Private Blog Access

This blog is private and requires authentication.

If you don't have access, please contact the site owner for an invitation.

Level Up Your WSL2 Connection: Passwordless SSH for a One-Click Workflow

July 5, 2025

In our previous guide, we built the ultimate bridge between a MacBook and a Windows powerhouse, enabling a full-featured VS Code development experience inside WSL2. We set up port forwarding, configured the firewall, and established a solid connection.

But there’s one lingering piece of friction in that workflow: the password prompt.

Every time you connect, VS Code asks for your Ubuntu user’s password. It’s a small interruption, but it stands in the way of a truly seamless, one-click experience.

In this guide, we’ll eliminate that final hurdle. We’ll replace password authentication with a more secure and convenient method: SSH keys. By the end, you’ll be able to launch your remote VS Code session without ever typing a password again.

The Big Picture: Keys vs. Passwords

An SSH key pair is like a sophisticated lock and key for your digital world.

• The Public Key (The Lock): You can freely share this and install it on any server you want to access. It acts as a lock that only your private key can open.
• The Private Key (The Key): This is your secret. You keep it safe on your local machine (your MacBook). It can unlock any system that has your public key installed.

This method is vastly more secure than a password, which can be guessed or brute-forced. Let’s get it set up.

Part 3: Upgrading to Key-Based Authentication

This guide assumes you have completed the steps in our original article. We’ll be modifying that setup.

Step 1: Create Your SSH Key Pair (Inside WSL2)

First, we need to generate our secure keys inside the Ubuntu environment.

On your Windows machine, launch your Ubuntu WSL2 terminal and run the following commands.

1. Generate the Key Pair We’ll use ed25519, a modern and highly secure algorithm.

# This will start the key generation process
ssh-keygen -t ed25519

You will be prompted for two things:

• File to save the key: Press Enter to accept the default location (~/.ssh/id_ed25519).
• Enter passphrase: This is highly recommended! A passphrase is a password that encrypts your private key on disk. It ensures that even if someone steals your private key file, they can’t use it without the passphrase. We’ll see how to avoid typing it constantly in a later step.

2. Authorize Your New Key for Login Now, you need to tell your Ubuntu server that this new key is allowed to log in. You do this by adding the public key to a special file called authorized_keys.

# Add the public key to the list of authorized keys
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys

# Set strict permissions, which SSH requires for security
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Your WSL2 instance is now ready to accept a connection using your new key.

Step 2: Configure Your MacBook to Use the Key

Now, let’s go back to your MacBook and teach it how to use this new, more secure method.

The following steps are performed on your MacBook terminal.

1. Securely Copy the Private Key to Your Mac The private key (id_ed25519) needs to be on your Mac to authenticate.

First, display the key’s content in your WSL2 terminal so you can copy it.

# In your WSL2 terminal
cat ~/.ssh/id_ed25519

Select and copy the entire output, including the -----BEGIN OPENSSH PRIVATE KEY----- and -----END OPENSSH PRIVATE KEY----- lines.

Now, on your Mac, create a file to store this key.

# In your macOS terminal
# Create a new file for the key and set secure permissions
touch ~/.ssh/wsl2_key
chmod 600 ~/.ssh/wsl2_key

# Open the file in a text editor to paste the key
nano ~/.ssh/wsl2_key

Paste the private key you copied from WSL2 into this file, then save and exit (in nano, that’s Ctrl+X, then Y, then Enter).

2. Update Your VS Code SSH Config In the previous guide, we added a host to the ~/.ssh/config file. Now we just need to tell it which key to use.

Open ~/.ssh/config on your Mac and find the host entry for your WSL2 connection. Add the IdentityFile line to it:

# In ~/.ssh/config on your MacBook

Host 192.168.0.113 # Or whatever you named your host
    HostName 192.168.0.113
    User your-wsl-username
    Port 2222
    # Add this line to specify which key to use!
    IdentityFile ~/.ssh/wsl2_key

Now, when you try to connect, VS Code will use your SSH key instead of asking for a password. However, it will ask for the key’s passphrase. Let’s fix that.

Step 3: The Final Polish - Automating the Passphrase

We need a way to unlock our private key once and have it stay unlocked for our entire work session. This is exactly what ssh-agent is for. It’s a secure background utility that holds your unlocked keys in memory.

We can configure your Mac’s shell to start the agent and load your key automatically.

Add the following lines to the end of your shell configuration file on your Mac (~/.zshrc for Zsh, or ~/.bash_profile for Bash).

# Auto-start ssh-agent and add my WSL2 key on terminal launch
if ! pgrep -u "$USER" ssh-agent > /dev/null; then
    ssh-agent > ~/.ssh/ssh-agent.env
fi
if [[ ! "$SSH_AUTH_SOCK" ]]; then
    source ~/.ssh/ssh-agent.env >/dev/null
fi
ssh-add -l | grep -q wsl2_key || ssh-add ~/.ssh/wsl2_key

Now, close and reopen your terminal. The very first time, it will prompt for the passphrase for your wsl2_key. Enter it one last time.

The Final Result: True One-Click Connection

That’s it! The ssh-agent will now remember your unlocked key.

Open VS Code, go to the Remote Explorer tab, and click the connect icon next to your WSL2 host. It will connect instantly, with no password and no passphrase prompt.

You have now perfected your cross-platform setup. Your connection is not only more convenient but also significantly more secure. You’ve replaced a brittle password with strong public-key cryptography and automated the entire login process.

Happy (and seamless) coding! 🚀