search

PowerShell / Win32-OpenSSH

Win32 port of OpenSSH
7.35k stars 756 forks source link

Permission denied for authorized_keys #826

Closed vovcacik closed 7 years ago

vovcacik commented 7 years ago

"OpenSSH for Windows" version PS C:\Program Files\OpenSSH> ((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion) Get-Command : The term 'sshd' is not recognized as the name of a cmdlet, function, script file, or operable program.

Anyway, it is 0.0.18.0.

Server OperatingSystem ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName) Windows 10 Pro

Client OperatingSystem Windows 10 Pro

What is failing Public key login.

9560 14:30:07:678 debug1: trying public key file C:\\Users\\Administrator\\.ssh/authorized_keys
9560 14:30:07:678 debug3: Failed to open file:C:\\Users\\Administrator\\.ssh/authorized_keys error:13
9560 14:30:07:678 debug1: Could not open authorized keys 'C:\\Users\\Administrator\\.ssh/authorized_keys': Permission denied

in spite of

PS C:\Users\Administrator\.ssh> icacls.exe .\authorized_keys
.\authorized_keys NT SERVICE\sshd:(R)
                  PC\Administrator:(F)

Expected output

Actual output

2736 14:29:50:533 debug1: sshd version OpenSSH_7.5, LibreSSL 2.5.3
2736 14:29:50:533 debug3: socket:0, socktype:1, io:000002926A32CD60, fd:3 
2736 14:29:50:533 debug3: close - io:000002926A32CD60, type:2, fd:3, table_index:3
2736 14:29:50:534 debug3: failed to open file:./ssh_host_rsa_key error:2
2736 14:29:50:534 debug1: key_load_private: No such file or directory
2736 14:29:50:534 debug3: Failed to open file:./ssh_host_rsa_key error:2
2736 14:29:50:535 debug1: will rely on agent for hostkey ./ssh_host_rsa_key
2736 14:29:50:535 debug1: agent host key #0: ssh-rsa SHA256:YExvD7/Rnr+5AWn86WFaqTwnjZWlil3/W1EbHxlGfTM
2736 14:29:50:535 debug3: failed to open file:./ssh_host_dsa_key error:2
2736 14:29:50:535 debug1: key_load_private: No such file or directory
2736 14:29:50:535 debug3: Failed to open file:./ssh_host_dsa_key error:2
2736 14:29:50:535 debug1: will rely on agent for hostkey ./ssh_host_dsa_key
2736 14:29:50:535 debug1: agent host key #1: ssh-dss SHA256:Y/3XrbMNDtK0OUoSuwhhF3+yuHla6jrDJCDMPX55YvY
2736 14:29:50:537 debug3: failed to open file:./ssh_host_ecdsa_key error:2
2736 14:29:50:537 debug1: key_load_private: No such file or directory
2736 14:29:50:537 debug3: Failed to open file:./ssh_host_ecdsa_key error:2
2736 14:29:50:537 debug1: will rely on agent for hostkey ./ssh_host_ecdsa_key
2736 14:29:50:537 debug1: agent host key #2: ecdsa-sha2-nistp256 SHA256:Q2c1pa+mlZ1N0+aNN1XnOUkKLVpYh9RO7LBlsR9gAbw
2736 14:29:50:537 debug3: failed to open file:./ssh_host_ed25519_key error:2
2736 14:29:50:537 debug1: key_load_private: No such file or directory
2736 14:29:50:537 debug3: Failed to open file:./ssh_host_ed25519_key error:2
2736 14:29:50:537 debug1: will rely on agent for hostkey ./ssh_host_ed25519_key
2736 14:29:50:537 debug1: agent host key #3: ssh-ed25519 SHA256:xIAKsqs/SltdRYenFQuvWR7ERvyZhNDqim815dZ7fC8
2736 14:29:50:537 debug3: socket:264, socktype:1, io:000002926A32E7C0, fd:3 
2736 14:29:50:537 debug2: fd 3 setting O_NONBLOCK
2736 14:29:50:537 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
2736 14:29:50:537 debug1: Bind to port 22 on ::.
2736 14:29:50:537 Server listening on :: port 22.
