Mobile Technologies Web Technologies Digital Marketing Creative Design Career Talk Medical General Tech Interviews Internet Of Things

Embark on a journey of knowledge! Take the quiz and earn valuable credits.

Take A Quiz

Challenge yourself and boost your learning! Start the quiz now to earn credits.

Take A Quiz

Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.

Take A Quiz

Popular Categories

Interview Questions
QuestionBank
Quantitative Aptitude
Engineering
Govt Exams
Digital Marketing
Management
Interviews
All

Windows 10 sshd - passwordless incoming ssh demands a password

General Tech Bugs & Fixes 2 years ago

0 2 0 0 0 tuteeHUB earn credit +10 pts
5 Star Rating 1 Rating
Previous Next

Posted on 16 Aug 2022, this text provides information on Bugs & Fixes related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

tuteehub_quiz

Answers (2)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 2 years ago

 

I am attempting to set up passwordless, passphraseless ssh from a Linux Mint 19.1 host to a Windows 10 host. The Windows 10 host has OpenSSH_for_Windows_7.7p1 on it. This is Microsoft's OpenSSH port.

I am able to set this up for administrator accounts, but unprivileged accounts are not working for me. Administrator accounts are done differently.

I've tried a large number of different things, but here's the one I feel should work, and what goes wrong with it:

I create a /Users/Alden Stromberg/.ssh/authorized_keys file with mkdir and echo > (or mkdir and cygwin vi - same result).

Then I use OpenSSHUtils to attempt to set the correct permissions:

PS C:\Users\Alden Stromberg\.ssh> Import-Module 'C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psd1'

PS C:\Users\Alden Stromberg\.ssh> Repair-AuthorizedKeyPermission .\authorized_keys                                                   
  [*] .\authorized_keys 

'NT AUTHORITY\SYSTEM' has the following access to '.\authorized_keys': 'Deny'-'ExecuteFile'.
Shall I make it Allow FullControl?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "SetAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:399 char:17
+                 $acl.SetAccessRule($ace)
+                 ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT AUTHORITY\SYSTEM' now has FullControl access to '.\authorized_keys'. 

'DESKTOP-A31M9SV\None' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'Everyone' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'NT SERVICE\sshd' needs Read access to '.\authorized_keys'.
Shall I make the above change?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "AddAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:564 char:21
+                     $acl.AddAccessRule($ace)
+                     ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT SERVICE\sshd' now has Read access to '.\authorized_keys'.
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:582 char:9 
+         Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\Alden ...authorized_keys:String) [Set-Acl], PrivilegeNotHeldException      
    + FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Commands.SetAclCommand    

      Repaired permissions

Hoping to fix the noncanonical ACL, I tried:

icacls.exe .\authorized_keys /reset /T /C /L /Q

...but subsequently rerunning Repair-AuthorizedKeyPermission produces no joy.

What am I doing wrong? Is 0.0.2.0\OpenSSHUtils.psm1 out of date?

For the sake of completeness, here's what worked for administrator accounts:

get-acl c:\ProgramData\ssh\ssh_host_dsa_key | set-acl c:\ProgramData\ssh\administrators_authorized_keys

Thanks!

0 views
0 shares
profilepic.png
manpreet 2 years ago

One way of getting passwordless authentication working for non-administrator accounts, is described at: https://www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/

In short, put these in your sshd_config, uncommenting preexisting com/tag/entries">entries as needed, found under c:\ProgramData\ssh\ PermitRootLogin yes StrictModes no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys IgnoreUserKnownHosts yes

Then "net stop sshd" and "net start sshd".

This probably com/tag/means">means that your authorized_keys is readable by everyone on the computer, but at least it works.


0 views   0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Q

What is the full form of NABARD ?

Banking, Finance & Insurance
Q

How to refresh app upon shaking the device?

Mobile Technologies
Q

What are the govt exams after BCA?

Career Talk
Q

TYPO3 v8. Override function in Core class

General Tech
Q

Why do people in India give so much importance to Government jobs?

Commerce & Accounting
Q

<div>zkskKsk</div>

Mobile Technologies 0 Answers
Q

<span style="font-size: 1em;">Qwerty 4</span>

Digital Marketing 0 Answers
Q

<div>What are the key differences between AMOLED and LCD displays in smartphones?</div>

Mobile Technologies 0 Answers
Q

<div>What are the key challenges in Mobile App Development for Cross-Platform Solutions?</div>

Mobile Technologies 0 Answers
Q

who is the smallest man in the world

General Tech 0 Answers

Explore Other Libraries

Blogs Tutorials Question Bank Feeds Careernews

Tags

Windows 10 sshd passwordless incoming ssh password

Important General Tech Links

 Bugs & Fixes
 Technology & Software
 Learning Aids/Tools
 QA/Testing