# Windows OpenSSH Server (sshd) Stops After Reboot ## 🛑 Problem SSH connections to MajorRig from a mobile device or Tailscale client time out on port 22. No connection refused error — just a timeout. The OpenSSH Server service is installed but not running. --- ## 🔍 Diagnosis From an **elevated** PowerShell on MajorRig: ```powershell Get-Service sshd ``` If the output shows `Stopped`, the service is not running. This is the cause of the timeout. --- ## ✅ Fix Run the following from an **elevated** PowerShell (Win+X → Terminal (Admin)): ```powershell Start-Service sshd Set-Service -Name sshd -StartupType Automatic Get-Service sshd ``` The final command should confirm `Running`. SSH connections will resume immediately — no reboot required. --- ## 🔄 Why This Happens | Trigger | Reason | |---|---| | Windows Update reboot | If `sshd` startup type is Manual, it won't restart after a reboot | | WSL2 export/import/rebuild | WSL2 reinstall operations often involve reboots that expose the same issue | | Fresh Windows install | OpenSSH Server is installed but startup type defaults to Manual | The Windows OpenSSH Server is installed as a Windows Feature (`Add-WindowsCapability`), not a WSL2 package. It runs entirely on the Windows side. However, its **default startup type is Manual**, meaning it will not survive a reboot unless explicitly set to Automatic. --- ## ⚠️ Key Notes - **This is a Windows-side issue** — WSL2 itself is unaffected. The service must be started and configured from Windows, not from within WSL2. - **Elevated PowerShell required** — `Start-Service` and `Set-Service` for sshd will return "Access is denied" if run without Administrator privileges. - **Port 2222 was retired (2026-03-25)** — the bypass port 2222 on MajorRig is no longer in use. The entire fleet now uses port 22 uniformly after the Tailscale SSH auth fix. Only port 22 needs to be verified when troubleshooting sshd. - **Default shell still works once fixed** — MajorRig's sshd is configured to use `C:\Windows\System32\wsl.exe` as the default shell, dropping SSH sessions directly into WSL2/Bash. This config is preserved across service restarts. --- ## 🔎 Quick Reference ```powershell # Check status (run as Admin) Get-Service sshd # Start and set to auto-start (run as Admin) Start-Service sshd Set-Service -Name sshd -StartupType Automatic # Verify firewall rule exists Get-NetFirewallRule -DisplayName "*ssh*" | Select DisplayName, Enabled, Direction, Action ```