SSH connection from Linux to Windows without password (with ssh-key)
It’s been quite a long time thinking about whether it’s possible to connect from Linux to windows without a password or not. After some research I found out a way and which I’m going to share with you below.
- Install OpenSSH Server and Client on windows with powershell or default way.
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
Use ssh-keygen.exe to create a .ssh directory, id_rsa id_rsa.pub keys with powershell, and create an authorized_key file.
New-Item -ItemType file "$ENV:UserProfile\.ssh\authorized_keys"
2. Add these commands for Startup Automatic for ssh services on powershell cli and check sshd
Get-Service sshd, ssh-agentSet-Service sshd -StartupType AutomaticSet-Service ssh-agent -StartupType AutomaticGet-Service sshd, ssh-agent
3. Use ssh-keygen to generate a new SSH key on Linux 🐧
4. Create administrators_authorized_keys file with powershell cli
(Run as administrator)
New-Item -ItemType file "C:\ProgramData\ssh\administrators_authorized_keys"
5. Copy this command and put it on PowerShell to allow ssh on windows
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe"
6. Copy 🐧Linux id_rsa.pub key on Windows
C:\ProgramData\ssh\administrators_authorized_keys file
7. Note that if the folder .ssh and does not already exist, the above command will fail. Besides, it might be better when creating the file to set a minimum possible permission (basically read-write for owner only).
Make sure that the ACL of the .ssh folder and the administrators_authorized_keys so that only a respective Windows account has to write access to the folder and the file (what is the default access level, if you create the folder and the file, while logged in using the respective account).
With powershell cli you can remove AUTHORITY\Authenticated Users”
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /remove "NT AUTHORITY\Authenticated Users"get-acl C:\ProgramData\ssh\ssh_host_dsa_key | set-acl C:\ProgramData\ssh\administrators_authorized_keysicacls "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:rRestart-Service -Name sshd, ssh-agent -ForceGet-Service -Name ssh-agent,sshd
8. Check ssh connection from 🐧linux machine.
If it doesn’t work then do it all as shown below :
Put these in your sshd_config, uncommenting preexisting entries as needed, found under c:\ProgramData\ssh\
PermitRootLogin yes
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreUserKnownHosts yes
Then on cmd net stop sshd and net start sshd or
with powershell
Restart-Service -Name sshd, ssh-agent -Force
Get-Service -Name ssh-agent,sshdThis probably means that your authorized_keys are readable by everyone on the computer, but at least it works.
