In this section

SSH management
Setup SSH key-based authentication
Change default SSH Port 22

1. SSH management

OpenSSH server is the most commonly used SSH server on Linux systems.

Install SSH and check status

sudo apt install ssh -y 
sudo apt install openssh-server
sudo systemctl status ssh

Expected status: inactive (dead)
By default, WSL2 does not support systemd. Alternative is the service command

sudo service ssh status  
sudo service ssh start
sudo service ssh enable

Start, restart and enable SSH to start on boot

sudo systemctl start ssh
sudo systemctl restart ssh
sudo systemctl enable ssh

This establishes a remote connection to the SSH server running inside WSL2, which requires that the WSL2 instance is already running and that the SSH server is active.

Check if service installed /if running

dpkg -l | grep openssh-server

Check if the SSH daemon (sshd) is present on the system
which sshd

Check if SSH is listening on the port 22 (default)

sudo ss -tulpn | grep ssh

SSH Acces from PowerShell

Check if ssh installed in PS
```
  ssh -V
```
Connect from PowerShell
```
  ssh barry75@barryonweb.com
```

2. Setup SSH key-based authentication

Setting up SSH key-based authentication is a secure and convenient way to connect to your WSL instance without entering your password every time. This is useful for task automation by running scripts.

2.1. Generate an SSH Key Pair on Windows Machine

   ssh-keygen -t ed25519 -C "github-ci" -f github_ci

Accepting defaults in home dir (~/.ssh/) 2 files will be created:

Public key - github_ci.pub
Private key - github_ci

2.2. Create hidden dir .ssh in Linux home dir

    mkdir .ssh

Include hidden files
```
  ls -la
```
Create file authorized_keys
```
  touch authorized_keys
```

2.3. Save Public key as authorized_keys and copy to hidden dir .ssh on Linux

Unix-like systems (including WSL) use LF for line endings, and using CRLF might cause issues. Ensure LF instead of CRLF (VSCode) and check line endings on Linux (no CRLF displayed)
```
  file authorized_keys
```
Set permissions
```
  chmod 600 ~/.ssh/authorized_keys
```

2.4. Test

ssh barry75@barryonweb.com -p 22
scp -r -P 22 C:/source.test barry75@barryonweb.com:/home/barry75/

3. Change default SSH Port 22

3.1. Check currently configured listening Port

cat /etc/ssh/sshd_config | grep Port

3.2. Configure new Port

sudo nano /etc/ssh/sshd_config

3.3. Check Port configured

sudo grep -R "^Port" /etc/ssh

3.4. Restart SSH service and check actual port listening

sudo systemctl restart ssh
cat /etc/ssh/sshd_config | grep Port

3.4.1 If listening Port is not configured Port - disable ssh socket and verify

sudo systemctl disable --now ssh.socket
Removed "/etc/systemd/system/sockets.target.wants/ssh.socket".
Removed "/etc/systemd/system/ssh.service.requires/ssh.socket".
sudo systemctl status ssh.socket

3.5. Connect to server with new Port

ssh -p 2026 barry75@barryonweb.com