OpenSSH for Windows


    How to use Public Key exchange on Windows OpenSSH (sshd)

    A number of people have asked how to setup public key support for opensshd.
    Due to the occasional emails I've received on the topic, I wanted to figure it out myself.
    It turns out to be pretty easy to do and requires only a few changes

    1. Make sure you have installed openssh with the following options
      1. Install under the SSHD_SERVER account (you should also set the password to something other than the default)
      2. Choose SSHD privilege seperation - Yes
    2. Modify /etc/sshd_conf
      1. StrictModes no
      2. PubkeyAuthentication yes
      3. AuthorizedKeysFile .ssh/authorized_keys
    3. If you modified /etc/sshd_conf, from an administrator cmd prompt or using the service control manager
      1. net stop opensshd
      2. net start opensshd
    4. On the client, execute
      1. ssh-keygen -t dsa
      2. then copy to $HOME/.ssh/authorized_keys on the server (and remove from the $HOME/.ssh on the client)
          To summarize:
        • id_dsa should be in the client $HOME/.ssh/id_dsa
        • should be in the server $HOME/.ssh/authorized_keys file (if your is the only entry you can just call the file authorized_keys, if it isn't the only entry, then append it to authorized_keys)
    5. On the client, attempt to
      1. connect to the server: 'ssh username@foobar' where you should be prompted for the private key password and then connected

    If the sshd_server being a login name choice is bothersome to you, you can mask the display of that usernname with the following registry modifications (Vista+)
    1. reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts"
    2. reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
    3. reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /t REG_DWORD /v sshd_server /d 0

    If this fails to work for you, please see the link on the left for Notes/Bugs/Fixes and run the client/server in debug mode to attempt to diagnose the problem.