Difference between revisions of "windows ssh server guide"

From thelinuxwiki
Jump to: navigation, search
(test/use it)
(public key auth)
Line 50: Line 50:
 
==public key auth==
 
==public key auth==
  
this part was a beating.
+
this part was a beating. It didn't work out of the box.
 +
 
 +
error from ssh log file...
 +
11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth]
 +
11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth]
 +
11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys
 +
11536 2022-08-26 17:58:35.963 Authentication refused.
 +
 
 +
 
  
 
For sshd-config do the following changes:
 
For sshd-config do the following changes:

Revision as of 23:43, 26 August 2022

Contents

supported windows versions

OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.

intallation

goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install

sshd_config

edit sshd_config

location %programdata%\ssh\sshd_config i.e. C:\ProgramData\ssh\sshd_config

add allow and/or deny directive lines to the file

a simple example...

AllowUsers mydomain\johnsmith@*

this will allow the domain account johnsmith to ssh in from any IP address (due to the * after the @)

and because I hate Event viewer, I want ssh to log to a file

to configure, add or modify a line as follows...

SyslogFacility LOCAL0

then it logs to the directory %programdata%\ssh\logs or c:\ProgramData\ssh\logs\sshd.log file.

RESTART ssh service after every change for it to take effect!!!

for more complete instructions see OpenSSH Server Configuration for Windows 10 1809 and Server 2019

service startup

for automatic start on boot...

go to Computer Management > Services > OpenSSH SSH Server

set startup type to Automatic.

also, start the service if you want to start using it.

test/use it

example...

$ ssh johnsmith@192.168.1.1

mydomain\johnsmith@myexamplehost C:\Users\johnsmith>

public key auth

this part was a beating. It didn't work out of the box.

error from ssh log file...

11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth]
11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth]
11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys
11536 2022-08-26 17:58:35.963 Authentication refused.


For sshd-config do the following changes:

Comment this one:

#Match Group administrators
#      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Uncomment or add line to sshd_config:

PubkeyAuthentication yes

Then open PowerShell as Admin and restart service:

Restart-Service sshd

Then through GUI. For .ssh folder and authorized_keys file do the following:

Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object.
Then delete all users(groups) except:
System
Administrators
current user