| OpenSSH
for Windows |
How to use Public Key exchange on Windows OpenSSH (sshd)
A number of people have asked how to setup public key support for opensshd.
Due to the occasional emails I've received on the topic, I wanted to figure
it out myself.
It turns out to be pretty easy to do and requires only a few changes
- Make sure you have installed openssh with the following options
- Install under the SSHD_SERVER account (you should also set the password to something other than the default)
- Choose SSHD privilege seperation - Yes
- Modify /etc/sshd_conf
- StrictModes no
- PubkeyAuthentication yes
- AuthorizedKeysFile .ssh/authorized_keys
- If you modified /etc/sshd_conf, from an administrator cmd prompt or using the service control manager
- net stop opensshd
- net start opensshd
- On the client, execute
- ssh-keygen -t dsa
- then copy id_dsa.pub to $HOME/.ssh/authorized_keys on the server (and remove id_dsa.pub from the $HOME/.ssh on the client)
To summarize:
- id_dsa should be in the client $HOME/.ssh/id_dsa
- id_dsa.pub should be in the server $HOME/.ssh/authorized_keys file (if your id_dsa.pub is the only entry you can just call the file authorized_keys, if it isn't the only entry, then append it to authorized_keys)
- On the client, attempt to
- connect to the server: 'ssh username@foobar' where you should be prompted for the private key password and then connected
If the sshd_server being a login name choice is bothersome to you, you can mask the display of that usernname with the following registry modifications (Vista+)
- reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts"
- reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
- reg add "hklm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /t REG_DWORD /v sshd_server /d 0
If this fails to work for you, please see the link on the left for Notes/Bugs/Fixes and run the client/server in debug mode to attempt to diagnose the problem.
|
|