Score:0

Server

SSH connection issue : How to change folder / file permissions in Windows similarly to Linux?

Patrick Schulz

2/17/23, 1:14 PM

I have hard times connecting my local PC through SSH to another remote PC. I set the public key on both machines in the authorized_keys folder following this tutorial : https://help.ubuntu.com/community/SSH/OpenSSH/Keys but i get

permission denied (interactive board, public key)

type of error. I read that possible solution could be : /home/<user> or ~/.ssh/authorized_keys permissions are too open by OpenSSH standards. You can get rid of this problem by issuing the following commands to change file / folder permission like in Linux :

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

My question how to alter exactly like the mentioned permissions those relating folders in Windows ?

Thanks ! UPDATE : here's the logs server side :

Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
5036 2021-10-18 11:16:06.413 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory

562

0 + 0

windows

permissions

ssh

file-permissions

ssh-keys

vidarlo

2/17/23, 1:36 PM

Check the server's logs for *why*.

Patrick Schulz

2/17/23, 1:37 PM

@vidarlo where to check the log on the server ? which folder and file to look into?

vidarlo

2/17/23, 1:52 PM

https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration has information on log path.

Patrick Schulz

2/17/23, 2:08 PM

OK thanks but it says `if the user belongs to the administrator group, %programdata%/ssh/administrators_authorized_keys is used instead.` what user the client or the server's users where the folder programdata... mentioned here in my comment is located ?

Patrick Schulz

2/18/23, 8:18 AM

@vidarlo check my update for the logs!

vidarlo

2/18/23, 9:57 AM

It says invalid user. Does the user exist?

Patrick Schulz

2/18/23, 10:06 AM

No sry check my new Update, it is about access the public keys on server side, a problem about permissions, (i solved the user problem !)

vidarlo

2/18/23, 10:13 AM

It says `No such file or directory`.

Patrick Schulz

2/18/23, 10:31 AM

i know what it says , but why? an ssh connection works but through another software process it returns this error

vidarlo

2/18/23, 12:07 PM

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/130610/discussion-between-vidarlo-and-patrick-schulz).

Score:1

Server

anonymous

2/17/23, 1:31 PM

While incorrect file permissions can be an issue and they indeed often are, they are not the only cause of login failures.

Rather than trying solutions, please investigate the cause for your problem.
Check for example the ssh server logging for error messages and use those to find an appropriate solution.

If the file permissions on your $env:USERPROFILE\.ssh\authorized_keys file really are the problem: a really quick search found for example https://stackoverflow.com/a/50502015 which details how to set up ssh with public key authentication on a Windows host.

Setup permissions properly (important!!!):

Run start . to open explorer with the current folder ($env:USERPROFILE\.ssh);

Right click authorized_keys, go to Properties -> Security -> Advanced

Click "Disable inheritance";

Choose "Convert inherited permissions into explicit permissions on this object" when prompted;

(really, really important) Remove all permissions on file except for the SYSTEM and yourself. There must be exactly two permission entries on the file. Some guides suggest running the Repair-AuthorizedKeyPermission $env:USERPROFILE\.ssh\authorized_keys

this will try to add the sshd user to the permission list and it will break the authentication, so, don't do that, or at least do not agree on adding the sshd user). Both SYSTEM and yourself should have full control over the file.

Also see: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH

0 + 0

Patrick Schulz

2/17/23, 1:38 PM

thanks ! where to check the log on the server ? which folder and file to look into?

Patrick Schulz

2/17/23, 1:40 PM

also i put the public key pasted in the file __PROGRAMDATA__/ssh/administrators_authorized_keys because client is an admin (this is according to the tutorial) but it appears wrong thing to do according to the SO post you referred me to in your answer

anonymous

2/17/23, 2:52 PM

It depends on the version: see https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSH connection issue : How to change folder / file permissions in Windows similarly to Linux?

TH: ปัญหาการเชื่อมต่อ SSH : จะเปลี่ยนการอนุญาตโฟลเดอร์ / ไฟล์ใน Windows เหมือนกับ Linux ได้อย่างไร

RO: Problemă de conexiune SSH: Cum se schimbă permisiunile pentru foldere / fișiere în Windows în mod similar cu Linux?

RU: Проблема с SSH-подключением: как изменить права доступа к папке/файлу в Windows аналогично Linux?

VI: Sự cố kết nối SSH : Cách thay đổi quyền truy cập thư mục/tệp trong Windows tương tự như Linux?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.