Resolving SSH Key Loading Issues on Windows

Dimas Maulana DevOps

07-11-2024

/resolving-ssh-key-loading-issues-on-windows.jpg

Contents

While SSH is commonly associated with Linux and Unix systems, it can also be configured on Windows. This guide focuses on resolving SSH key loading issues specifically for Windows environments.

Understanding the Challenge

Similar to Linux/Unix, the default SSH configuration on Windows might only load keys authorized by administrators, typically stored in a location like %ProgramData%\ssh\administrators_authorized_keys. This restricts user access unless they are explicitly added to the administrator-authorized keys.

Enabling User-Authorized Keys on Windows

Locate the sshd_config File: On Windows, the sshd_config file is usually found in C:\ProgramData\ssh.
Add User-Authorized Keys Configuration: Append the following line to the sshd_config file, ensuring it’s placed below any existing AuthorizedKeysFile directives:
```
AuthorizedKeysFile      ~/.ssh/authorized_keys
```
This instructs OpenSSH for Windows to load keys from the .ssh/authorized_keys file located in each user’s home directory.
Disable Administrator-Only Keys: Locate and comment out the following line in the sshd_config file:
```
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
```
Adding a # at the beginning of the line will effectively disable it.
Restart the SSH Server: After making changes to the sshd_config file, restart the SSH server for the modifications to take effect.
- Command Prompt: net stop sshd && net start sshd
Create .ssh Directory: Ensure each user’s home directory contains a .ssh subdirectory. You can create it manually if it doesn’t exist.

Generate Public-Private Key Pairs: Users should generate their own public-private key pairs using the ssh-keygen command (which is included with OpenSSH for Windows).
Add Public Key to authorized_keys: Users should copy their public key (the content of the id_rsa.pub file) and add it to their ~/.ssh/authorized_keys file.

By following these steps, you can configure OpenSSH for Windows to allow users to connect securely with their own authorized keys, granting them authorized access to the server.