Using WSL from Token2Shell or Any Terminal Emulator via OpenSSH Server

  • Windows 10 April 2018 Update (1803) and
    Ubuntu 18.04 were used while preparing this post

WSL can only be used from its dedicated console window; you cannot use other terminal emulators such as Token2Shell for interactively using its Bash shell.

The following describes setting up an OpenSSH server on Ubuntu 18.04 but overall procedure should also be the same for other Linux distributions. Once you have finished setting it up, you can connect to WSL by connecting to the OpenSSH server.

STEP 1 Start Ubuntu 18.04

STEP 2 Generate OpenSSH server host keys

Ubuntu 18.04 already includes an OpenSSH server executable (/usr/sbin/sshd). However, you need to generate its host keys before you can run the server. For generating new host keys, use the following command:

sudo dpkg-reconfigure openssh-server

Host keys are used for identifying the server to the connected client and setting up a secure encrypted connection between the two. OpenSSH supports and prepares various types of host keys (RSA, ECDSA and etc.) but only one will be selected and used for the connection according to the client's preference.

STEP 3 Edit /etc/ssh/sshd_config

When an OpenSSH server starts, it reads '/etc/ssh/sshd_config' file and configures its settings. In recent versions of WSL, you can run an OpenSSH server without changing this file. However, if you're interested in adjusting the settings, the following shows our recommendations:

Port 22 Port 2222
22 is the default port number for SSH servers. However, if you already have another SSH server running and want to avoid any conflict, change this setting to any number from 1 to 65535 (
#ListenAddress ListenAddress
The default setting allows any incoming connection. Changing this setting to "" only accepts connections targeted for "".

An OpenSSH server running on WSL cannot be connected from other devices even if you configure it to accept any connection (such usage is never intended for WSL). But we can still improve the security of the server by limiting incoming connections.

PasswordAuthentication no PasswordAuthentication yes
Only the public key (publickey) user authentication is enabled in default settings. If you change this setting to "yes", you can connect to WSL using the "password" user authentication; the server will ask you for your WSL password.

STEP 4 Start OpenSSH server

Once you’ve finished changing the sshd_config file, start the server:

sudo service ssh start

STEP 5 Connect from Token2Shell

Token2Shell is classified as a Desktop Bridge app as it includes and makes use of Win32 helper executables. However, the core app is based on UWP. Hence it still has limitations as other UWP apps. One of those limitations is accessing the loopback network interface.

In order override this limitation, you must explicitly add Token2Shell to the Windows loopback network exempted list. If Token2Shell is not added, you cannot connect to any server running on WSL. Please execute the following command from Windows Command Prompt and add Token2Shell to the list:

CheckNetIsolation LoopbackExempt -a -n="ChoungNetworksUS.68307A65C913_vvzc8y2tzcnsr"

You can now connect to WSL from Token2Shell. You just need to open a new terminal window and connect to "" or "localhost" at the port number 22 (or the port number you set in Step 3) in SSH using the user ID and the password you've already setup for WSL.

For example, the following shows a "Quick Connect" popup window when your user ID for WSL is "luca":

Token2Shell has "Login Agent" feature that can remember the password you used for an SSH login. So once you logged into WSL and entered your password, you don't have to enter it again for additional terminal windows.

If you want to skip the password entering step all together, you can create an address book entry for your WSL. Token2Shell supports the public key user authentication as well as storing your password for auto login.

If you're using SSH Agent Forwarding for automatic user authentication with private keys, you don't have to setup anything on WSL. You simply need to import your private keys to Token2Shell and enable its [ Login Agent ] » [ Settings ] » "SSH Agent Forwarding" option before connecting to WSL.

Creating a Shortcut for Launching the OpenSSH Server

WSL currently doesn't support automatically launching server programs (or daemons). Hence our OpenSSH server must be started manually but the current version of WSL now does allow having servers running in background even when all Linux terminal windows are closed.

So we can create a Windows shortcut that launches our OpenSSH server. The 'Target' for the shortcut can be set as the following:

ubuntu1804.exe run "echo '<your-wsl-account-password>' | sudo -S -p '-->' service ssh start; read -t 3 -p 'Press ENTER or wait for 3 seconds.'"

Please change the "<your-wsl-account-password>" to your password for WSL. For example, if your password is '123456', your shortcut should be:

ubuntu1804.exe run "echo '123456' | sudo -S -p '-->' service ssh start; read -t 3 -p 'Press ENTER or wait for 3 seconds.'"

Please note that in order to start an OpenSSH server, you need to use the 'sudo' command in Ubuntu. In our shortcut, we're using the 'echo' command with 'sudo -S' in order to feed your password to the 'sudo' command. If you're using the same password as Windows login, we highly recommend changing it. WSL manages its own separate accounts from Windows, so you should set a different password (perhaps a simpler one) only for WSL.

There are other ways to start the server. But as far as we know they all focus on permanently removing the password for the 'sudo' command and require editing a system configuration file on Linux (ex. editing the '/etc/sudoers' file with 'visudo' command). Our approach of using the 'sudo -S' is much simpler and should provide more flexibility since it can also be used for other servers without changing any system file on Linux.

In the above command line, we've also added "-p '-->'" and "read -t 3 ..." to help you check the status of the OpenSSH server after it's started. If you just need a bare minimum command for launching the server, you can safely remove them.

ubuntu1804.exe run "echo '<your-wsl-account-password>' | sudo -S service ssh start"

Enabling sound in WSL / Ubuntu - Let It Sing!

  • Windows 10 April 2018 Update (1803)
    was used while preparing this post

WSL doesn't currently support sound devices. Hence when you open a GUI desktop or apps in X410, you will not hear anything other than the basic system bells (ex. CTRL+G). We hope Microsoft add the support in the future version of WSL. You should be able to encourage them by upvoting the following UserVoice topic:

Meanwhile... there is a workaround...

STEP 1 Download PulseAudio for Windows

PulseAudio version 1.1 was available for Windows as of this writing; it's indeed an old version but it works on Windows 10.

STEP 2 Unzip the file from Step 1 to a folder

STEP 3 Edit 'etc\pulse\'

Line 42
FROM load-module module-waveout sink_name=output source_name=input
TO load-module module-waveout sink_name=output source_name=input record=0

Please note that for security and privacy concerns Windows 10 (April 2018 Update) seems to restrict the access to audio recording devices. You can probably somehow override this feature, but since we just want to hear the sound we're simply disabling it from the PulseAudio server by adding the 'record=0'.

Line 61
FROM #load-module module-native-protocol-tcp
TO load-module module-native-protocol-tcp auth-ip-acl=

This enables the PulseAudio server to accept connections only from via TCP.

STEP 4 Edit 'etc\pulse\daemon.conf'

Line 39
FROM ; exit-idle-time = 20
TO exit-idle-time = -1

If this option is set to a non negative value, the server automatically terminates itself when the last client disconnects and the time is passed more than this option (in seconds).

STEP 5 Test run 'bin\pulseaudio.exe'

The 'pulseaudio.exe' is the executable for PulseAudio server (also referred to as a daemon) that we need for our Linux apps.

When you first run pulseaudio.exe, you'll see the Windows Firewall Alert popup that asks you if you want to allow other devices for connecting to the server. Since we'll only be using a loopback address (=, you should select 'Cancel'; you don't have to allow other devices.

If there was an error, the server exits immediately. If that's the case, go to Step 3 and make sure you've changed the lines correctly.

Press CTRL+C to stop the server.

STEP 6 Add PulseAudio related settings to your X410 launching batch file

For example, if you're using Ubuntu and created a batch file as mentioned in 'Customizing Xfce Desktop for Ubuntu (WSL)', try modifying it as shown below:

start /B x410.exe /desktop
start "" /B "C:\wsl\pulseaudio\bin\pulseaudio.exe"
ubuntu1804.exe run "if [ -z \"$(pidof xfce4-session)\" ]; then export DISPLAY=; export PULSE_SERVER=tcp:; xfce4-session; pkill '(gpg|ssh)-agent'; taskkill.exe /IM x410.exe; taskkill.exe /IM pulseaudio.exe /F; fi;"

• start "" /B "C:\wsl\pulseaudio\bin\pulseaudio.exe"

You need to adjust the path to 'pulseaudio.exe' according to your setup.

• export PULSE_SERVER=tcp:;

In order to let Linux apps know there is a PulseAudio server running at, we need to export the 'PULSE_SERVER' environment variable.

• taskkill /IM pulseaudio.exe /F

Pulseaudio.exe has its own '--kill' command line switch for terminating the running instance. But it doesn't seem to work in Windows 10.

STEP 7 Enjoy the sound!

Known Issues

  • PulseAudio server cannot be terminated gracefully. If you want to stop the server, you need to use Windows Task Manager or taskkill.exe command to terminate it forcefully.
  • The current version of PulseAudio is 12.2 as of this writing. The version used in this post is 1.1 and you probably notice various performance issues. For example, if you're seeing unexpected stuttering in video playback, it's probably caused by the PulseAudio server that couldn't keep up with the video.
  • Batch files are updated to address the re-launching problem in some Windows 10 versions. When pulseaudio.exe is launched with '-D' option and stopped using taskkill.exe with '/T' option, pulseaudio.exe might only work for the first instance of X410 and Linux GUI desktop.

Sharing Windows fonts with WSL

You can access Windows folders from WSL (Windows Subsystem for Linux). Hence you can also configure your X server settings to share Windows TrueType fonts with X410. The following summarizes the steps to enable Linux GUI apps on X410 to access Windows TrueType fonts.

Please note that you should update the file mentioned below before launching X410.

STEP 1 Locate Windows font folder

Windows TrueType fonts (*.ttf) are most likely stored under 'C:\Windows\Fonts'. But please check your Windows installation folder and get a correct font folder path.

When you launch WSL, all your fixed NTFS drives are automatically mounted under '/mnt'. For example, if you've installed Windows on 'C:\Windows', the same folder can be accessed from WSL by using '/mnt/c/Windows' as a folder path.

Hence, if your Windows font folder is 'C:\Windows\Fonts', its equivalent WSL path is '/mnt/c/Windows/Fonts'.

STEP 2 Add Windows font folder path to /etc/fonts/local.conf

Create a 'local.conf' file with root privileges and add the following lines:

<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">

Please adjust the <dir>/mnt/c/Windows/Fonts</dir> line according to your Windows font folder path found in Step 1. If '/etc/fonts/' folder already has a 'local.conf' file, you just need to add the <dir></dir> line between the <fontconfig></fontconfig> section.

STEP 3 Launch X410

Once '/etc/fonts/local.conf' file is updated, newly added or removed TrueType fonts on Windows should be automatically detected from Linux GUI apps running on X410.

If you want to check the currently install fonts from the command line, you can use the following command:


Adding the Windows font path should also solve the Unicode display problems with Linux GUI apps.