Benjamin Steenhoek

Benjamin Steenhoek

Senior Researcher at Microsoft

Tailscale + SSH setup for Windows + WSL2

1 minute read

Published:

I do a lot of work from my phone while away from my desk and wanted a clean way to SSH into my Windows machine and drop into whichever WSL2 distro I needed. The tricky part: iOS Tailscale intercepts port 22, WSL2 distros share a network namespace so you can’t run independent sshd instances on the same port, and adding a Tailscale node per distro causes TUN device conflicts.

The solution I landed on was running a single Windows OpenSSH server on three ports — 2222 for PowerShell, 2223 for Debian, 2224 for Alpine — and using Match LocalPort directives in sshd_config to forward each port to the right WSL distro via wsl.exe. One Tailscale node on Windows handles all the routing.

TL;DR

See the gist: Tailscale + SSH setup for Windows + WSL2.

The key bit in sshd_config:

Port 2222
Port 2223
Port 2224

Match LocalPort 2223
       ForceCommand C:\Windows\System32\wsl.exe -d Debian --cd ~

Match LocalPort 2224
       ForceCommand C:\Windows\System32\wsl.exe -d Alpine --cd ~

Then connect with:

CommandDestination
ssh -p 2222 myuser@zapWindows PowerShell
ssh -p 2223 myuser@zapDebian bash
ssh -p 2224 myuser@zapAlpine sh

You May Also Enjoy

Windows Terminal profile for Claude with no permission prompts BLOG

less than 1 minute read

Published:

Every time I open Claude Code in a new directory I get a workspace trust prompt asking me to approve permissions. It makes sense as a safety guardrail, but in directories I own and trust it’s just friction. I made a dedicated Windows Terminal profile that launches Claude with --permission-mode bypassPermissions so it skips straight to work.

How to limit the number of Twitter posts in your timeline using JavaScript BLOG

less than 1 minute read

Published:

I have a bit of a problem scrolling too much of the awesome content on Twitter. There are just too many other people creating cool ideas and software! At first I justified it by the fact that I find academic papers (my feed is curated to mostly academic CS/ML/SE), but now I admit it’s too much! In a bid to waste more time in order to waste less time, I created a simple script that puts an extra UI onto each post in my Twitter feed:

  • For the first five posts, it numbers them to remind me how many I’ve browsed.
  • After that, it blocks them out with a reminder of the limit I set (currently I keep it at five posts).

How to fix docker-compose: command not found error with newer versions of Docker BLOG

less than 1 minute read

Published:

The docker-compose command is missing from recent versions of Docker, replaced by a plugin built into Docker: docker compose. To restore compatibility with scripts which use docker-compose, we can create a wrapper script which forwards its arguments to docker compose. Here’s the script:

# Switch to root
sudo su -
# Write script to file
cat << EOF > /usr/local/bin/docker-compose
#!/bin/bash
docker compose $@
EOF
# Make the script executable so that we can invoke it directly from the shell
chmod +x /usr/local/bin/docker-compose