Grant rights to System and Administrators group icacls.exe administrators_authorized_keys /grant SYSTEM:F Remove inheritance icacls.exe administrators_authorized_keys /inheritance:r OpenSSH will refuse to authenticate you if the rights are not correct on the authorized_key file. icacls.exe administrators_authorized_keys You can use icacls.exe to examine the rights of the file. Change permissions on the authorized_keys. scp id_rsa.pub you are a user, write the content of id_rsa.pub in the file C:\Users\USER\.ssh\authorized_keys. Otherwise, as an admin just create the C:\ProgramData\ssh\administrators_authorized_keys, write in it the content of id_rsa.pub. # AuthorizedKeysFile _PROGRAMDATA_/ssh/administrators_authorized_keys You can remove this exception by commenting the two last lines of sshd_config file. Otherwise, the file check is %USERPROFILE%\.ssh\authorized_keys. On Windows, there is an exception for Administrators and the file checked is C:\ProgramData\ssh\administrators_authorized_keys. In French for example it's BUILTIN\Administrators. The name might change based on your language. whoami /groupsĬheck if you are part of the BUILTIN\Administrators group. ssh-keygenĬheck if the user part of the Administrator group Use ssh-keygen to generate the public key id_rsa.pub and private key id_rsa. The answer might vary based on whether the user is an administrator, and the language of the system. See also my answer to Setting up public key authentication to Linux server from Windows (ppk private key). If you need to append, you can download authorized_keys to the local machine, append it locally and re-upload it back.Īlternatively, you can setup the key from another Windows machine using (my) WinSCP client, with its Install Public Key into Server function. The above is basically, what ssh-copy-id does internally – Except that ssh-copy-id appends the authorized_keys, what plain sftp cannot do. Uploading id_rsa.pub to /C:/Users/martin/.ssh/authorized_keys Particularly if you have no key on the server registered yet, you can just upload the id_rsa.pub file as authorized_keys file: $ sftp 's password: If you want to do that from your local machine, you can do it using sftp. ssh (or Administrator's ssh) folder and the authorized_keys are set so that only a respective Windows account have a write access to the folder and the file and the account that runs the server have a read access.įor details, see my guide for Setting up SSH public key authentication on Win32-OpenSSH. Create authorized_keys file in the folder and add your public key to it.Note that the location of the file for Administrators is overridden in the default sshd_config file to %ALLUSERSPROFILE%\ssh\administrators_authorized_keys. ssh folder in your Windows account profile folder (typically in C:\Users\username\.ssh). I'm aware that you know that, but as there are subtle differences, when doing that on a Windows server, I'll mention it anyway for benefit of other readers. Ssh-copy-id script works only against *nix servers (or servers with *nix emulation), as it internally executes some *nix shell commands on the server (like exec, sh, umask, rm, mkdir, tail, cat, etc).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |