Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] ssh from linux to windows 11 using id_rsa.pub key
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB

PostPosted: Mon Jan 08, 2024 3:59 am    Post subject: [SOLVED] ssh from linux to windows 11 using id_rsa.pub key Reply with quote

I installed openssh on windows 11, copied id_rsa.pub key to user directory .ssh\authorized_key
but when I try to ssh to it, it asking me for password.
It doesn't recognize public key.

Code:
ssh -vv "Glen Server"@10.0.0.130
OpenSSH_9.5p1, OpenSSL 1.1.1u  30 May 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo-security.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo.conf
debug2: resolve_canonicalize: hostname 10.0.0.130 is address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 10.0.0.130 [10.0.0.130] port 22.
debug1: Connection established.
debug1: identity file /home/joseph/.ssh/id_rsa type 0
debug1: identity file /home/joseph/.ssh/id_rsa-cert type -1
debug1: identity file /home/joseph/.ssh/id_ecdsa type -1
debug1: identity file /home/joseph/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/joseph/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/joseph/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/joseph/.ssh/id_ed25519 type -1
debug1: identity file /home/joseph/.ssh/id_ed25519-cert type -1
debug1: identity file /home/joseph/.ssh/id_ed25519_sk type -1
debug1: identity file /home/joseph/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/joseph/.ssh/id_xmss type -1
debug1: identity file /home/joseph/.ssh/id_xmss-cert type -1
debug1: identity file /home/joseph/.ssh/id_dsa type -1
debug1: identity file /home/joseph/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.6
debug1: compat_banner: match: OpenSSH_for_Windows_8.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.0.130:22 as 'Glen Server'
debug1: load_hostkeys: fopen /home/joseph/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:QYa5gxzpFe+T+AqmAzxWbAK4JgQ+EdhncxoZSW4Fi0g
debug2: ssh_krl_from_blob: bad KRL magic header
debug1: load_hostkeys: fopen /home/joseph/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.0.0.130' is known and matches the ED25519 host key.
debug1: Found key in /home/joseph/.ssh/known_hosts:41
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/joseph/.ssh/id_xmss
debug1: Will attempt key: /home/joseph/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/joseph/.ssh/id_ed25519
debug1: Trying private key: /home/joseph/.ssh/id_ed25519_sk
debug1: Trying private key: /home/joseph/.ssh/id_xmss
debug1: Trying private key: /home/joseph/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
Glen Server@10.0.0.130's password:


I don't know why I get error message: debug1: Authenticating to 10.0.0.130:22 as 'Glen Server'
debug1: load_hostkeys: fopen /home/joseph/.ssh/known_hosts2: No such file or directory

I have in .ssh/known_host file and it works perfectly fine with local and remote linux compuers. Even though I get a similar message.
Code:
debug1: Authenticating to 10.0.0.100:22 as 'joseph'
debug1: load_hostkeys: fopen /home/joseph/.ssh/known_hosts2: No such file or directory


Last edited by Joseph_sys on Mon Jan 08, 2024 6:01 pm; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22657

PostPosted: Mon Jan 08, 2024 4:10 am    Post subject: Reply with quote

The server is not accepting the ssh rsa key sent by the client. You said you copied it to .ssh\authorized_key. Is this a typo? The canonical name is authorized_keys, plural. This could have been changed on the server.
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB

PostPosted: Mon Jan 08, 2024 5:26 am    Post subject: Reply with quote

Hu wrote:
The server is not accepting the ssh rsa key sent by the client. You said you copied it to .ssh\authorized_key. Is this a typo? The canonical name is authorized_keys, plural. This could have been changed on the server.


It was my typo, on Windows in user .ssh\ folder the file is called "authorized_keys"
I even copy the id_rsa.pub to windows and rename it to authorized_keys and move it to .ssh folder; it did not help.
It still asking me for a password, instead of using the key.
Back to top
View user's profile Send private message
Banana
Moderator
Moderator


Joined: 21 May 2004
Posts: 1734
Location: Germany

PostPosted: Mon Jan 08, 2024 6:33 am    Post subject: Reply with quote

There are windows documentation pages available: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview

I suspect some format problems.

also authorized_keys is a file, not a directory. The public contents (.pub) of your private ssh key needs to be copied (each line one key) into this file.
_________________
Forum Guidelines

PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire
Back to top
View user's profile Send private message
flexibeast
Guru
Guru


Joined: 04 Apr 2022
Posts: 451
Location: Naarm/Melbourne, Australia

PostPosted: Mon Jan 08, 2024 6:59 am    Post subject: Reply with quote

The part of the output that stands out to me is:
Code:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/joseph/.ssh/id_ed25519
debug1: Trying private key: /home/joseph/.ssh/id_ed25519_sk
debug1: Trying private key: /home/joseph/.ssh/id_xmss
debug1: Trying private key: /home/joseph/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive

i don't claim to be an expert in the SSH protocol, but given the line:
Code:
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA

shouldn't there perhaps be a line along the lines of:
Code:
Trying private key: /home/joseph/.ssh/id_rsa

?

