does help for me https://gist.github.com/matthiassb/9c8162d2564777a70e3ae3cbee7d2e95#gistcomment-2656080

[mresetar]

There are a lot of cases why networking functionality could be broken on WSL2. Please open a new ticket if your case is different (like router issue, dns issue etc...). This ticket is closed and solution, in this case for me, was editing Symantec Endpoint Protection policy. Basically allowing port 22 for the network adapter for WSL / Hyper-V. So nothing wrong on the WSL2 side/nothing to fix in WSL in this case.

[dannielrocha]

My SSH it was blocked by Norton 360 in a mysterious way. But in the link below I found two temporary solutions that solves the problem to me. https://askubuntu.com/questions/1229456/ssh-fails-with-connection-timed-out-in-vpn-and-hangs-here-expecting-ssh2-msg

[janpfeifer]

+1 my SSH to port 22 suddenly is blocked (WSL 1 here).

I don't have any other firewall, other than what MS install. Any pointers where to change it ?

---

I just needed a couple more minutes searching. Default firewall is "Windows Defender", and just switching it off / on again unblocked WSL ssh to outside -- need for github.

[mehdig-dev]

I am also getting a similar issue where my port 22 is blocked for ssh on WSL2 within Ubuntu 20.04 LTS. I have tried turning off MS firewall but with no success.

[simondebbarma]

@mehdighemati I've been struggling for the last hour or two trying to push a fresh repo into my github. SSH just won't work, but when I use a VPN, it does push but stops after Writing Objects and Total then displays a ssh_dispatch_run_fatal: Connection to {ip_address} port 22: Connection timed out error.

This might be a bigger issue if we both are having this problem at the same time. I also run Ubuntu 20.04 LTS on WSL2.

[mehdig-dev]

I'd also like to note that my system is a recent fresh install and when I turn on a VPN it starts to work

[codegod100]

Issue sshing for me, I suspect something in a windows update? who here is on 11?

[janpfeifer]

After a recent upgrade to Windows 11 (could be a coincidence), and another issue started occurring: the dynamic DNS resolution stopped working in WSL, which oddly makes SSH fail in the same way (freezes for a while) as when the port 22 is blocked.

I fixed that (I added nameserver 8.8.8.8, the Google public name server) plus temporarily disabling the firewall, the SSH to port 22 has been working.

[codegod100]

I can resolve domains just not ssh

[a4abhishek]

Steps mentioned here worked for me.

[janpfeifer]

@a4abhishek : I think these are instructions to run a SSH server in WSL. This thread is about getting the SSH client to work: ssh'ing from WSL to an outside server often doesn't work for one reason or another.

[hockeybrad]

Similarly, I can ssh from the cmd window and also ssh from a vitual box VM. I just can't ssh from WSL2. I have added a special rule for incoming port 22 on my windows firewall and even tried just turning off the windows firewall altogether. No luck. I'm win10 and using IP address so no DNS issues. Still searching for the answer here and it is certainly unique to WSL2.

[CTBlaze]

Dang, I can't ssh from host WIndows 11 Terminal into WSL2 Ubuntu. Why does that not work OOTB? connect to host 172.21.33.xxx port 22: Connection refused

[tijko]

Its March 27th 2022 and I was hoping this would be resolved by now but still connection refused in WSL2.

[PhillipHuang2017]

same problem arose after windows update

[qaqeqe0]

Hi, I just spoke with my SEP admin and I can share few details. It looks there is no magic involved there. Symantec doesn't by magic recognize WSL as Hyper-V and treat it differently. It is just a Group policy in our case that was named Hyper-V. So for people who use Hyper-V admins created a special Group policy where they allow some ports. What is important to note that ports allowed have Incoming TCP port opened. I would say that to Win10 it looks like incoming traffic when WSL2 tries to open SSH connection. So screenshots of the group policy with the special (No 1) rule:

Details of the rule:

Notice that there are few other ports besides 22. I wasn't only one requesting some ports to be opened :)

Hi sir, please guide it details?

[arthurep]

Also experiencing this issue. Any clues or hopes to get it fixed?

[NablaCore]

Same issue from windows 10 with Debian 11 distro since a couple of weeks after a windows update I guess. The only solution I found is to shut down wsl, sometimes I need to kill all the wsl.exe processes Reboot is fine as well. Pretty annoying btw.

