majorlinux/MajorWiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wiki: update SSH docs with bash.exe default shell fix and Windows admin key auth

Browse Source 
- ssh-config-key-management: add Windows OpenSSH admin user key auth section
  (administrators_authorized_keys, BOM-free writing, ACL requirements)
- windows-openssh-wsl-default-shell: add bash.exe as recommended fix (Option 1),
  demote PowerShell to Option 2, add shell-not-found diagnostic tip
- windows-sshd-stops-after-reboot: fix stale wsl.exe reference to bash.exe
- index/README: update Recently Updated table and article descriptions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
majorlinux
2026-04-07 22:01:36 -04:00
parent 84a1893e80
commit 5af934a6c6
5 changed files with 108 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md
View File

@@ -2,10 +2,16 @@
title: "Windows OpenSSH: WSL as Default Shell Breaks Remote Commands"
domain: troubleshooting
category: networking
tags: [windows, openssh, wsl, ssh, majorrig, powershell]
tags:
- windows
- openssh
- wsl
- ssh
- majorrig
- powershell
status: published
created: 2026-04-03
updated: 2026-04-03
updated: 2026-04-07T21:55
---
# Windows OpenSSH: WSL as Default Shell Breaks Remote Commands
@@ -31,37 +37,55 @@ Windows OpenSSH's default shell is set to `C:\Windows\System32\wsl.exe`. When SS
But `wsl.exe` does not accept the `-c` flag. It expects `-e` for command execution, or no flags for an interactive session. Since OpenSSH hardcodes `-c`, every remote command fails.
## Fix
## Fix — Option 1: Use `bash.exe` (Recommended)
Change the default shell to PowerShell. Run this in an **elevated PowerShell** on the Windows host:
`bash.exe` is a WSL shim that **does** accept the `-c` flag. This gives you a Linux-first SSH experience where both interactive sessions and remote commands work natively.
```powershell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
# Find the actual path to bash.exe (it varies by install)
Get-Command bash.exe | Select-Object Source
# Set it as the default shell (elevated PowerShell)
Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\bash.exe"
Restart-Service sshd
```
If you need to run this from within WSL (e.g., over an interactive SSH session):
> **Note:** `bash.exe` may not be at `C:\Windows\System32\bash.exe` on all installs. Always verify the path with `Get-Command` first — the Windows Store WSL install places it under `AppData\Local\Microsoft\WindowsApps\`.
```bash
powershell.exe -Command "Start-Process powershell -Verb RunAs -ArgumentList '-Command New-ItemProperty -Path HKLM:\\SOFTWARE\\OpenSSH -Name DefaultShell -Value C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -PropertyType String -Force; Restart-Service sshd'"
### After the fix (bash.exe)
- Interactive SSH sessions land directly in your WSL distro
- Remote SSH commands execute in WSL's bash — Linux commands work natively
- `ssh user@host "uname -s"` returns `Linux`
## Fix — Option 2: Revert to PowerShell
If you need Windows-native command execution over SSH (e.g., for Windows-targeted Ansible or remote PowerShell administration), set the default shell back to PowerShell:
```powershell
Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Restart-Service sshd
```
## After the Fix
### After the fix (PowerShell)
- Remote SSH commands now execute via PowerShell
- Remote SSH commands execute via PowerShell
- To run Linux commands, prefix with `wsl`:
```bash
ssh user@host "wsl bash -c 'cd /mnt/d/project && git pull'"
```
- Interactive SSH sessions land in PowerShell (use `wsl` to enter Linux)
- Interactive SSH sessions land in PowerShell (type `wsl` to enter Linux)
- `ssh-copy-id` still won't work for WSL's `authorized_keys` — Windows OpenSSH reads from `C:\Users\<user>\.ssh\authorized_keys`, not the WSL home directory
## Key Notes
- This registry key is the **only** supported way to change the OpenSSH default shell on Windows
- This registry key (`HKLM:\SOFTWARE\OpenSSH\DefaultShell`) is the **only** supported way to change the OpenSSH default shell on Windows
- The change persists across reboots and Windows Updates
- If you previously set the default shell to `wsl.exe` to get a Linux-first SSH experience, be aware that it permanently breaks all remote command execution
- `wsl.exe` does **not** support `-c` — never use it as the default shell
- `bash.exe` **does** support `-c` — use it for a Linux-first SSH experience
- The path to `bash.exe` varies by install method — always verify with `Get-Command bash.exe`
- Tools like Ansible, `scp`, `rsync`, and `ssh-copy-id` all depend on `-c` working
- If the shell path in the registry doesn't exist on disk, sshd will reject the user entirely with `User <name> not allowed because shell <path> does not exist` — check `Get-WinEvent -LogName OpenSSH/Operational` to diagnose
## Related

13
05-troubleshooting/networking/windows-sshd-stops-after-reboot.md
View File

@@ -1,11 +1,16 @@
---
title: "Windows OpenSSH Server (sshd) Stops After Reboot"
title: Windows OpenSSH Server (sshd) Stops After Reboot
domain: troubleshooting
category: networking
tags: [windows, openssh, sshd, reboot, majorrig]
tags:
- windows
- openssh
- sshd
- reboot
- majorrig
status: published
created: 2026-04-02
updated: 2026-04-02
updated: 2026-04-07T21:58
---
# Windows OpenSSH Server (sshd) Stops After Reboot
@@ -58,7 +63,7 @@ The Windows OpenSSH Server is installed as a Windows Feature (`Add-WindowsCapabi
- **This is a Windows-side issue** — WSL2 itself is unaffected. The service must be started and configured from Windows, not from within WSL2.
- **Elevated PowerShell required** — `Start-Service` and `Set-Service` for sshd will return "Access is denied" if run without Administrator privileges.
- **Port 2222 was retired (2026-03-25)** — the bypass port 2222 on MajorRig is no longer in use. The entire fleet now uses port 22 uniformly after the Tailscale SSH auth fix. Only port 22 needs to be verified when troubleshooting sshd.
- **Default shell still works once fixed** — MajorRig's sshd is configured to use `C:\Windows\System32\wsl.exe` as the default shell, dropping SSH sessions directly into WSL2/Bash. This config is preserved across service restarts.
- **Default shell still works once fixed** — MajorRig's sshd is configured to use `bash.exe` (WSL shim) as the default shell, dropping SSH sessions directly into WSL2/Bash. This config is preserved across service restarts. See [WSL default shell troubleshooting](windows-openssh-wsl-default-shell-breaks-remote-commands.md) for why `bash.exe` is used instead of `wsl.exe`.
---