Setting SSH keys on Windows 10 OpenSSH server
Note that if you are setting up keys for an administrator user, putting the public key to %USERPROFILE%/.ssh/authorized_keys
will not work. You must append the public key to %PROGRAMDATA%/ssh/administrators_authorized_keys
instead.
Source
And you have to set permission with this script run in powershell admin:
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
You seem to mix server hosts keys and your account public keys.
Server host keys are generated by Win32-OpenSSH in %PROGRAMDATA%/ssh
on its first start. They are also given correct permissions, no need to modify them. These are the keys you see loaded as "private host key" in your log. That also indicates they have the correct permissions (otherwise they won't load).
Your account public keys go to %USERPROFILE%/.ssh/authorized_keys
. That file must have write access only for the account to which they belong.
The authorized_keys
file should contain public key part of your account key pair. That's no way related to .pub
files from %PROGRAMDATA%/ssh
.
A comment in the authorized_keys
file does not matter at all.
Keys from authorized_keys
file are not loaded when the server starts. They are loaded only, when you try to log in.
See also my guides to:
- Setting up SSH public key authentication on Win32-OpenSSH
- Understanding SSH Key Pairs