2736 14:29:50:537 debug3: socket:296, socktype:1, io:000002926A32FB70, fd:4 
2736 14:29:50:537 debug2: fd 4 setting O_NONBLOCK
2736 14:29:50:537 debug1: Bind to port 22 on 0.0.0.0.
2736 14:29:50:537 Server listening on 0.0.0.0 port 22.
2736 14:29:50:537 debug3: Failed to open file:./sshd.pid error:13
2736 14:29:50:537 error: Couldn't create pid file "./sshd.pid": Permission denied
2736 14:30:06:256 debug3: socket:284, io:000002926A329840, fd:5 
2736 14:30:06:256 debug3: fd 5 is not O_NONBLOCK
2736 14:30:06:256 debug3: pipe - r-h:308,io:000002926A332910,fd:6  w-h:304,io:000002926A3329C0,fd:7
2736 14:30:06:256 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe"
2736 14:30:06:259 debug3: Register child 000000000000013C pid 9560, 0 zombies of 0
2736 14:30:06:259 debug3: close - io:000002926A329840, type:1, fd:5, table_index:5
2736 14:30:06:260 debug1: Forked child 9560.
2736 14:30:06:260 debug3: close - io:000002926A3329C0, type:2, fd:7, table_index:7
9560 14:30:06:319 debug1: sshd version OpenSSH_7.5, LibreSSL 2.5.3
9560 14:30:06:319 debug3: socket:0, socktype:1, io:000001EECC531350, fd:3 
9560 14:30:06:319 debug3: close - io:000001EECC531350, type:2, fd:3, table_index:3
9560 14:30:06:319 debug3: failed to open file:./ssh_host_rsa_key error:2
9560 14:30:06:319 debug1: key_load_private: No such file or directory
9560 14:30:06:319 debug3: Failed to open file:./ssh_host_rsa_key error:2
9560 14:30:06:319 debug1: will rely on agent for hostkey ./ssh_host_rsa_key
9560 14:30:06:319 debug1: agent host key #0: ssh-rsa SHA256:YExvD7/Rnr+5AWn86WFaqTwnjZWlil3/W1EbHxlGfTM
9560 14:30:06:319 debug3: failed to open file:./ssh_host_dsa_key error:2
9560 14:30:06:319 debug1: key_load_private: No such file or directory
9560 14:30:06:319 debug3: Failed to open file:./ssh_host_dsa_key error:2
9560 14:30:06:319 debug1: will rely on agent for hostkey ./ssh_host_dsa_key
9560 14:30:06:319 debug1: agent host key #1: ssh-dss SHA256:Y/3XrbMNDtK0OUoSuwhhF3+yuHla6jrDJCDMPX55YvY
9560 14:30:06:319 debug3: failed to open file:./ssh_host_ecdsa_key error:2
9560 14:30:06:319 debug1: key_load_private: No such file or directory
9560 14:30:06:319 debug3: Failed to open file:./ssh_host_ecdsa_key error:2
9560 14:30:06:319 debug1: will rely on agent for hostkey ./ssh_host_ecdsa_key
9560 14:30:06:319 debug1: agent host key #2: ecdsa-sha2-nistp256 SHA256:Q2c1pa+mlZ1N0+aNN1XnOUkKLVpYh9RO7LBlsR9gAbw
9560 14:30:06:319 debug3: failed to open file:./ssh_host_ed25519_key error:2
9560 14:30:06:319 debug1: key_load_private: No such file or directory
9560 14:30:06:319 debug3: Failed to open file:./ssh_host_ed25519_key error:2
9560 14:30:06:319 debug1: will rely on agent for hostkey ./ssh_host_ed25519_key
9560 14:30:06:319 debug1: agent host key #3: ssh-ed25519 SHA256:xIAKsqs/SltdRYenFQuvWR7ERvyZhNDqim815dZ7fC8
9560 14:30:06:319 debug3: Failed to open file:./sshd.pid error:13
9560 14:30:06:319 error: Couldn't create pid file "./sshd.pid": Permission denied
9560 14:30:06:319 debug1: child socket: 284
9560 14:30:06:319 debug1: child startup_pipe: 304
9560 14:30:06:319 Connection from ::1 port 50849 on ::1 port 22
9560 14:30:06:319 debug1: Client protocol version 2.0; client software version PuTTYTray_p0.66_t028
9560 14:30:06:319 debug1: no match: PuTTYTray_p0.66_t028
9560 14:30:06:319 debug1: Local version string SSH-2.0-OpenSSH_7.5
