OpenSSH with SSH key login, this is how it works

The login with SSH key still causes problems for many. In fact everything is described how it should be set up to work – but … yes there are many small details missing 🫣.

We will take care of these details in this post, and then it will work 👍

Let’s start

We use a WINDOWS 11 OpenSSH server.

If this is not already set up you can add the OpenSSH server under “Settings / Apps / Advanced Applications / Add Application”.

Next we adjust the file “sshd_config” to our configuration, you can find it in the directory “C:\ProgramData\ssh”.

You can now adjust the user rights or you can copy the file “sshd_config” to the desktop and edit the file there and then move the file back again.

We change the lines as follows, please remove "#" too !
StrictModes no
PubkeyAuthentication yes
PasswordAuthentication yes

In the next step you need the utility “Services”, there you search “OpenSSH Server” and restart this service. At the same time check the startup mode and set it to “Automatic”.

Create a user for SSH

You have to remember the user type you set here for the user, this is important later when storing the key.

under “/ Settings / Accounts / Add another account” please create a user, since you don’t need a Microsoft account for it, select “I don’t have this information” in the first query and “Continue without Microsoft account” in the second window.

Please enter a “user name”, preferably only “Test” or “Klaus”. Of course you can also use “Klaus Haus”, how to do this you can see in the video.

Assign the 3 security questions with answers and write them down in case of problems.

We leave the setting “Standard User”, we will go into “Administrator Account” later.

Creating the key, the key files

A key always consists of two files: The Private Key and the Public Key.

The public key is stored on the server. The private key, you guard like the apple of your eye! Who has it, can log in as you ! So do not pass it on and keep it safe !

ssh-keygen -t ed25519

With this command you create your key files. The key can be secured with a password “passphrase”, which I can only recommend to you ! (Write this down, so you don’t forget it !)

The remaining input fields you can simply accept with [Enter].

The key files are located in the local directory “C:/Users/yourusername/.ssh”.

Mac OS

As is well known, things tick a little differently at Apple, and with the same configuration as under WINDOWS you come quite close to the matter, the there is still the worm inside 😂

Do not rename key files

The key filenames must be original, so please don’t rename them to “Klaus id_de25519” or something like that, that’s a trap and the keys won’t be found. The keys are stored as with WINDOWS under “C:/Users/DeinBenutzerNamen/.ssh” on the local PC/NB – Client.

Login with Mac OS to SSH

ssh User@ServerName
or
ssh "User Name"@ServerName (with teaching characters in the user name)

Confirm fingerprint with "yes
Enter password for login

If the login is successful, you now have “UserName@ServerName” in the command prompt. e.g. in the video “Test SSH@MSI”.

After the successful login you are now working on the SSH server !

Copy, from the local computer !, the content of the file “id-de25519” into the file on the server authorized_keys which must be in the directory “C:/Users/username/.ssh”.

If the directory “.ssh” does not exist, just create it. You can also copy the whole file and rename it.

Logout with: exit
Log in again with: ssh User@ServerName

If everything is correct and the key works, you will be asked for the “passphrase”. This is the password you used when you created the key.

Unsecured key files (Mac OS)

You may get this error message.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ ATTENTION: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The 0744 permissions for "/home/geek/.ssh/id_de25519" are too open.
It is recommended that your private key files are NOT accessible to others.
This private key will be ignored.
Bad permissions: Ignore key: /home/geek/.ssh/id_de25519

Against this, on the local PC, do the following:

Open terminal (Local PC/NB - Client)
cd /Users/yourusername/.ssh
sudo chmod 600 id_de25519
sudo chmod 600 id_de25519.pub

This should work and the connection with Key should now work. You should be prompted to enter your passphrase.

WINDOWS

After we have set up everything on Mac OS we don’t need to do much on Windows.

The OpenSSH server is already set up with the “key” for “Test SSH” users.

On the PC you are using, you only have to put the “Private Key” under “C:/Users/BenutzerName/.ssh” and you can start SSH immediately.

ssh Username@ServerName

You will be prompted to enter your “passphrase”, enter it and you are logged in.

Administrator user

Here is something important, if you want to / are allowed to work as admin …

The user on the server must be an administrator account, you can create a new user or change an existing one. You do this in the user management where we have created our “Test SSH” user.

You change the user “Test SSH” from standard user to administrator.

With the change to administrator you also have to change the key on the server. You have to delete the file “authorized_keys” in the directory “C:/Users/username/.ssh” on the server. Now create the file “administrators_authorized_keys” in the directory “C:\ProgramData\ssh” and store the public key there.

Please note that in the file “administrators_authorized_keys” may already exist, and may contain keys from other users, then you just add the key ! Overwriting the file can lead to loss of authorization of other admins !

Disable password login

Finally, only if the login with key works, the login via password off. For this you change in the file “sshd_conf”

We change the lines as follows:
PasswordAuthentication yes

In the next step you need the utility “Services”, there you search “OpenSSH Server” and restart this service.

Done !

---

Link to support / donation for the channel
PayPal Link
Bank transfer, Bitcoin and Lightning

#Key #KeyLogin #OpenSSH #SSH #SSHKeyLogin #SSHKeyMacOS #SSHKeyWINDOWS #WINDOWSOpenSSHServer #Security