Install Win32 OpenSSH and Enable Public Key Authentication

Setup of a SFTP server is much more complicated than FTPS. To have a full featured SFTP server, OpenSSH seems to be the only option. The original OpenSSH is for Unix only.  Fortunately Win32 OpenSSH was recently released by Microsoft though for testing only.

 Here I use SFTPServer  as SSH Server while SFTPClient as SSH client.

1. Server side Installation

C:\Program Files (x86)\OpenSSH>net start sshd

https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH

 This tutorials works.

Note 1. Generation and Use of Host Keys

Host keys are generated by .\ssh-keygen.exe -A. Host key are stord in C:\Program Files (x86)\OpenSSH on server.

http://man7.org/linux/man-pages/man1/ssh-keygen.1.html


 -A      For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
             for which host keys do not exist, generate the host keys with
             the default key file path, an empty passphrase, default bits
             for the key type, and default comment.  







Later these host keys will be used by clients. The following is part of content of  C:\Users\username\.ssh\known_hosts on client:





SFTPServer,192.168.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAACCDDzdHAyNTYAAABBBCUDQ8AUzQPT9Q6Xg2wGPxsCvGl4jClm1JmwoCfvwPlHRZYIPah4i2UESvW8RJa97oK8414pSMTdaHRDGUqP1RA=





Actually it's just a copy of content of C:\Program Files (x86)\OpenSSH\ssh_host_ecdsa_key.pub from SFTPServer (see the following):



ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAACCDDzdHAyNTYAAABBBCUDQ8AUzQPT9Q6Xg2wGPxsCvGl4jClm1JmwoCfvwPlHRZYIPah4i2UESvW8RJa97oK8414pSMTdaHRDGUqP1RA= domain\user@SFTPServer




Note 2. At the beginning when I tried  ssh domain\user@SFTPServer, I always got this error:

Connection is reset by SFTPServer at port :22



Fix: delete all key generated by .\ssh-keygen.exe -A and then regenerate them

To debug: ssh -vvv  domain\user@SFTPServer.



Note 3. Don't forget append client's public key to C:\Users\username\.ssh\authorized_keys once client's public key is created. 



See 2.2 Server Side 





2. Client side



https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-examples



For less mess, client is suggested on a different computer.



When launching ssh domain\user@SFTPServer, if  we see error that says server's SSH Host Key is changed, we can simply delete the C:\Users\username\.ssh\known_hosts file on client computer (or  just remove the wrong host from the known_hosts file). Next time when we launching ssh login, the correct host key will be auto-added into the known_hosts file .







Enable public key authentication:


2.1 Client side






    

  • Generate a key pair on the client:
      

    • ssh-keygen -t rsa -f id_rsa
      • 

    

    • 










   Where to store this key pair doesn't matter (I suggests stored in  C:\Program Files (x86)\OpenSSH on client computer)






    

  • Register secured private key with ssh-agent
      

    • powershell -ExecutionPolicy Bypass -File install-sshd.ps1
      • 

    

    • 





  This will install sshd and ssh-agent on client computer though we only need ssh-agent on client.



 (if you like you can run  sc delete sshd to remove the nouse sshd service,  https://technet.microsoft.com/library/cc742045.aspx)







  Go to Control Panel/Service/Find ssh-agent/set to Automatic and start it.






      

    • ssh-add id_rsa 
      • 

    


  This will register private key with ssh-agent (passphrase is required for registration).  



  The benefit of ssh-agent is once registration is done you will no longer need to provide passphrase for login using your private key.



  To list keys added to ssh-agent:


      

    • ssh-add -l
      • 

    






Note






    

  1. When running ssh-add id_rsa, if we see the following error:  "id_rsa' are too open.It  is recommended that your private key files are NOT accessible by others", please remove all other users from permission list of id_rsa but current user (with Read/Write/Excute permission) and Administrators group.
    2. 

  2. 
This step is just an option.  You don't need to register your private key with ssh-agent if logging in with -i privatekeyfile and you are comfortable with answering passphrase each time or you have no passphrase at all.
    