9560 14:30:06:319 debug2: fd 3 setting O_NONBLOCK
9560 14:30:06:319 debug3: socket:0, socktype:1, io:000001EECC534A90, fd:5 
9560 14:30:06:319 debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms
9560 14:30:06:319 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
9560 14:30:06:319 debug3: send packet: type 20
9560 14:30:06:319 debug1: SSH2_MSG_KEXINIT sent
9560 14:30:06:334 debug3: receive packet: type 20
9560 14:30:06:334 debug1: SSH2_MSG_KEXINIT received
9560 14:30:06:334 debug2: local server KEXINIT proposal
9560 14:30:06:335 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
9560 14:30:06:335 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
9560 14:30:06:335 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
9560 14:30:06:335 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
9560 14:30:06:335 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
9560 14:30:06:335 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
9560 14:30:06:335 debug2: compression ctos: none
9560 14:30:06:335 debug2: compression stoc: none
9560 14:30:06:335 debug2: languages ctos: 
9560 14:30:06:335 debug2: languages stoc: 
9560 14:30:06:335 debug2: first_kex_follows 0 
9560 14:30:06:335 debug2: reserved 0 
9560 14:30:06:335 debug2: peer client KEXINIT proposal
9560 14:30:06:335 debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1
9560 14:30:06:335 debug2: host key algorithms: ssh-rsa,ssh-dss
9560 14:30:06:335 debug2: ciphers ctos: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
9560 14:30:06:335 debug2: ciphers stoc: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
9560 14:30:06:335 debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5
9560 14:30:06:335 debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5
9560 14:30:06:335 debug2: compression ctos: none,zlib
9560 14:30:06:335 debug2: compression stoc: none,zlib
9560 14:30:06:335 debug2: languages ctos: 
9560 14:30:06:335 debug2: languages stoc: 
9560 14:30:06:335 debug2: first_kex_follows 0 
9560 14:30:06:335 debug2: reserved 0 
9560 14:30:06:335 debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
9560 14:30:06:335 debug1: kex: host key algorithm: ssh-rsa
9560 14:30:06:335 debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
9560 14:30:06:335 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
9560 14:30:06:335 debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST
9560 14:30:06:335 debug3: receive packet: type 34
9560 14:30:06:335 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
9560 14:30:06:335 debug3: Failed to open file:./moduli error:2
9560 14:30:06:335 WARNING: could not open ./moduli (No such file or directory), using fixed modulus
9560 14:30:06:335 debug3: dh_new_group_fallback: requested max size 8192
9560 14:30:06:335 debug3: using 8k bit group 18
9560 14:30:06:335 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
9560 14:30:06:336 debug3: send packet: type 31
9560 14:30:06:428 debug2: bits set: 4085/8192
9560 14:30:06:428 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
9560 14:30:06:991 debug3: receive packet: type 32
9560 14:30:06:991 debug2: bits set: 4108/8192
9560 14:30:07:100 debug3: send packet: type 33
9560 14:30:07:100 debug3: send packet: type 21
9560 14:30:07:100 debug2: set_newkeys: mode 1
9560 14:30:07:100 debug1: rekey after 4294967296 blocks
