Command to copy client public key to Windows OpenSSH SFTP/SSH server authorized keys file

2

1

I have a Linux machine, and I need to sftp to a Windows SFTP server. So for first step, I create my own id_rsa file and the id_rsa.pub in my Linux machine.

Then I copy the text in the id_rsa.pub into the id_rsa.pub in the SFTP server.

And the sftp connection work correctly.

However, I would like to ask about the command to copy the public key from client to server. I have search in google and I get a command which is:

ssh-copy-id -i id_rsa.pub ftp_user*@10.7.8.32

But I hit the following error:

'exec' is not recognized as an internal or external command, operable program or batch file. The system cannot find the path specified.

enter image description here

I believe there is some command exits for this right? Instead of I copy the public key manually to the SFTP server.

The SFTP version is SFTP protocol version 3.

Panadol Chong

Posted 2019-06-21T06:33:49.297

Reputation: 121

So once again: It seems that you are on Windows, so please make sure you state that clearly. + Windows do not have ssh-copy-id command. Yet it seems that Windows misses exec (whatever it is - is it really a literal transcription of the error message?), not ssh-copy-id. So you might have ssh-copy-id actually (which internally uses some exec?). Do you? Where did you get it from? – Martin Prikryl – 2019-06-21T06:59:53.187

@MartinPrikryl, sorry for late reply. Yes, the Sftp server is windows base, and client server is linux. It is any alternative way to command on this? because Windows do not have ssh-copy-id command. – Panadol Chong – 2019-06-21T07:05:27.580

Answers

3

ssh-copy-id script works only against *nix servers (or servers with *nix emulation), as it internally executes some *nix shell command on the server (like exec, sh, umask, rm, mkdir, tail, cat, etc).

You can setup the key manually. I'm aware that you know that, but as there subtle differences, when doing that on a Windows server, I'll mention it anyway for benefit of other readers.

Main steps are:

  • Create the .ssh folder in your Windows account profile folder (typically in C:\Users\username\.ssh).
  • Create authorized_keys file in the folder and add your public key to it.
  • Make sure that the ACL of the .ssh folder and the authorized_keys so that only a respective Windows account have a write access to the folder and the file (what is the default access level, if you create the folder and the file, while logged in using the respective account).

For details, see my guide for Setting up SSH public key authentication on Win32-OpenSSH.

If you want to do that from your local machine, you can do it using sftp. Particularly if you have no key on the server registered yet, you can just upload the id_rsa.pub file as authorized_keys file:

$ sftp martin@example.com
martin@example.com's password:
Connected to martin@example.com.
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub authorized_keys
Uploading id_rsa.pub to /C:/Users/martin/.ssh/authorized_keys
id_rsa.pub                                   100%  401   197.5KB/s   00:00
sftp> bye

The above is basically, what ssh-copy-id does internally – Except that ssh-copy-id appends the authorized_keys, what plain sftp cannot do. If you need to append, you can download authorized_keys to the local machine, append it locally and re-upload it back.

Alternatively, you you can setup the key from another Windows machine using (my) WinSCP client, with its Install Public Key into Server function.

See also my answer to Setting up public key authentication to Linux server from Windows (ppk private key).

Martin Prikryl

Posted 2019-06-21T06:33:49.297

Reputation: 13 764

can I just copy the id_rsa.pub to /C:/Users/martin/.ssh/ ? instead of append to authorized_keys ? – Panadol Chong – 2019-06-24T03:44:53.370

No, you cannot. – Martin Prikryl – 2019-06-24T05:49:17.077

Actually the file currently in the Window Sftp server .ssh/ is also name as id_rsa.pub – Panadol Chong – 2019-06-24T06:12:28.027

So do you mean that you have .ssh/id_rsa.pub on the server and no authorized_keys file and you can authorize with the key? – Martin Prikryl – 2019-06-24T07:02:31.877

Yes, I no have the authorized_keys file. I only have id_rsa.pub in the sftp server, and its work as well. – Panadol Chong – 2019-06-24T07:26:40.377

I have tested it now and it does not work. If I rename the authorized_keys to id_rsa.pub, I cannot login any more. If I rename it back to authorized_keys, it works again. – Martin Prikryl – 2019-06-24T08:16:03.413

This is weird, not sure why my place also work. Anyway, I will take note on this. – Panadol Chong – 2019-06-24T09:01:45.660

Didn't you change AuthorizedKeysFile directive in sshd_config? – Martin Prikryl – 2019-06-24T09:07:43.183

No change on this. – Panadol Chong – 2019-06-24T09:09:50.403

Asked: 2019-06-21T06:33:49.297

Viewed: 1 911 times

Active: 2019-09-27T05:25:15.747