Logging into Windows 10 OpenSSH server with Administrator account and public key

I am unable to log into a Windows 10 OpenSSH Server from a CentOS OpenSSH client via public key. My password is always requested (and is accepted).

I've found many posts about setting the permissions properly on the server side for:

Directory C:\Users\username\.ssh
File C:\Users\username\.ssh\authorized_keys

I believe I've done everything required in terms of permissions. But to rule a permissions problem out, I set StrictModes=no on the server as a test and restarted the server. I found that I still must enter my password.

What else might be preventing me from logging in via public key?

Dave

Posted 2019-02-18T12:54:59.453

Reputation: 597

Does the openssh server config file allow for PubKeyAuthentication (also confirm it's not commented out -- effectively disabling) – linuxdev2013 – 2019-02-18T12:57:14.737

Yes, PubkeyAuthentication=yes. Also, I noticed the following in C:\ProgramData\ssh\sshd_config: AuthorizedKeysFile .ssh/authorized_keys

I am assuming this is relative to the home directory of the user I am logging in as. – Dave – 2019-02-18T13:08:39.573

Yes, that was a typo in the post. I will update the post now. Thank you for the catch. – Dave – 2019-02-18T13:32:26.507

I suggest you run both server and client with increased verbosity, possible in debug mode (not as a service). You’ll quickly find out why your key isn’t working. – Daniel B – 2019-02-18T13:35:57.437

Please edit your post to reflect the following information, which is required to solve your issue: Output of: C:\ProgramData\ssh\sshd_config (exclude comments). Output of: cmd /c icacls %userprofile%\.ssh\authorized_keys Output of: ls -ls /path/to/centos/client.key Output of: CentOS SSH client config (ssh_config/config), excluding comments. Depending on setup, will either be at ~/.ssh/config or /etc/ssh/ssh_config. It would also help if you change verbosity to LogLevel = DEBUG3 & post output of the log, however, you'll need to sanitize it before posting. – JW0914 – 2019-02-18T13:50:56.713

Answers

Thank you to all for your comments. Your requests for relevant information led me to the answer. In case anybody else hits this, the problem was...

My user is an administrator, and the following appears in sshd_config:

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

So, by placing my public key in my own user's .ssh/authorized_keys, it was not getting picked up. Once I placed it in the file called out in sshd_config, things worked fine.

Thank you again!

Dave

Posted 2019-02-18T12:54:59.453

Reputation: 597

A general FYI, password login should never be allowed for SSH. The SSH key should be passphrase protected. The following should be set in the sshd_config: ChallengeResponseAuthentication = no PasswordAuthentication = no PermitEmptyPasswords = no StrictModes = yes PubkeyAuthentication = yes – JW0914 – 2019-02-18T16:18:24.730

2For me, copying to the above path and setting StrictModes-no worked! Thanks!! – Nick – 2019-11-08T02:49:21.250

    Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

I just ended up #commenting out these two lines in sshd_config. It was driving me UP THE WALL trying to figure out why none of the keys were being accepted.

If you comment them out, it will just use the keys in your %User%/.ssh folder, like every other SSH program in existence.

I literally spent 4 hours trying to figure out why it wasn't accepting my keys. I'm so mad at those two lines of code right now.

StrangeSudo

Posted 2019-02-18T12:54:59.453

Reputation: 1