9560 14:30:07:100 debug1: SSH2_MSG_NEWKEYS sent
9560 14:30:07:100 debug1: expecting SSH2_MSG_NEWKEYS
9560 14:30:07:662 debug3: receive packet: type 21
9560 14:30:07:662 debug1: SSH2_MSG_NEWKEYS received
9560 14:30:07:662 debug2: set_newkeys: mode 0
9560 14:30:07:662 debug1: rekey after 4294967296 blocks
9560 14:30:07:662 debug1: KEX done
9560 14:30:07:662 debug3: receive packet: type 5
9560 14:30:07:662 debug3: send packet: type 6
9560 14:30:07:662 debug3: receive packet: type 50
9560 14:30:07:662 debug1: userauth-request for user Administrator service ssh-connection method none
9560 14:30:07:662 debug1: attempt 0 failures 0
9560 14:30:07:662 debug2: parse_server_config: config reprocess config len 274
9560 14:30:07:678 debug2: input_userauth_request: setting up authctxt for Administrator
9560 14:30:07:678 debug2: input_userauth_request: try method none
9560 14:30:07:678 Failed none for Administrator from ::1 port 50849 ssh2
9560 14:30:07:678 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive"
9560 14:30:07:678 debug3: send packet: type 51
9560 14:30:07:678 debug3: receive packet: type 50
9560 14:30:07:678 debug1: userauth-request for user Administrator service ssh-connection method publickey
9560 14:30:07:678 debug1: attempt 1 failures 0
9560 14:30:07:678 debug2: input_userauth_request: try method publickey
9560 14:30:07:678 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:4kM2317ZBEVuOC8cOwBnqAWncfZP3KlBEhxCBmo+JoA
9560 14:30:07:678 debug1: trying public key file C:\\Users\\Administrator\\.ssh/authorized_keys
9560 14:30:07:678 debug3: Failed to open file:C:\\Users\\Administrator\\.ssh/authorized_keys error:13
9560 14:30:07:678 debug1: Could not open authorized keys 'C:\\Users\\Administrator\\.ssh/authorized_keys': Permission denied
9560 14:30:07:678 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
9560 14:30:07:678 Failed publickey for Administrator from ::1 port 50849 ssh2
9560 14:30:07:678 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive"
9560 14:30:07:678 debug3: send packet: type 51
9560 14:30:07:678 debug3: receive packet: type 50
9560 14:30:07:678 debug1: userauth-request for user Administrator service ssh-connection method keyboard-interactive
9560 14:30:07:678 debug1: attempt 2 failures 1
9560 14:30:07:678 debug2: input_userauth_request: try method keyboard-interactive
9560 14:30:07:678 debug1: keyboard-interactive devs 
9560 14:30:07:678 debug1: auth2_challenge: user=Administrator devs=
9560 14:30:07:678 debug1: kbdint_alloc: devices ''
9560 14:30:07:678 debug2: auth2_challenge_start: devices 
9560 14:30:07:678 Failed keyboard-interactive for Administrator from ::1 port 50849 ssh2
9560 14:30:07:678 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive"
9560 14:30:07:678 debug3: send packet: type 51
9560 14:30:07:678 debug3: receive packet: type 1
9560 14:30:07:678 error: Received disconnect from ::1 port 50849:14: No supported authentication methods available
9560 14:30:07:678 Disconnected from authenticating user Administrator ::1 port 50849
9560 14:30:07:678 debug1: do_cleanup
2736 14:30:07:678 debug3: close - io:000002926A332910, type:2, fd:6, table_index:6
2736 14:30:07:678 debug3: zombie'ing child at index 0, 0 zombies of 1
2736 14:30:07:678 debug3: Unregister child at index 0, 1 zombies of 1
bagajjal commented 7 years ago

You should have restricted access to authorized_keys file. System(FullControl), SSHD(Read only), Administrators group (can be anything). Your security settings should look like this

https://user-images.githubusercontent.com/23668037/28344039-f117e942-6bd5-11e7-9c25-2e6b99766a53.png

bingbing8 commented 7 years ago

@vovcacik what is the output for (Get-Acl C:\Users\Administrator\.ssh/authorized_keys).Access? My guess is that the file is not granted with read perm to "nt service\sshd" please follow either OpenSSH utility scripts to fix file permissions or Security protection of files to fix the acl of the file.

vovcacik commented 7 years ago

@bingbing8 (Get-Acl C:\Users\Administrator\.ssh/authorized_keys).Access

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : PC\Administrator
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : Read, Synchronize
AccessControlType : Allow
IdentityReference : NT SERVICE\sshd
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None
vovcacik commented 7 years ago

I have tried to fix the file permission with bundled script OpenSSH utility scripts to fix file permissions

PS C:\Program Files\OpenSSH> Import-Module .\OpenSSHUtils.psd1 -Force
PS C:\Program Files\OpenSSH> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator\.ssh\authorized_keys
  [*] C:\Users\Administrator\.ssh\authorized_keys
      looks good

PS C:\Program Files\OpenSSH> (Get-Acl C:\Users\Administrator\.ssh\authorized_keys).Access

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : PC\Administrator
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : Read, Synchronize
AccessControlType : Allow
IdentityReference : NT SERVICE\sshd
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Then I have restarted the sshd and ssh-agent services, removed all logs and tried to connect with this result:

6512 10:56:30:862 debug1: trying public key file C:\\Users\\Administrator\\.ssh/authorized_keys
6512 10:56:30:878 debug3: Failed to open file:C:\\Users\\Administrator\\.ssh/authorized_keys error:13
6512 10:56:30:878 debug1: Could not open authorized keys 'C:\\Users\\Administrator\\.ssh/authorized_keys': Permission denied
vovcacik commented 7 years ago

@bagajjal I tried to grant full control to Administrators group and to the SYSTEM. I kept full control for my own account, as well as ownership of the authorized_keys file.

PS C:\Users\Administrator\.ssh> icacls .\authorized_keys /grant `"BUILTIN\Administrators`":`(F`)
processed file: .\authorized_keys
Successfully processed 1 files; Failed processing 0 files
PS C:\Users\Administrator\.ssh> icacls .\authorized_keys /grant `"SYSTEM`":`(F`)
processed file: .\authorized_keys
Successfully processed 1 files; Failed processing 0 files
PS C:\Users\Administrator\.ssh> (Get-Acl C:\Users\Administrator\.ssh\authorized_keys).Access

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : PC\Administrator
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : Read, Synchronize
AccessControlType : Allow
IdentityReference : NT SERVICE\sshd
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

Then I restarted the sshd and ssh-agent services, purged all logs and tried to connect - the sshd no longer tries to load authorized_keys. Even when I temporarily disable password authentication PasswordAuthentication no.

@bingbing8 With the above change it seems sshd does not like the permissions on the file and rejecting to read altogether (just my guess, the log is empty, see below). So I rerun the permission fix script:

PS C:\Program Files\OpenSSH> Import-Module .\OpenSSHUtils.psd1 -Force
PS C:\Program Files\OpenSSH> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator\.ssh\authorized_keys
  [*] C:\Users\Administrator\.ssh\authorized_keys
      looks good

PS C:\Program Files\OpenSSH> (Get-Acl C:\Users\Administrator\.ssh\authorized_keys).Access

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : FullControl
AccessControlType : Allow
IdentityReference : PC\Administrator
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

FileSystemRights  : Read, Synchronize
AccessControlType : Allow
IdentityReference : NT SERVICE\sshd
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

All seems to be fine, yet nothing changed; permissions are the same and sshd is not loading the authorized_keys:

