UP | HOME

windows11 setup

Table of Contents

1. Introduction

Notes on setup for my primary desktop

windows.svg

1.1. Remap Keyboard

Use PowerToys (free from MS) Keyboard Manager allows directly remapping keys

Remap:

from to
caps lock ctrl (left)
ctrl (right) caps lock

without the second mapping, if caps lock gets enabled there's no easy way to cancel it.

1.2. Setup OpenSSH

1.2.1. SSH to windows

  1. Enable windows ssh server from system settings.

    To verify running:

    1. open admin powershell 

      > Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

      above shows SSH server not running.

    2. enable SSH server (this takes a few minutes): 

      > Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Path          :
Online        : True
RestartNeeded : False

    3. Start SSH service 

      > Start-Service sshd

    4. configure to start automatically on boot 

      > Set-Service -Name sshd -StartupType 'Automatic'

    5. ssh-agent also needs assistance 

      > Get-Service ssh-agent

Status   Name                DisplayName
------   ----                -----------
Stopped  ssh-agent           OpenSSH Authentication Agent

      set it to start manually (whenever someone invokes ssh-agent) 

      > Get-Service -Name ssh-agent | Set-Service -StartupType Manual
  2. passwordless login

    1. public key in: C:\Users\<myusername>\.ssh\authorized_keys if non-administrator account C:\ProgramData\ssh\administrators_authorized_keys if administrator account.

      Note that C:\ProgramData is hidden. Can change directory to it in powershell, but it won't normally appear in file explorer.

    2. relax settings in C:\ProgramData\ssh\sshd_config.

      we want to uncomment a few disabled-by-default features: 

      PubkeyAuthentication yes
AllowAgentForwarding yes
AllowTcpForwarding yes

1.2.2. SSH to WSL2

in wsl2 shell:

  1. install openssh: 

    $ sudo apt-get install openssh-server

  2. default config listens on port 22: 

    $ cat /etc/ssh/sshd_config | grep -i port
#Port 22

    listen on port 2022 instead, since sshd run by windows11 occupies port 22 already 

    $ sudo sed -i -E 's:^#Port.*$:Port 2022:' /etc/ssh/sshd_config
$ cat /etc/ssh/sshd_config | grep -i port
#Port 2022

  3. start ssh service

    NOTE: relies on systemd. older WSL2 (sometime before 2023) didn't have systemd, so might need to upgrade first 

    $ sudo systemctl enable ssh
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
$ sudo systemctl stop ssh    # in case already running,  perhaps on wrong port
$ sudo systemctl start ssh

    should be able to see it running now 

    $ ps -A | grep sshd
  20139 ?      00:00:00 sshd

    and verify listening on the right port 

    $ netstat -a -n | grep tcp
tcp        0      0 0.0.0.0:2022            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
tcp6       0      0 :::2022                 :::*                    LISTEN

    verify wsl2 can ssh to itself 

    $ ssh -p 2022 localhost

1.2.3. SSH from external host

We have alternatives

  1. ssh proxy jump

    in external host's ~/.ssh/ssh_config: 

    # my windows desktop
Host roly-desktop-23
  User Rcony
  HostName 192.168.1.10

# wsl hosted from windows
Host roly-desktop-23-wsl
  User roland
  HostName localhost
  Port 2022
  ProxyJump roly-desktop-23

    Then from external host: 

    $ eval $(ssh-agent -s)
$ ssh-add
..passphrase..
$ ssh roly-desktop-23-wsl
roland@roly-desktop-23:~$

    Note this only works once passwordless ssh to windows is working

  2. forward WSL-2 port

    NOTE: Have not had success with ssh port forwarding yet, at least as of 25dec2024.

    In admin powershell: 

    netsh interface portproxy add v4tov4 `
  listenaddress=192.168.1.10 `
  listenport=2322 `
  connectaddress=172.17.64.1 `
  connectport=2022

    connect_port :: wsl ssh listening on this port

    To rediscover wsl listening on port (from wsl prompt): 

    $ netstat -l | grep 2022
tcp     0    0    0.0.0.0:2022    0.0.0.0:*   LISTEN
tcp6    0    0    [::]:2022       [::]:*      LISTEN

    To rediscover wsl VM's ip address according to windows11:

    In powershell: 

    > ipconfig

Windows IP Configuration
...

Ethernet adapter vEthernet (WSL (Hyper-V firewall)):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::d8b4:eb39:67da:da8f%14
   IPv4 Address. . . . . . . . . . . : 172.17.64.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

    The address we want is under 'IPv4 Address'. This IP is local to the windows11 instance, it's not visible outside that host.

    To see windows11 ports in use:

    in powershell: 

    > netstat -a

Active Connections

  Proto  Local Address   Foreign Address    State
  TCP    0.0.0.0:22      roly-desktop-23    LISTENING

Author: Roland Conybeare

Created: 2026-05-24 Sun 18:48

Validate