[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Rowland penny rpenny at samba.org
Sun Apr 11 16:08:14 UTC 2021 

On 11/04/2021 16:23, Nicola Mingotti wrote:
>
> Let's follow your way and use Windows 10 package for OpenSSH.
>
> I deleted all what I have done before:
> rm C:\ProgramData\ssh
> rm C:\Program Files\OpenSSH
> rm C:\Users\nicola\.ssh
> rm C:\Users\adam1\.ssh
>
> . I rebooted and start all clean. Install OpenSSH Client and Server 
> from windows GUI.
>
> . Start-service sshd
>
> . p at deb4> sshd adam1 at domus => does not work
>
> . Stop-service sshd
>
> . Edit C:\ProgramData\ssh\sshd_config and comment these 2 lines:
> # Match Group administrators
> #       AuthorizedKeysFile 
> __PROGRAMDATA__/ssh/administrators_authorized_keys
>
> . Start-service sshd
>
> . p at deb4> sshd at adam1@domus => IT WORKS
>
> . Now I need to add my public key
>
> . Windows Powershell does not find ssh-keygen
>
> . LogOut + LogIn
>
> . adam1 at doums> ssh-keyget -t rsa   (RETURN serveral times, i don't put 
> secret password)
>
> . p at deb4> scp id_rsa.pub-p at deb4 adam1 at domus:.ssh/
>
> . adam1 at dmus> vim authorized_keys
> => here I add the file id_rsa.pus-p at deb4
>
> . Stop-service sshd
>
> . Start-service sshd
>
> p at deb4> ssh adam1 at domus
> => FAILS, IT DOES NOT ASK PASSWORD, it DIES.
>
> There might be an issue with permissions on the files .
> But on this release there is no script to check them.


Are you doing this on WSL ?

This is what I did to get passwordless ssh to Win10 working.

The user is 'username'
The client is 'workstation'
The server is 'win10'

On the client as the user, create the keys:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): # Just press enter
Enter same passphrase again:  # Just press enter
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9/ifFL4MkWO2RCIc3fxx/iWqUuNktreDHyJqTKWC/7g username at workstation
The key's randomart image is:
+---[RSA 2048]----+
|        .. o     |
|       . .. o . .|
|        o . .. + |
|        .. o .o o|
|   .   oS . B...o|
|  . . o  .**.= ..|
|   . +  .*o== o  |
|    ..o...=oo= o |
|    E+o  . o++=  |
+----[SHA256]-----+

Now copy the public key to the server:

scp /home/username/.ssh/id_rsa.pub username at win10:C:/Users/username/.ssh/
username at w10pro's password: # Enter password for 'username'

This will copy the publickey to the ssh server (the Windows machine)

Then on the windows machine, open a cmd prompt as an admin user and run 
the following command:

type C:/Users/username/.ssh/authorized_keys/id_rsa.pub | more /P > 
C:/Users/username/.ssh/authorized_keys/id_rsa.pub

It will ensure the publickey is the required 'dos' format

Now navigate to the id_rsa.pub key and open it in notepad, then save it 
as 'authorized_keys'

Now back to the client 'workstation' and run this as the user:

ssh win10 -v

Rowland

More information about the samba mailing list