Logging into Windows 10 OpenSSH server with Administrator account and public key

windows-10 ssh windows openssh sshd

I am unable to log into a Windows 10 OpenSSH Server from a CentOS OpenSSH client via public key. My password is always requested (and is accepted).

I've found many posts about setting the permissions properly on the server side for:

  • Directory C:\Users\username\.ssh
  • File C:\Users\username\.ssh\authorized_keys

I believe I've done everything required in terms of permissions. But to rule a permissions problem out, I set StrictModes=no on the server as a test and restarted the server. I found that I still must enter my password.

What else might be preventing me from logging in via public key?


Solution 1:

Your comments and requests for relevant information led me to the answer. In case anybody else hits this, the problem was...

My user is an administrator, and the following appears in sshd_config:

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

So, by placing my public key in my own user's .ssh/authorized_keys, it was not getting picked up. Once I placed it in the file called out in sshd_config, things worked fine.

Solution 2:

    Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

I just ended up #commenting out these two lines in sshd_config. It was driving me UP THE WALL trying to figure out why none of the keys were being accepted.

If you comment them out, it will just use the keys in your %User%/.ssh folder, like every other SSH program in existence.

I literally spent 4 hours trying to figure out why it wasn't accepting my keys. I'm so mad at those two lines of code right now.

Solution 3:

To resolve this for me I needed to use Martins answer and Nick comment. So final solution was

StrictModes no
Match Group administrators
   AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

in sshd_config

EDIT: As Martin pointed there are security risks to this, strictmodes is there to protect your system when it is deemed that certain file permission are too relaxed and so this setting is there as an added security measure. Here's a good article explaining -

https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/tagt_wlp_collective_zos_ssh.html

In my case, this config is for a test automation server with no critical data on it that runs for less than 15mins at a time, a couple of times a week.

Related

How does network pricing work exactly in cloud platforms? And how should I avoid dedicated pricing attacks?
netplan - Network with DHCP configured, but no internet
Prevent user from seeing list of other user's home dir
Traffic is not being spread evenly between replicas of OpenFaas functions
Connection "not secure" in browser address bar [closed]
Deny direct IP access to an application deployed in Kubernetes
apache segmentation fault but no core dumps
iptables: match only the first packet of established TCP-connection
Can Linux do conditional judgment to insert the content at a certain line in Linux
How can I get APT to "ignore" a package?
Docker Compose returns error "networks have overlapping IPv4"
UIView's frame, bounds, center, origin, when to use what?