    3. 

  3. 
This step works only for OpenSSH command line (ssh, sftp etc). If we login by coding, e.g. using https://github.com/pelhu/SSH.NET.Core package, we have to specify passphrase in code, fox example:
    

    4. 


         new PrivateKeyAuthenticationMethod(config.UseName, new PrivateKeyFile(stream, config.PassPhrase));


    









    

  • Login using secured private keydir
    • 

      

    • sftp -i .\id_rsa localuser@SFTPServer (workgroup user)
      • 

    • sftp -i .\id_rsa domain\user@SFTPServer (domain user)
      • 

    










 Note: ssh-add if an option.  You don't need to register your private key with ssh-agent if logging in with -i privatekeyfile and you don't care to answer passphrase each time or you have no passphrase.








    

    

    



    

    

    

    

    
2.2 Server side
    

    

    

    

    

    


    

    

    

    


    

    

    

    

Create file C:\Users\username\.ssh\authorized_keys, then append client's public key to the 
    
authorized_keys file, for example:
    

    

    

    
ssh-dss AAAAB3NzaC1kc3MAAAPPPXXXCBAOTdYOWvWleBCMeldPy1a0nyJysmnniMasQjeF73JULv0RK5MtTuo+7gc1sFlifAafmtsQNXTnrtk2vsY/3Zg81LQKJG5by7WAZtV7FFEsBHt/J7OshyYK5H/cThL53IZBACsIFGD8jpvYPVuEYRXNXLwY9sPT9OuO3VfnCt1o7dAAAAFQDfaLmrs9g9HIj0zT6XbNsi6MYvMQAAAIEAqh3hUlaBPPhukm7Lhl+xoqIO3AX2B32FWDj7kuxxsVK9DqfBavfjrlYLo70b4MIMXqmEzuKNcfqpkptVog8teN/yUVzomjmcQoAQkEGkCUesiOxtzCIij3alCLhQvFA2KULKLrc6Liivk5LsronLPqNKOMKDrwNQcSFFOavUC8MAAACBALJnLfSahyz7G7m43HjOuMbX/8XvuUHtSBB5wbDrHyXTuyVrf65cb4AHkaACjVCdkPKdLB6UJ/yYeo7KSMws7PsRcqLZlf+G0tcOpnbVlbACK2/P2d3DE7aBl3th4cMZDuqT2w79USTH27qBkD7KxRWal074M8rxc5j+/GTXlDSm domain\user@SFTPServer
    

    

    

    
ssh-rsa AAAAB3NzaC1yc2EAAAADQQQYYYAQABAAABAQDDDn0OONpywxzO2hKW9u5t+3DqGCTvGquDT0N1nnExVZdAi1KLHCfGqNaMsFpRwlMR7fETumcOorRUL/rcO+WpWBfJLrxJwN9RWt9atTW9Fv566bg3or1qj7GY4+xfReo43rdSDncHBZQjV2vqkM0KrVq/UOzQnTMMQqRqJXoo92HiSuVVuvDhtzuJ0WXRixCxYjdZysEt8pti/uxtXH16s5Tf5ZSdayunjF8zFINya6xLi396a50r62QF3Sgwv+4dTecQjgSZlXxHJr5aPCyDgboM+lXeKe6GdNkmBttzofNXkfvGgEmaI97yuT8M7Da3X1mItBjCLFvyrck2jUu9 domain\user@SFTPClient
    

    
Here the highlighted is client's public key (the exact copy of content of .\id_rsa.pub on client).
    

    

    

    
Note: ssh key type (ssh-dss or ssh-rsa) and the key content are actually in the same line. Here displayed as two separated line only because there is no white-space:nowrap applied to the html markups. We can use notepad to verify this.
    

    

    

    
All done!
    

    

    

    
Now run ssh -i .\id_rsa  domain\user@SFTPServer, you should no longer be asked for password if you have a good luck.
    

    

    

    

    

    

    

    

    

    

    

    


    

    

    

    


    Comments
    

    




    

    1. AnonymousThursday, April 07, 2022 10:31:00 am
      Install Win32 Openssh And Enable Public Key Authentication >>>>> Download Now

      >>>>> Download Full

      Install Win32 Openssh And Enable Public Key Authentication >>>>> Download LINK

      >>>>> Download Now

      Install Win32 Openssh And Enable Public Key Authentication >>>>> Download Full

      >>>>> Download LINK Kk 
      ReplyDelete
    

    

    

    

    


    Post a Comment
    





    

    

    

    

    

    

    
Popular posts from this blog

    

    

    

    

    Use GnuPG Tools or C# Code for PGP Encryption and Signature
    

    

    







    

    

    

    

    
For PGP encryption and signature, usually we use PGP command line tools for test purpose and finally use C# application for production.   Mine is a Net Core 2.0 console application using NuGet package PgpCore,  https://github.com/mattosaurus/PgpCore. PgpCore is based on BouncyCastle.NetCore which supports the standard OpenPGP keys. Here w use the popular GnuPG (GPG) tools to generate OpenPGP key pair.    Download and Install GPG for Windows  Download from  https://gpg4win.org/download.html . By default the installation will create two folders (here we use command line tools only):     Gpg4Win UI (Kleopatra): C:\Program Files (x86)\Gpg4win   Command line tools: C:\Program Files (x86)\GnuPG\bin      Generate a GPG Key Pair  For GnuPG 2.2.1 and above:      C:\Program Files (x86)\GnuPG\bin> gpg --full-generate-key  For old versions of GnuPG:      C:\Program Files (x86)\GnuPG\bin> gpg --gen-key     Common GPG Commands  List public keys: gpg --list-key or gpg -k  List private keys: gpg

    


    

    

Read more


    

    

    

    

    Errors in Net Core Add-Migration
    

    

    







    

    

    

    

    
Visual Studio 2017 version 15.5.2, Net Core 2.   Add-Migration error:   Exception calling "SetData" with "2" argument(s): "Type   'Microsoft.VisualStudio.ProjectSystem.VS.Implementation.Package.Automation.OAProject' in   assembly 'Microsoft.VisualStudio.ProjectSystem.VS.Implementation, Version=15.0.0.0,   Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' is not marked as serializable."  At C:\Users\wanj\.nuget\packages\entityframework\6.2.0\tools\EntityFramework.psm1:720 char:5  +     $domain.SetData('project', $project)  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException      + FullyQualifiedErrorId : SerializationException   Exception calling "SetData" with "2" argument(s): "Type   'Microsoft.VisualStudio.ProjectSystem.VS.Implementation.Package.Automation.OAProject' in   assembly 'Microsoft.VisualStudio.ProjectSystem.VS.Impl

    


    

    

Read more


    

    

    

    

    Confusing Concepts about SFTP: SSH2 vs OpenSSH
    

    

    







    

    

    

    

    
Credit and copied from https://dada.tw/2008/01/03/70/       Terminology: SSH Protocols and Products  SSH     A generic term referring to SSH protocols or software products. SSH-1     The SSH protocol, Version 1. This protocol went through several     revisions, of which 1.3 and 1.5 are the best known, and we will     write SSH-1.3 and SSH-1.5 should the distinction be necessary. SSH-2     The SSH protocol, Version 2, as defined by several draft standards     documents of the IETF SECSH working group. SSH1     Tatu Ylönen's software implementing the SSH-1 protocol; the original     SSH. Now distributed and maintained (minimally) by SSH     Communications Security, Inc. SSH2     The "SSH Secure Shell" product from SSH Communications Security, Inc.     This is a commercial SSH-2 protocol implementation, though it is     licensed free of charge in some circumstances. ssh (all lowercase letters)     A client program included in SSH1, SSH2, OpenSSH, F-Secure SSH, and     other 

    


    

    

Read more