Also, as an aside, because of the Terrapin attack on SSH, you should configure the server to disable the chacha20-poly1305 cipher:
Code:
Ciphers -chacha20-poly1305@openssh.com
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB

PostPosted: Mon Jan 08, 2024 7:32 am    Post subject: Reply with quote

flexibeast wrote:
The part of the output that stands out to me is:
Code:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/joseph/.ssh/id_ed25519
debug1: Trying private key: /home/joseph/.ssh/id_ed25519_sk
debug1: Trying private key: /home/joseph/.ssh/id_xmss
debug1: Trying private key: /home/joseph/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive

i don't claim to be an expert in the SSH protocol, but given the line:
Code:
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA

shouldn't there perhaps be a line along the lines of:
Code:
Trying private key: /home/joseph/.ssh/id_rsa

?

Also, as an aside, because of the Terrapin attack on SSH, you should configure the server to disable the chacha20-poly1305 cipher:
Code:
Ciphers -chacha20-poly1305@openssh.com



Indeed, the output looks different connecting between Linux to Linux box vs. Linux to Windows

This is Linux to Linux connection (that works):
Code:
debug1: Will attempt key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/joseph/.ssh/id_xmss
debug1: Will attempt key: /home/joseph/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
Authenticated to 10.0.0.100 ([10.0.0.100]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.


This is Linux to Windows connection (doesn't work):
Code:
debug1: Will attempt key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa
debug1: Will attempt key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519
debug1: Will attempt key: /home/joseph/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/joseph/.ssh/id_xmss
debug1: Will attempt key: /home/joseph/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/joseph/.ssh/id_rsa RSA SHA256:EvqXgos71bYzS4qZP3q8dgMF1FTKamTvtJtR1lTrkng
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa
debug1: Trying private key: /home/joseph/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/joseph/.ssh/id_ed25519
debug1: Trying private key: /home/joseph/.ssh/id_ed25519_sk
debug1: Trying private key: /home/joseph/.ssh/id_xmss
debug1: Trying private key: /home/joseph/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password


Somehow, the RSA key is not getting through to Windows ssh session; but connection ssh + password works.
So I'm puzzled why RSA key doesn't!

Windows is being offered "public key" but it trying "private key" why?
Back to top
View user's profile Send private message
flexibeast
Guru
Guru


Joined: 04 Apr 2022
Posts: 451
Location: Naarm/Melbourne, Australia

PostPosted: Mon Jan 08, 2024 7:53 am    Post subject: Reply with quote

Joseph_sys wrote:
Windows is being offered "public key" but it trying "private key" why?

Both parts are needed. The way that the system works is that the private key of the person trying to log in needs to mathematically 'match' their public key as per the relevant entry in the authorized_keys file on the server.

i might well be wrong, but to hazard a guess, it might be that the server doesn't accept rsa keys (i.e. in its value of 'PubkeyAcceptedAlgorithms', e.g. 'ssh-rsa'); you can check this by examining the output of:

Code:
ssh -Q PubkeyAcceptedAlgorithms <Windows box IP>

More generally, you should check the logs of the ssh daemon on the Windows machine, to check what it might or might not be accepting.
Back to top
View user's profile Send private message
sMueggli
Guru
Guru


Joined: 03 Sep 2022
Posts: 496

PostPosted: Mon Jan 08, 2024 10:06 am    Post subject: Reply with quote

You have installed the ssh server part on Windows 11? Please share the sshd_config file.

Is the Windows user you try to connect part of the Windows group "Administrators"?
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB

PostPosted: Mon Jan 08, 2024 5:31 pm    Post subject: Reply with quote

sMueggli wrote:
You have installed the ssh server part on Windows 11? Please share the sshd_config file.

Is the Windows user you try to connect part of the Windows group "Administrators"?


Yes, I installed Windows 11 server, here is sshd_config:
Code:
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile   .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# GSSAPI options
#GSSAPIAuthentication no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem   sftp   sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys


And yes, Windows user is in Admin group as well:
Code:
PS C:\Users\Glen Server> net user "Glen Server"
User name                    Glen Server
...
Local Group Memberships      *Administrators
Global Group memberships     *None



PS C:\Users\Glen Server> Get-LocalGroupMember -Group "Administrators"

ObjectClass Name                    PrincipalSource
----------- ----                    ---------------
User        server\Administrator    Local
User        server\Glen Server       Local
Back to top
View user's profile Send private message
sMueggli
Guru
Guru


Joined: 03 Sep 2022
Posts: 496

PostPosted: Mon Jan 08, 2024 5:44 pm    Post subject: Reply with quote

If I understand the official documentation (https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#administrative-user) correctly, the pubkeys of administrators have to be placed in %PROGRAMDATA%\ssh\administrators_authorized_keys and not under the user profile.
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB

PostPosted: Mon Jan 08, 2024 6:01 pm    Post subject: Reply with quote

sMueggli wrote:
If I understand the official documentation (https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#administrative-user) correctly, the pubkeys of administrators have to be placed in %PROGRAMDATA%\ssh\administrators_authorized_keys and not under the user profile.


Right on, thank you!!!
Copied key to this file, restart sshd on Windows and now ssh login is working.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum