SSH connection issue : How to change folder / file permissions in Windows similarly to Linux?

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about SSH connection issue : How to change folder / file permissions in Windows similarly to Linux? was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, ssh, permissions, file-permissions, ssh-keys.

I have hard times connecting my local PC through SSH to another remote PC. I set the public key on both machines in the authorized_keys folder following this tutorial : https://help.ubuntu.com/community/SSH/OpenSSH/Keys but i get

permission denied (interactive board, public key)

type of error.
I read that possible solution could be :
/home/<user> or ~/.ssh/authorized_keys permissions are too open by OpenSSH standards. You can get rid of this problem by issuing the following commands to change file / folder permission like in Linux :

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

My question how to alter exactly like the mentioned permissions those relating folders in Windows ?

Thanks !
UPDATE : here’s the logs server side :

Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
5036 2021-10-18 11:16:06.413 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory

While incorrect file permissions can be an issue and they indeed often are, they are not the only cause of login failures.

Rather than trying solutions, please investigate the cause for your problem.
Check for example the ssh server logging for error messages and use those to find an appropriate solution.

If the file permissions on your $env:USERPROFILE.sshauthorized_keys file really are the problem: a really quick search found for example https://stackoverflow.com/a/50502015 which details how to set up ssh with public key authentication on a Windows host.

Setup permissions properly (important!!!):

  1. Run start . to open explorer with the current folder ($env:USERPROFILE.ssh);
  2. Right click authorized_keys, go to Properties -> Security -> Advanced
  3. Click “Disable inheritance”;
  4. Choose “Convert inherited permissions into explicit permissions on this object” when prompted;
  5. (really, really important) Remove all permissions on file except for the SYSTEM and yourself. There must be exactly two
    permission entries on the file. Some guides suggest running the
    Repair-AuthorizedKeyPermission $env:USERPROFILE.sshauthorized_keys
  • this will try to add the sshd user to the permission list and it will break the authentication, so, don’t do that, or at least do not agree on adding the sshd user). Both SYSTEM and yourself should
    have full control over the file.

Also see: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH

Leave a Reply

Your email address will not be published. Required fields are marked *