SFTP Server on Windows 10 - connecting using SSH Pair keys

Started by Nickon, March 03, 2021, 06:14:27 AM

Previous topic - Next topic

Nickon

Hello!

I have been trying to create and run SFTP server on one of my PC and get connect to them from second PC, placed in the same local network. Important is to connect with the serwer via SFTP on port 22 without password but using key pair. It turned out it's not so easy...

Anyway, let me explain what is the point of my problem. Maybe I just point it step by step, you will see then what is all about.

1. 1st PC (server) Windows 10: I installed OpenSSH server from optional applications and run the service. I also opened Windows Defender firewall on this and unblocked port 22. Server has only one user with admin rights (with password of course)

2. 2nd PC (client) Windows 10 as well.: I installed Winscp client and Puttykeygen (with Pagent). Generated keypair using Puttykeygen and saved both in this PC in one of random folders

3. On 1st PC (server) i creted relevant .ssh folder as well as authorized_keys file:  C:\Users\Kamil\.ssh\authorized_keys'. Then I saved (previously generated) public key into this authorized_key file - pasting the generated key from Puttygen window.

The problem is that I can't connect to the server via SFTP without password. When I try to login via WINSCP via SFTP protocol, load privat key and i put only user name without pasword, then i receive communicate that public key has been refused by the server. When I check the authorized_keys file on server there is the key inside which seems to be the same when I was generating pair key in Puttygen. The WinSCP let's me in but i had to type the password (so it means that authorization with key pair does not work properly)

I really don't know what else can I check. Assuming above, i have two questions:

I - What else can i do to check this issue with unrecognizable public key as above.
II - If I login to server via SFTP using both user and password (without public key auth.) is that mean the connection isn't safe and encrypted? So then it's the same conncetion standard like we use FTP connection? I don't get it because if i do not use keys while logging but use user+passord, then after logon in WinSCP i see SSH + lock icon. Doe then it is enctrypted connection or not?

Thank you good people!




deanwebb

Did you include a passphrase with it? I notice in the documentation that a passphrase can cause logons to WinSCP to fail.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nickon

Ive tried with both privat key with passphrase and without. Same problem.
Maybe there is a problem with same format of public key that i paste in authorized_keys file? Do you have maybe some exaples how the authorized_keys file should look like inside?

deanwebb

Generally, only use plain text editors like notepad or Notepad++ to handle the text in the keyfile. Include the entire file, unless the file says to omit portions.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Is the user on the server an admin? See this link - https://superuser.com/questions/1445976/windows-ssh-server-refuses-key-based-authentication-from-client

In short admin users have a different authorized_keys file than a normal user.

-Otanx

KDog

Open the keyfile with Notepad++
Check for spaces and or carriage returns which shouldn't be there, delete any.
Usually they are before/after the ---- BEGIN SSH2 PUBLIC KEY ---- and ---- END SSH2 PUBLIC KEY ---- tags.
The public key file should just have begin tag, comment with key type, key, end tag.
Probably not an issue in your case, but it is a quick/easy check to do.

I've only ever done this for Win clients (using putty) going to Linux servers so haven't had any issues, not sure how the windows server would handle the key files nor I have I tried with WinSCP.
Never argue with an idiot.
They will bring you down to their level and beat you with experience.