Setting SSH keys on Windows 10 OpenSSH server

Solution 1:

You seem to mix server hosts keys and your account public keys.


Server host keys are generated by Win32-OpenSSH in %PROGRAMDATA%/ssh on its first start. They are also given correct permissions, no need to modify them. These are the keys you see loaded as "private host key" in your log. That also indicates they have the correct permissions (otherwise they won't load).


Your account public keys go to %USERPROFILE%/.ssh/authorized_keys. That file must have write access only for the account to which they belong.

The authorized_keys file should contain public key part of your account key pair. That's no way related to .pub files from %PROGRAMDATA%/ssh.

A comment in the authorized_keys file does not matter at all.

Keys from authorized_keys file are not loaded when the server starts. They are loaded only, when you try to log in.

See also my guides to:

  • Setting up SSH public key authentication on Win32-OpenSSH
  • Understanding SSH Key Pairs

Solution 2:

Note that if you are setting up keys for an administrator user, putting the public key to %USERPROFILE%/.ssh/authorized_keys will not work. You must append the public key to %PROGRAMDATA%/ssh/administrators_authorized_keys instead.

Source

And you have to set permission with this script run in powershell admin:

$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl