Install Win32 OpenSSH and Enable Public Key Authentication
Setup of a SFTP server is much more complicated than FTPS. To have a full featured SFTP server, OpenSSH seems to be the only option. The original OpenSSH is for Unix only. Fortunately Win32 OpenSSH was recently released by Microsoft though for testing only.
Here I use SFTPServer as SSH Server while SFTPClient as SSH client.
https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
This tutorials works.
http://man7.org/linux/man-pages/man1/ssh-keygen.1.html
Fix: delete all key generated by .\ssh-keygen.exe -A and then regenerate them
To debug: ssh -vvv domain\user@SFTPServer.
Note 3. Don't forget append client's public key to C:\Users\username\.ssh\authorized_keys once client's public key is created.
See 2.2 Server Side
https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-examples
For less mess, client is suggested on a different computer.
When launching ssh domain\user@SFTPServer, if we see error that says server's SSH Host Key is changed, we can simply delete the C:\Users\username\.ssh\known_hosts file on client computer (or just remove the wrong host from the known_hosts file). Next time when we launching ssh login, the correct host key will be auto-added into the known_hosts file .
2.1 Client side
This will install sshd and ssh-agent on client computer though we only need ssh-agent on client.
(if you like you can run sc delete sshd to remove the nouse sshd service, https://technet.microsoft.com/library/cc742045.aspx)
Here I use SFTPServer as SSH Server while SFTPClient as SSH client.
1. Server side Installation
C:\Program Files (x86)\OpenSSH>net start sshdhttps://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
This tutorials works.
Note 1. Generation and Use of Host Keys
Host keys are generated by .\ssh-keygen.exe -A. Host key are stord in C:\Program Files (x86)\OpenSSH on server.http://man7.org/linux/man-pages/man1/ssh-keygen.1.html
-A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
for which host keys do not exist, generate the host keys with
the default key file path, an empty passphrase, default bits
for the key type, and default comment.
Later these host keys will be used by clients. The following is part of content of C:\Users\username\.ssh\known_hosts on client:
SFTPServer,192.168.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAACCDDzdHAyNTYAAABBBCUDQ8AUzQPT9Q6Xg2wGPxsCvGl4jClm1JmwoCfvwPlHRZYIPah4i2UESvW8RJa97oK8414pSMTdaHRDGUqP1RA=
Later these host keys will be used by clients. The following is part of content of C:\Users\username\.ssh\known_hosts on client:
Actually it's just a copy of content of C:\Program Files (x86)\OpenSSH\ssh_host_ecdsa_key.pub from SFTPServer (see the following):
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAACCDDzdHAyNTYAAABBBCUDQ8AUzQPT9Q6Xg2wGPxsCvGl4jClm1JmwoCfvwPlHRZYIPah4i2UESvW8RJa97oK8414pSMTdaHRDGUqP1RA= domain\user@SFTPServer
Note 2. At the beginning when I tried ssh domain\user@SFTPServer, I always got this error:
Connection is reset by SFTPServer at port :22Fix: delete all key generated by .\ssh-keygen.exe -A and then regenerate them
To debug: ssh -vvv domain\user@SFTPServer.
Note 3. Don't forget append client's public key to C:\Users\username\.ssh\authorized_keys once client's public key is created.
See 2.2 Server Side
2. Client side
https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-examples
For less mess, client is suggested on a different computer.
When launching ssh domain\user@SFTPServer, if we see error that says server's SSH Host Key is changed, we can simply delete the C:\Users\username\.ssh\known_hosts file on client computer (or just remove the wrong host from the known_hosts file). Next time when we launching ssh login, the correct host key will be auto-added into the known_hosts file .
Enable public key authentication:
2.1 Client side
- Generate a key pair on the client:
ssh-keygen -t rsa -f id_rsa
Where to store this key pair doesn't matter (I suggests stored in C:\Program Files (x86)\OpenSSH on client computer)
- Register secured private key with ssh-agent
powershell -ExecutionPolicy Bypass -File install-sshd.ps1
This will install sshd and ssh-agent on client computer though we only need ssh-agent on client.
(if you like you can run sc delete sshd to remove the nouse sshd service, https://technet.microsoft.com/library/cc742045.aspx)
Go to Control Panel/Service/Find ssh-agent/set to Automatic and start it.
The benefit of ssh-agent is once registration is done you will no longer need to provide passphrase for login using your private key.
To list keys added to ssh-agent:
Note
- ssh-add id_rsa
The benefit of ssh-agent is once registration is done you will no longer need to provide passphrase for login using your private key.
To list keys added to ssh-agent:
- ssh-add -l
Note
- When running ssh-add id_rsa, if we see the following error: "id_rsa' are too open.It is recommended that your private key files are NOT accessible by others", please remove all other users from permission list of id_rsa but current user (with Read/Write/Excute permission) and Administrators group.
- This step is just an option. You don't need to register your private key with ssh-agent if logging in with -i privatekeyfile and you are comfortable with answering passphrase each time or you have no passphrase at all.
- This step works only for OpenSSH command line (ssh, sftp etc). If we login by coding, e.g. using https://github.com/pelhu/SSH.NET.Core package, we have to specify passphrase in code, fox example:
- Login using secured private keydir
sftp -i .\id_rsa localuser@SFTPServer(workgroup user)sftp -i .\id_rsa domain\user@SFTPServer(domain user)
Note: ssh-add if an option. You don't need to register your private key with ssh-agent if logging in with -i privatekeyfile and you don't care to answer passphrase each time or you have no passphrase.
2.2 Server side
Create file C:\Users\username\.ssh\authorized_keys, then append client's public key to the
authorized_keys file, for example:
ssh-dss AAAAB3NzaC1kc3MAAAPPPXXXCBAOTdYOWvWleBCMeldPy1a0nyJysmnniMasQjeF73JULv0RK5MtTuo+7gc1sFlifAafmtsQNXTnrtk2vsY/3Zg81LQKJG5by7WAZtV7FFEsBHt/J7OshyYK5H/cThL53IZBACsIFGD8jpvYPVuEYRXNXLwY9sPT9OuO3VfnCt1o7dAAAAFQDfaLmrs9g9HIj0zT6XbNsi6MYvMQAAAIEAqh3hUlaBPPhukm7Lhl+xoqIO3AX2B32FWDj7kuxxsVK9DqfBavfjrlYLo70b4MIMXqmEzuKNcfqpkptVog8teN/yUVzomjmcQoAQkEGkCUesiOxtzCIij3alCLhQvFA2KULKLrc6Liivk5LsronLPqNKOMKDrwNQcSFFOavUC8MAAACBALJnLfSahyz7G7m43HjOuMbX/8XvuUHtSBB5wbDrHyXTuyVrf65cb4AHkaACjVCdkPKdLB6UJ/yYeo7KSMws7PsRcqLZlf+G0tcOpnbVlbACK2/P2d3DE7aBl3th4cMZDuqT2w79USTH27qBkD7KxRWal074M8rxc5j+/GTXlDSm domain\user@SFTPServer
Here the highlighted is client's public key (the exact copy of content of .\id_rsa.pub on client).
ssh-rsa AAAAB3NzaC1yc2EAAAADQQQYYYAQABAAABAQDDDn0OONpywxzO2hKW9u5t+3DqGCTvGquDT0N1nnExVZdAi1KLHCfGqNaMsFpRwlMR7fETumcOorRUL/rcO+WpWBfJLrxJwN9RWt9atTW9Fv566bg3or1qj7GY4+xfReo43rdSDncHBZQjV2vqkM0KrVq/UOzQnTMMQqRqJXoo92HiSuVVuvDhtzuJ0WXRixCxYjdZysEt8pti/uxtXH16s5Tf5ZSdayunjF8zFINya6xLi396a50r62QF3Sgwv+4dTecQjgSZlXxHJr5aPCyDgboM+lXeKe6GdNkmBttzofNXkfvGgEmaI97yuT8M7Da3X1mItBjCLFvyrck2jUu9 domain\user@SFTPClient
Here the highlighted is client's public key (the exact copy of content of .\id_rsa.pub on client).
Note: ssh key type (ssh-dss or ssh-rsa) and the key content are actually in the same line. Here displayed as two separated line only because there is no white-space:nowrap applied to the html markups. We can use notepad to verify this.
All done!
Now run ssh -i .\id_rsa domain\user@SFTPServer, you should no longer be asked for password if you have a good luck.
Install Win32 Openssh And Enable Public Key Authentication >>>>> Download Now
ReplyDelete>>>>> Download Full
Install Win32 Openssh And Enable Public Key Authentication >>>>> Download LINK
>>>>> Download Now
Install Win32 Openssh And Enable Public Key Authentication >>>>> Download Full
>>>>> Download LINK Kk