Speak now
Please Wait Image Converting Into Text...
Embark on a journey of knowledge! Take the quiz and earn valuable credits.
Challenge yourself and boost your learning! Start the quiz now to earn credits.
Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.
General Tech Bugs & Fixes 2 years ago
Posted on 16 Aug 2022, this text provides information on Bugs & Fixes related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.
Turn Your Knowledge into Earnings.
I am attempting to set up passwordless, passphraseless ssh from a Linux Mint 19.1 host to a Windows 10 host. The Windows 10 host has OpenSSH_for_Windows_7.7p1 on it. This is Microsoft's OpenSSH port.
I am able to set this up for administrator accounts, but unprivileged accounts are not working for me. Administrator accounts are done differently.
I've tried a large number of different things, but here's the one I feel should work, and what goes wrong with it:
I create a /Users/Alden Stromberg/.ssh/authorized_keys file with mkdir and echo > (or mkdir and cygwin vi - same result).
Then I use OpenSSHUtils to attempt to set the correct permissions:
PS C:\Users\Alden Stromberg\.ssh> Import-Module 'C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psd1' PS C:\Users\Alden Stromberg\.ssh> Repair-AuthorizedKeyPermission .\authorized_keys [*] .\authorized_keys 'NT AUTHORITY\SYSTEM' has the following access to '.\authorized_keys': 'Deny'-'ExecuteFile'. Shall I make it Allow FullControl? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Exception calling "SetAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be modified." At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:399 char:17 + $acl.SetAccessRule($ace) + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException 'NT AUTHORITY\SYSTEM' now has FullControl access to '.\authorized_keys'. 'DESKTOP-A31M9SV\None' should not have access to '.\authorized_keys'.. Shall I remove this access? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be modified." At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20 + if(-not ($acl.RemoveAccessRule($ace))) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException 'Everyone' should not have access to '.\authorized_keys'.. Shall I remove this access? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be modified." At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20 + if(-not ($acl.RemoveAccessRule($ace))) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException 'NT SERVICE\sshd' needs Read access to '.\authorized_keys'. Shall I make the above change? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Exception calling "AddAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be modified." At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:564 char:21 + $acl.AddAccessRule($ace) + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException 'NT SERVICE\sshd' now has Read access to '.\authorized_keys'. Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:582 char:9 + Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (C:\Users\Alden ...authorized_keys:String) [Set-Acl], PrivilegeNotHeldException + FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Commands.SetAclCommand Repaired permissions
Hoping to fix the noncanonical ACL, I tried:
icacls.exe .\authorized_keys /reset /T /C /L /Q
...but subsequently rerunning Repair-AuthorizedKeyPermission produces no joy.
What am I doing wrong? Is 0.0.2.0\OpenSSHUtils.psm1 out of date?
For the sake of completeness, here's what worked for administrator accounts:
get-acl c:\ProgramData\ssh\ssh_host_dsa_key | set-acl c:\ProgramData\ssh\administrators_authorized_keys
Thanks!
One way of getting passwordless authentication working for non-administrator accounts, is described at: https://www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/
In short, put these in your sshd_config, uncommenting preexisting com/tag/entries">entries as needed, found under c:\ProgramData\ssh\ PermitRootLogin yes StrictModes no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys IgnoreUserKnownHosts yes
Then "net stop sshd" and "net start sshd".
This probably com/tag/means">means that your authorized_keys is readable by everyone on the computer, but at least it works.
No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.
General Tech 10 Answers
General Tech 7 Answers
General Tech 3 Answers
General Tech 9 Answers
General Tech 2 Answers
Ready to take your education and career to the next level? Register today and join our growing community of learners and professionals.