SSH Key-Based Authentication¶
Generate Keypair (on your home machine)¶
ssh-keygen -t ed25519 -f ~/.ssh/wsl_ubuntu -C "wsl-remote-dev"
# Enter passphrase (recommended) or leave empty
Creates:
- ~/.ssh/wsl_ubuntu (private key -- stays on your machine)
- ~/.ssh/wsl_ubuntu.pub (public key -- goes to the remote WSL2)
Deploy Public Key to WSL2¶
Option 1: During initial interactive session at brother's PC¶
# On the WSL2 instance (logged in as admin):
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ssh-ed25519 AAAA... wsl-remote-dev" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Paste the contents of wsl_ubuntu.pub in the echo command.
Option 2: Via ssh-copy-id (temporarily enable password auth)¶
Temporarily set PasswordAuthentication yes in /etc/ssh/sshd_config,
restart sshd, then from your home machine:
Then disable password auth again and restart sshd.
SSH Client Config (on your home machine)¶
Add to ~/.ssh/config:
Host wsl-dev
HostName <TAILSCALE_IP_OF_WINDOWS_PC>
User admin
IdentityFile ~/.ssh/wsl_ubuntu
Port 22
# Optional: keep connection alive over Tailscale
ServerAliveInterval 30
ServerAliveCountMax 3
Then simply: ssh wsl-dev
Passwordless sudo (optional, for remote provisioning)¶
On the WSL2 instance:
echo "admin ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/admin
sudo chmod 440 /etc/sudoers.d/admin
This lets you run full provisioning scripts over SSH without sudo password prompts. Remove or tighten after initial setup if desired.