Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 27, 2020 6:37 PM
I installed OpenSSH server on Windows 10 because i want move files through sftp. I have a admin user and two simple user, and i used this installation and setup metode:
https://github.com/HealisticEngineer/Powershell/blob/master/InstallOpenSSH.ps1
Now this is my sshd_config file:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
#Match Group administrators
#AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Almost everything works, what i want, but only the admin user can connect with key, the other user can't. If I trying connect with other user, winscp write me, the server refused the key.
Bit it's workd with admin user, and his key.
My question is:
What I have to do, that all user will be able connect with key? How I have to configure sshd_config?
Thank you in advance for any help!
All replies (5)
Sunday, March 29, 2020 5:58 PM ✅Answered
I got it working on my VM. My problem that Powershell's Repair-AuthorizedKeyPermission cmdlet added access for the sshd account. My service is running as system.
I found that by turning on debug logging.
SyslogFacility LOCAL0
LogLevel DEBUG3
Log is c:\ProgramData\ssh\logs\sshd.log
Monday, April 6, 2020 3:10 PM ✅Answered
Thanks for your help. After I turned on the log and debugging, i find the problem in the log file.
That was the problem:
Bad permissions. Try removing permissions for user: S-1-5-21-2990498608-1551036637-625011070-1003 on file C:/Users/User/.ssh/authorized_keys.
So I set the right permission for ".ssh" folder and "authorized_keys" file, and finally it's worked. The key based authentication worked with the user. I connected successfully to the server using winscp.
Saturday, March 28, 2020 1:49 PM
I think that you just need one more line at the end.
AllowGroups users
Sunday, March 29, 2020 2:07 PM
I thought about it and I tried it, but unfortunately that didn't solve it.
I created windows 10 and server 2019 virtual machine in vmware, to test the OpenSSH configuration. The result is that the problem exist on Windows 10 machine with the same OpenSSH configurations but it works on the windows server 2019 machine.
It's very interesting to me, I don't really understand why.
I think I should use windows server or any linux server or freenas os. But I'm still trying to find a solution, because in principle it should work.
Monday, April 6, 2020 3:18 PM
Yep, same problem I had.