SFTP Server on Windows 10 - connecting using SSH Pair keys

[Nickon]

Hello!

I have been trying to create and run SFTP server on one of my PC and get connect to them from second PC, placed in the same local network. Important is to connect with the serwer via SFTP on port 22 without password but using key pair. It turned out it's not so easy...

Anyway, let me explain what is the point of my problem. Maybe I just point it step by step, you will see then what is all about.

1. 1st PC (server) Windows 10: I installed OpenSSH server from optional applications and run the service. I also opened Windows Defender firewall on this and unblocked port 22. Server has only one user with admin rights (with password of course)

2. 2nd PC (client) Windows 10 as well.: I installed Winscp client and Puttykeygen (with Pagent). Generated keypair using Puttykeygen and saved both in this PC in one of random folders

3. On 1st PC (server) i creted relevant .ssh folder as well as authorized_keys file:  C:\Users\Kamil\.ssh\authorized_keys'. Then I saved (previously generated) public key into this authorized_key file - pasting the generated key from Puttygen window.

The problem is that I can't connect to the server via SFTP without password. When I try to login via WINSCP via SFTP protocol, load privat key and i put only user name without pasword, then i receive communicate that public key has been refused by the server. When I check the authorized_keys file on server there is the key inside which seems to be the same when I was generating pair key in Puttygen. The WinSCP let's me in but i had to type the password (so it means that authorization with key pair does not work properly)

I really don't know what else can I check. Assuming above, i have two questions:

I - What else can i do to check this issue with unrecognizable public key as above.
II - If I login to server via SFTP using both user and password (without public key auth.) is that mean the connection isn't safe and encrypted? So then it's the same conncetion standard like we use FTP connection? I don't get it because if i do not use keys while logging but use user+passord, then after logon in WinSCP i see SSH + lock icon. Doe then it is enctrypted connection or not?

Thank you good people!

[deanwebb]

Did you include a passphrase with it? I notice in the documentation that a passphrase can cause logons to WinSCP to fail.

[Nickon]

Ive tried with both privat key with passphrase and without. Same problem.
Maybe there is a problem with same format of public key that i paste in authorized_keys file? Do you have maybe some exaples how the authorized_keys file should look like inside?

[deanwebb]

Generally, only use plain text editors like notepad or Notepad++ to handle the text in the keyfile. Include the entire file, unless the file says to omit portions.

[Otanx]

Is the user on the server an admin? See this link - https://superuser.com/questions/1445976/windows-ssh-server-refuses-key-based-authentication-from-client

In short admin users have a different authorized_keys file than a normal user.

-Otanx

[KDog]

Open the keyfile with Notepad++
Check for spaces and or carriage returns which shouldn't be there, delete any.
Usually they are before/after the ---- BEGIN SSH2 PUBLIC KEY ---- and ---- END SSH2 PUBLIC KEY ---- tags.
The public key file should just have begin tag, comment with key type, key, end tag.
Probably not an issue in your case, but it is a quick/easy check to do.

I've only ever done this for Win clients (using putty) going to Linux servers so haven't had any issues, not sure how the windows server would handle the key files nor I have I tried with WinSCP.