[ucoruh]

Here is the solution that I have found with WSL2. I'm using MobaXterm. There was a key problem, may be these steps solve your problems.

• generate an SSH key pair on WSL, I didn't set any password for testing purposes

ssh-keygen -t rsa -b 4096

• Configure SSH server in WSL

sudo nano /etc/ssh/sshd_config

• Change the following parameters

PasswordAuthentication yes
PermitRootLogin yes 

• Restart the SSH Server

sudo service ssh restart

• Check SSH is handled by selected port 22 or others

sudo netstat -tlnp | grep ssh

• Sample output

ucoruh@LAPTOP-RQNNS9IG:/etc/ssh$ sudo netstat -tlnp | grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6550/sshd: /usr/sbi
tcp6       0      0 :::22                   :::*                    LISTEN      6550/sshd: /usr/sbi

• Connect with MobaXterm Session->SSH Enter Host: localhost Port:22 Username: root Password : ****

I had problem with WSL, but with Docker, I can connect this container for development purposes. After these steps problem was solved and now I can develop application on WSL and Docker

FROM ubuntu:latest

# Docker görüntüsü oluşturan kişi
MAINTAINER Ugur CORUH "ugur.coruh.tr@gmail.com"

# Paketleri güncelle
RUN apt-get -y update

# openssh-server paketini yükle
RUN apt-get install -y openssh-server

# Gerekli paketleri yükle: build-essential, gdb, gdbserver, cmake, iproute2, less, bison, valgrind, nano
RUN apt-get install -y build-essential gdb gdbserver cmake iproute2 less bison valgrind nano

# İndirilen paketleri temizle
RUN rm -rf /var/lib/apt/lists/

# sshd için bir dizin oluştur
RUN mkdir /var/run/sshd

## Root kullanıcısının şifresini 'ucoruh' olarak ayarla, istersen bunu değiştirebilirsin
RUN echo 'root:ucoruh' | chpasswd

# sshd_config dosyasında "PermitRootLogin prohibit-password" satırını "PermitRootLogin yes" olarak değiştir
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH giriş düzeltmesi. Aksi takdirde kullanıcı oturum açtıktan sonra atılır
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

# Kullanıcı profili için NOTVISIBLE ortam değişkenini ayarla
ENV NOTVISIBLE "in users profile"

# /etc/profile dosyasına "export VISIBLE=now" satırını ekle
RUN echo "export VISIBLE=now" >> /etc/profile

## SSH portunu aç
EXPOSE 22

## Programa Bağlanma için portu aç
EXPOSE 5555

## Uzaktan Hata Ayıklama için portu aç
EXPOSE 4444

# sshd servisini başlat
CMD ["/usr/sbin/sshd", "-D"]

[p3k1n0]

I started having problems today, after a few months I haven't used ssh. I've used wsl with Ubuntu for more than 4 years now, and It's the first time I have this kind of problem. I have ubuntu 20.04. For me too, the windows client (ssh.exe) works perfectly. I've tried all of these without any success:

• disabling the firewall (MS default one)
• diabling the antivirus (avira)
• restarting wsl after terminating all of its processes

[janisint]

@p3k1n0 I face the same issue. Did you manage to find a solution?

[Sublime1]

I started getting this issue a few days ago, and today I resolved it by disabling IPv6 on the network connection e.g.

Go to Control Panel\Network and Internet\Network Connections Right click on whichever network connection you are using, choose Properties Deselect "Internet Protocol Version 6 (TCP/IPv6) Click OK

No need to reboot or anything, it worked immediately. Hope that can help someone else.

[silversurfer98]

I'm having the same issue in my enterprise laptop where we have WSL support enabled, I wanted to use ansible, I tried all answers above except the firewall config, nothing works

[homerobse]

I tried disabling IPV6 as suggested by @Sublime1, but it did not work for me. I am using a VPN and had to disable ipv6 in both the VPN and the wifi network.

@mresetar could you please give more details on how to follow your solution? I don't know how to access those screens you printed.

It seems that people are still facing the same issues although this has been marked as closed.

[Bonfims]

i started facing it today (yesterday was working good, i dont change anything, just shutdown my computer), my shh suddetly stops to work to connect a public server that i can connect from outside WSL.

if i open de windows CMD and try connect to public by shh it works, but inside WSL dont work.

[xiaoxiyao]

There is a workaround when connecting to GitHub： https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port