[系统运维]远程登陆Win10自带子系统Ubuntu-22.04

网上已经有很多关于远程登陆linux服务器的文章了，但很少找到关于远程登陆Windows自带的Linux子系统（WSL）——Ubuntu-22.04LTS的文章。

话不多说，言归正传！

1、被连接的Ubuntu服务器所在windows需要做的事

• 单击Windows左下角主菜单，搜索cmd，并以管理员身份运行打开。

• 执行以下命令，查看Windows的ip地址，假设地址是192.168.1.8

  ipconfig
  

• 执行以下命令，将Ubuntu子系统的 ssh 端口转发到 Windows系统 的 22222 端口或其它没有被占用的端口

  netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=22222 connectaddress=192.168.1.8 connectport=22
  

2、被连接的Ubuntu服务器上需要做的事

• 开启其他地址的访问权限

  sudo vim /etc/hosts.allow  	#在文档最下方添加 ALL:ALL
  

• 安装openssh

  sudo apt-get install openssh-server openssh-client
  

• 配置ssh服务器

  vim /etc/ssh/sshd_config
  
  # This is the sshd server system-wide configuration file.  See
  # sshd_config(5) for more information.
  
  # This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
  
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented.  Uncommented options override the
  # default value.
  
  Include /etc/ssh/sshd_config.d/*.conf
  
  #Port 22				#登入端口默认22，此处一定要注释掉！因为我们登陆的是22222端口
  #AddressFamily any
  #ListenAddress 0.0.0.0	#当服务器有多个ip，可配置服务器监听地址
  #ListenAddress ::
  
  #HostKey /etc/ssh/ssh_host_rsa_key		#设置加密密匙文件信息
  #HostKey /etc/ssh/ssh_host_ecdsa_key
  #HostKey /etc/ssh/ssh_host_ed25519_key
  
  # Ciphers and keying
  #RekeyLimit default none
  
  # Logging
  #SyslogFacility AUTH
  #LogLevel INFO
  
  # Authentication:
  
  #LoginGraceTime 2m
  
  
  #PermitRootLogin prohibit-password		#yes允许root登入 、#no不允许root登入、#without-password 停止使用root账号的密码验证、#forced-commands-onlyy#允许用公匙法验证root账号登入、#prohibit-password 禁止密码
  
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  
  PubkeyAuthentication yes		 #是否允许使用公匙验证，仅适用于ssh版本2
  
  # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
  
  #AuthorizedPrincipalsFile none
  
  #AuthorizedKeysCommand none
  #AuthorizedKeysCommandUser nobody
  
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  
  # To disable tunneled clear text passwords, change to no here!
  PasswordAuthentication yes		 #是否允许密码登陆
  #PermitEmptyPasswords no		 #是否允许空密码
  
  # Change to yes to enable challenge-response passwords (beware issues with
  # some PAM modules and threads)
  KbdInteractiveAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  #GSSAPIStrictAcceptorCheck yes
  #GSSAPIKeyExchange no
  
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the KbdInteractiveAuthentication and
  # PasswordAuthentication.  Depending on your PAM configuration,
  # PAM authentication via KbdInteractiveAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and KbdInteractiveAuthentication to 'no'.
  UsePAM yes
  
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  X11Forwarding yes
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PermitTTY yes
  PrintMotd no
  #PrintLastLog yes
  #TCPKeepAlive yes
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  UseDNS yes
  #PidFile /run/sshd.pid
  #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
  #VersionAddendum none
  
  # no default banner path
  #Banner none
  
  # Allow client to pass locale environment variables
  AcceptEnv LANG LC_*
  
  # override default of no subsystems
  Subsystem       sftp    /usr/lib/openssh/sftp-server
  
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  #       X11Forwarding no
  #       AllowTcpForwarding no
  #       PermitTTY no
  #       ForceCommand cvs server
  
  

• 开启ssh服务

  sudo /etc/init.d/ssh start
  

  • ssh连接的过程
    1. 本地向远程服务端发起连接
    2. 服务端随机生成一个字符串发送给发起登录的本地端
    3. 本地对该字符串使用私钥（~/.ssh/id_rsa）加密发送给服务端
    4. 服务端使用公钥（~/.ssh/id_rsa.pub）对私钥加密后的字符串进行解密
    5. 服务端对比解密后的字符串和第一次发送给客户端未加密的字符串，若一致则判断为登录成功

• 可能的报错

  • sshd: no hostkeys available -- exiting.

    • 解决方案：

      ssh-keygen -A
      
      sudo /etc/init.d/ssh start
      

  • Disconnected: No supported authentication methods available (server sent: publickey)

    • 解决方案：检查ssh的配置文件/etc/ssh/sshd_config，看是否打开了密码登陆或公钥登陆

      PasswordAuthentication yes		 #是否允许密码登陆
      PubkeyAuthentication yes		 #是否允许使用公匙验证，仅适用于ssh版本2
      

  • Permission denied (publickey).

    • 原因分析：

      1. 远程主机禁用了ssh密码登录权限

      2. 本地访问远程主机的公钥没有添加或者被取消（无法认证）

         1. 用户主目录下执行以下命令生成的一对秘钥（私钥：~/.ssh/id_rsa和公钥：~/.ssh/id_rsa.pub）。

            ssh-keygen -t rsa
            

         2. 复制本地公钥（~/.ssh/id_rsa.pub）内容，添加到远程服务器端已认证的秘钥文件~/.ssh/authorized_keys末尾。

      3. 远程服务器公钥文件夹权限错误（.ssh和.ssh/authorized_keys需要保证只有用户自己有权限，否则验证无效）

         // 更改文件所有权。
         # chown -R your_user:your_group ~/.ssh  
         
         // 更改.ssh文件夹权限
         #  chmod 700 ~/.ssh
         
         // 更改.ssh/authorized_keys文件权限
         # chmod 600 ~/.ssh/authorized_keys
         

• 经过以上步骤后，通过命令行ssh -p 22222 登录名@主机ip或者mabaxterm、securCRT等软件即可成功远程登陆WIindows自带子系统Ubuntu了。