Now that we have our VM setup and booted to the Ubuntu installer we can go ahead and install Ubuntu Server. Follow the steps below to install Ubuntu Server. You can use Space to select things, Tab and Arrow keys to navigate the installer UI.
- Select your Language
- Set your preferred keyboard layout
- Verify network connection info
- Use An Entire Disk
- Select your Disk.
- It may say “local disk”, “MSFT Disk”, etc. etc.
- Fill out the following fields:
- Your Name
- Your Server’s Name: <must be all lowercase>
- Pick a username: <must be all lowercase>
- Choose your password
- Confirm your password
- Install OpenSSH Server: <checked>
- Don’t worry about the ssh key stuff as we will do this later.
- Deselect anything that is enabled in Server Snaps.
- Wait for Installation to complete and select reboot.
Since this is a VM you can just press enter to continue when asked to remove the installation media as Hyper-V will auto boot to the VHD. After the reboot process has completed, you will be greeted by a login screen:
You can now login to your VM using the username/password you specified during installation.
After you are logged in, run
sudo apt-get update to update package repositories.
sudo apt-get upgrade -y to update packages.
This next section uses the OpenSSH Client feature in Windows 10 1809+. Prior versions of Windows do not have the ability to add the OpenSSH client feature. You will need to install PuTTy to do SSH connections on prior editions of Windows.
You should update to Windows 10 as Windows 7 is now EOL (End Of Life) as of 14 January, 2020!
Securing Ubuntu SSH access via key file
To install this service run the following two PowerShell commands:
# PowerShell [Hyper-V Host] Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' # RETURN EXAMPLE: Name : OpenSSH.Client~~~~0.0.1.0 State : Installed Name : OpenSSH.Server~~~~0.0.1.0 State : NotPresent # SECOND COMMAND TO RUN: Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 # Change OpenSSH.Client~~~~0.0.1.0 to match the version listed from first command!
By default, SSH is done through user/password authentication. To setup key file authentication (which is more secure) we need to first generate a public/private key pair. First SSH to your VM via PowerShell.
# PowerShell [Hyper-V Host] ssh [email protected]
Then run the following to generate your new SSH key. We will be using
ecdsa for our key. However you can use
rsa if needed.
# BASH [Linux VM] ssh-keygen -t ecdsa -b 521 -C "CHANGE ME TO THE NAME OF YOUR LINUX HOST"
–C indicates a comment in the key file. This can be whatever you want but usually its just the hostname of the machine. You can run
hostname in the cli to get your VM’s hostname if you forgot it after setup.
Naming the SSH key file during creation will stick it in whatever directory you specify. You will need to copy the
.pub key into the
~/.ssh/authorized_keys file, otherwise your key file auth will not work. See here (step 4).
Fill out the rest of the information it asks for. You can hit
Enter to leave things blank or default. Run
ls ~/.ssh/ to verify if your key pair was successfully created.
Now we need to copy the private key file to your Windows machine. For this we can use an FTP client. Such as FileZilla. Connect to your VM via FTP and navigate to
Username: VM UserName
Password: VM User Password
|2.||Port = 22|
|3.||Navigate to |
|5.||Double click your private key to download it.|
Your key will end up in your default downloads directory. Copy the key to a folder called
.ssh in your
C:\Users\YOUR USERNAME\ directory.
You can use any FTP client you wish. You can also use the POSH-SSH PowerShell module to transfer the private key as well as WSL.
# PowerShell [Hyper-V Host] Install-Module -Name Posh-SSH $credential = Get-Credential mkdir $ENV:UserProfile\.ssh Get-SCPFile -ComputerName 'Linux Hostname/ip' -Credential $credential -RemoteFile '~/.ssh/id_ecdsa' -LocalFile $ENV:UserProfile\.ssh\id_ecdsa Uninstall-Module -Name Posh-SSH
Thanks Scott H for verifying the SSH steps for the Posh-SSH module and helping me fix the command structure!
If you have WSL enabled you can open a bash session and use SCP there instead.
# BASH via WSL [Hyper-V Host] scp [email protected]:~/.ssh/id_ecdsa /mnt/c/Users/YOURUSERNAME/.ssh/id_ecdsa
After we copy down the private key file we can test the SSH connection via the OpenSSH client package built into Windows 10 1809+.
# PowerShell [Hyper-V Host] Start-Service ssh-agent ssh-add $ENV:UserProfile\.ssh\id_ecdsa Restart-Service ssh-agent # CONNECTION STRING: ssh -i $ENV:UserProfile\.ssh\id_ecdsa [email protected]
Editing the sshd_config file
If your connection is successful, we can go ahead and disable SSH password auth. To do this we need to edit the
sshd_config file in Ubuntu.
# BASH [Linux VM] sudo nano /etc/ssh/sshd_config
Find and edit the entries in the config file:
- PasswordAuthentication no
- ChallengeResponseAuthentication no
- UsePAM no
Now hist CTRL+X then Y to save the file and then restart the ssh service:
# BASH [Linux VM] sudo systemctl restart ssh
You will most likely get disconnected during the ssh service restart. You can connect back to your host in a few seconds by running
ssh -i $ENV:UserProfile.ssh\id_ecdsa [email protected] again in your PowerShell session. You are still able to use password auth if you connect directly to the VM via the Hyper-V console, just in case your ssh key fails!
Windows 10 SSH Client supports an ssh config file! This file can be placed in the .ssh folder and can use standard UNIX syntax!