Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Key based passwordless authentication to Microsoft Windows OpenSSH Server

This is a second part of  OpenSSH Server configuration for Windows. In this part I am generating private and public keys, which will be used to login into Windows OpenSSH server. When using key based authentication on OpenSSH, you don't need to provide a password to connect Windows Server over OpenSSH (This is for Linux SSH server as well).

To start configuring password less OpenSSH server on Windows system, locate and open file C:\ProgramData\ssh\sshd_config. After opening sshd_config file, search below settings and configure them as shown.

Remove comment # in the line.
PubkeyAuthentication yes

Disable Password Authentication and set to no
PasswordAuthentication no

Part 1: OpenSSH Server configuration for Windows
Part 2: Key based passwordless authentication to Microsoft Windows OpenSSH Server
Part 3: Configuring Ansible to Manage Windows Servers via OpenSSH

After making changes to file sshd_config, Restart OpenSSH SSH server (sshd) service.

Microsoft Windows ProgramData ssh openssh server sshd_config ssh_host_key configuratyion pukeyauthentication yes passwordauthentication no sshd service restart reload ansible winrm ssh windows.png

Now login to Linux system and run command ssh-keygen which will generate public/private key pair. For further setup I pressing enter without giving any input, which will all use defaults. Key pair files will be created in default location inside .ssh folder in the user profile. I am not providing any passphrase to keys. As shown in the below screenshot.

Microsoft windows OPENSSH server ssh-keygen public and private key key based password less authentication login configuration key fingerprint windows openssh server ansible configuration windows devops.png

Just to be noted here on your system generated key pair file names might be different. Next see the content of .pub extension file, I am using putty so I can copy the public key content, which will be used in next step.

Microsoft windows openssh server ssl public private key configuration passwordless ssh id copy ansible devops winrm configuration esxi virtualmachine ssh configutration setup sshd_config windows.png

Next go to windows OpenSSH server, create a new file administrators_authorized_keys under folder C:\ProgramData\ssh on Windows Server. (When creating new file make sure you enable file name extensions to unhide extension of file, if extension exists remove it from file)

Microsoft windows OPENSSH server sshd_config ProgramData administrators_authorized_keys sftp-server ssh_host key rsa ecdsa sshd.pid sshd_config ansible devops powershell sshd openssh server client linux cmd .png

Open file administrators_authorized_keys and copy public key, earlier copied from Linux system and paste in the administrators_authorized_keys file.

Microsoft windows openssh server configuration programdata ssh administrators_authorized_keys ssh-keygen ssh-keys .ssh sshd_config ansible devops host rsa key winrm configuration.png

Next is crucial step of changing the file security permissions of administrators_authorized_keys. By running below commands you can provide correct permission in one go. At the moment of testing only one user can have access to file and login through ssh. 

icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:F
icacls C:\ProgramData\ssh\administrators_authorized_keys /grant "$(($env:USERNAME).tolower()):F"

After assigning security permissions, you can check what kind permission is assigned under Advanced Security Settings to administratos_authorized_keys. First it Disable inheritance and Provide full control access to System and Administrator (logged in user) and make Owner to Administrator user (logged in user).

Microsoft Windows Openssh server administrators authorized keys icacles configuration and usage whoami ansible devops ssh windows permission programdata ssh.png

Windows OpenSSH server is setup and configured for password less login. You can test it as shown in the below screenshot with ssh command on Linux
(I am using the user who has sole security permission on administrators_authorized_keys file, in my case it is administrator). While login it doesn't prompt or ask for any password. Authentication is happening using public/private keys pair.

microsoft windows powershell over openssh ssh configuration ssh id_rsa-pub public private key configuration password less ssh windows to windows login configuration ansible devops.png

Useful Articles
Executing PowerShell script from PHP HTML web server
Send system disk space utilization HTML report Email using PowerShell
Send Email using PowerShell with .net object System.Net.Mail.MailMessage
PowerShell XML OperationStopped: No coercion operator is defined between types 'System.Object&' and 'System.Object'
Powershell Create new file if not exist, if exist Rename file
PowerShell Create XML document with XmlWriter .net object
PowerShell save export data to XML file
Bulk change multiple file names with OneLiner PowerShell command
Resolved PowerShell Visual studio code stuck with 'Starting up PowerShell' in status bar
Building basic simple Web Server using PowerShell
Running Your First PowerShell Scripts With Jenkins and Git
Git clone or push Missing or invalid credentials fatal authentication failed
PowerShell How to find file and folders in Azure Storage Account Blobs and Containers
PowerShell GUI get patch updates information with disk space and uptime

Go Back

 Posted in Microsoft Windows Server
  Tags microsoft windows openssh devops powershell

Comment

Blog Search

Page Views

12716089

Archive

Comments

Follow me on Blogarama