SSH connection issue : How to change folder / file permissions in Windows similarly to Linux?

Question

I have hard times connecting my local PC through SSH to another remote PC. I set the public key on both machines in the authorized_keys folder following this tutorial : https://help.ubuntu.com/community/SSH/OpenSSH/Keys but i get

permission denied (interactive board, public key)

type of error. I read that possible solution could be : /home/<user> or ~/.ssh/authorized_keys permissions are too open by OpenSSH standards. You can get rid of this problem by issuing the following commands to change file / folder permission like in Linux :

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

My question how to alter exactly like the mentioned permissions those relating folders in Windows ?

Thanks ! UPDATE : here's the logs server side :

Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
5036 2021-10-18 11:16:06.413 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory

@vidarlo where to check the log on the server ? which folder and file to look into? — Patrick Schulz, Oct 17 '21 at 13:37
https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration has information on log path. — vidarlo, Oct 17 '21 at 13:52
OK thanks but it says `if the user belongs to the administrator group, %programdata%/ssh/administrators_authorized_keys is used instead.` what user the client or the server's users where the folder programdata... mentioned here in my comment is located ? — Patrick Schulz, Oct 17 '21 at 14:08
No sry check my new Update, it is about access the public keys on server side, a problem about permissions, (i solved the user problem !) — Patrick Schulz, Oct 18 '21 at 10:06
i know what it says , but why? an ssh connection works but through another software process it returns this error — Patrick Schulz, Oct 18 '21 at 10:31
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/130610/discussion-between-vidarlo-and-patrick-schulz). — vidarlo, Oct 18 '21 at 12:07

anonymous · Answer 1 · 2021-10-17T15:02:11.503

While incorrect file permissions can be an issue and they indeed often are, they are not the only cause of login failures.

Rather than trying solutions, please investigate the cause for your problem.
Check for example the ssh server logging for error messages and use those to find an appropriate solution.

If the file permissions on your $env:USERPROFILE\.ssh\authorized_keys file really are the problem: a really quick search found for example https://stackoverflow.com/a/50502015 which details how to set up ssh with public key authentication on a Windows host.

Setup permissions properly (important!!!):

Run start . to open explorer with the current folder ($env:USERPROFILE\.ssh);

Right click authorized_keys, go to Properties -> Security -> Advanced

Click "Disable inheritance";

Choose "Convert inherited permissions into explicit permissions on this object" when prompted;

(really, really important) Remove all permissions on file except for the SYSTEM and yourself. There must be exactly two permission entries on the file. Some guides suggest running the Repair-AuthorizedKeyPermission $env:USERPROFILE\.ssh\authorized_keys

this will try to add the sshd user to the permission list and it will break the authentication, so, don't do that, or at least do not agree on adding the sshd user). Both SYSTEM and yourself should have full control over the file.

Also see: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH

thanks ! where to check the log on the server ? which folder and file to look into? — Patrick Schulz, Oct 17 '21 at 13:38
also i put the public key pasted in the file __PROGRAMDATA__/ssh/administrators_authorized_keys because client is an admin (this is according to the tutorial) but it appears wrong thing to do according to the SO post you referred me to in your answer — Patrick Schulz, Oct 17 '21 at 13:40
It depends on the version: see https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities — anonymous, Oct 17 '21 at 14:52

SSH connection issue : How to change folder / file permissions in Windows similarly to Linux?

1 Answers1