Closed ileGITimo closed 3 months ago
Typo on title
Can you please provide the server side logs?
You can also confirm that the user is actually an admin, run net localgroup administrators
Got it working, it was when I went looking for logs to post that I stumbled into my problem. Couple of nitpicks:
I'll need to install it on another machine (I have about 50+ to go through, and none have internet access, a bit of pain) to check out who's the default owner, system, Administrator or someone else. I gave it to system and it worked. Also now wondering how to add public keys in there without changing the owner.
And yes, user2 is an admin. I've been using it with winexe to remotely admin a bunch of stations for 10+ years, but now SentinelOne doesn't like it and I'm trying to replace it with ssh. Last time I tried this a few years back I couldn't get neither user1 above (me) neither user2 (account that runs most maintenance scripts) to work.
Thanks.
Closing
Prerequisites
Steps to reproduce
I've setup ssh for two remote linux users almost identically, the only (unix local) differences are that one user's private key is password protected the other isn't, and obviously they have different keys.
Both public keys have been entered in administrators_authorized_keys, and they will attempt to ssh into the Windows boxes as users in the administrator group. Neither of them has an .ssh folder under their windows' home directories.
Unix client is Fedora 39, Window server is 2019 LTSC, current with patches. Sshd.exe claims to be OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5.
ssh user1@machine works, after entering the password for the private key (either typing it or supplied by ssh-agent), NO windows password prompt, with user1 being domain\user1, the domain machine belongs to.
ssh user2@machine, no local password prompt for private key as it is not password protected, results in a PROMPT for the windows password on machine, with user2 being a local user there, i.e. not a domain user.
What am I missing to make user2 session being accepted without a password prompt? SSHD logs at DebugLevel3, shows the correct rsa fingerprint being receive but rejected, with no further explanation.
Expected behavior
Actual behavior
Error details
Environment data
Version
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
Visuals
No response