10080 11:20:16:995 debug1: sshd version OpenSSH_7.5, LibreSSL 2.5.3
10080 11:20:16:995 debug3: socket:0, socktype:1, io:0000021434069470, fd:3 
10080 11:20:16:995 debug3: close - io:0000021434069470, type:2, fd:3, table_index:3
10080 11:20:16:995 debug3: failed to open file:./ssh_host_rsa_key error:2
10080 11:20:16:995 debug1: key_load_private: No such file or directory
10080 11:20:16:995 debug3: Failed to open file:./ssh_host_rsa_key error:2
10080 11:20:16:995 debug1: will rely on agent for hostkey ./ssh_host_rsa_key
10080 11:20:16:995 debug1: agent host key #0: ssh-rsa SHA256:YExvD7/Rnr+5AWn86WFaqTwnjZWlil3/W1EbHxlGfTM
10080 11:20:16:995 debug3: failed to open file:./ssh_host_dsa_key error:2
10080 11:20:16:995 debug1: key_load_private: No such file or directory
10080 11:20:17:011 debug3: Failed to open file:./ssh_host_dsa_key error:2
10080 11:20:17:011 debug1: will rely on agent for hostkey ./ssh_host_dsa_key
10080 11:20:17:011 debug1: agent host key #1: ssh-dss SHA256:Y/3XrbMNDtK0OUoSuwhhF3+yuHla6jrDJCDMPX55YvY
10080 11:20:17:011 debug3: failed to open file:./ssh_host_ecdsa_key error:2
10080 11:20:17:011 debug1: key_load_private: No such file or directory
10080 11:20:17:011 debug3: Failed to open file:./ssh_host_ecdsa_key error:2
10080 11:20:17:011 debug1: will rely on agent for hostkey ./ssh_host_ecdsa_key
10080 11:20:17:011 debug1: agent host key #2: ecdsa-sha2-nistp256 SHA256:Q2c1pa+mlZ1N0+aNN1XnOUkKLVpYh9RO7LBlsR9gAbw
10080 11:20:17:011 debug3: failed to open file:./ssh_host_ed25519_key error:2
10080 11:20:17:011 debug1: key_load_private: No such file or directory
10080 11:20:17:011 debug3: Failed to open file:./ssh_host_ed25519_key error:2
10080 11:20:17:011 debug1: will rely on agent for hostkey ./ssh_host_ed25519_key
10080 11:20:17:011 debug1: agent host key #3: ssh-ed25519 SHA256:xIAKsqs/SltdRYenFQuvWR7ERvyZhNDqim815dZ7fC8
10080 11:20:17:011 debug3: socket:248, socktype:1, io:00000214340693C0, fd:3 
10080 11:20:17:011 debug2: fd 3 setting O_NONBLOCK
10080 11:20:17:011 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
10080 11:20:17:011 debug1: Bind to port 22 on ::.
10080 11:20:17:011 Server listening on :: port 22.
10080 11:20:17:011 debug3: socket:276, socktype:1, io:0000021434068FA0, fd:4 
10080 11:20:17:011 debug2: fd 4 setting O_NONBLOCK
10080 11:20:17:011 debug1: Bind to port 22 on 0.0.0.0.
10080 11:20:17:011 Server listening on 0.0.0.0 port 22.
10080 11:20:17:011 debug3: Failed to open file:./sshd.pid error:13
10080 11:20:17:011 error: Couldn't create pid file "./sshd.pid": Permission denied
10080 11:20:19:839 debug3: socket:284, io:0000021434069310, fd:5 
10080 11:20:19:839 debug3: fd 5 is not O_NONBLOCK
10080 11:20:19:839 debug3: pipe - r-h:296,io:00000214340691B0,fd:6  w-h:292,io:0000021434068EF0,fd:7
10080 11:20:19:839 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe"
10080 11:20:19:839 debug3: Register child 0000000000000130 pid 2096, 0 zombies of 0
10080 11:20:19:839 debug3: close - io:0000021434069310, type:1, fd:5, table_index:5
10080 11:20:19:839 debug1: Forked child 2096.
10080 11:20:19:839 debug3: close - io:0000021434068EF0, type:2, fd:7, table_index:7
2096 11:20:19:902 debug1: sshd version OpenSSH_7.5, LibreSSL 2.5.3
2096 11:20:19:902 debug3: socket:0, socktype:1, io:000002A341173A40, fd:3 
2096 11:20:19:902 debug3: close - io:000002A341173A40, type:2, fd:3, table_index:3
2096 11:20:19:902 debug3: failed to open file:./ssh_host_rsa_key error:2
2096 11:20:19:902 debug1: key_load_private: No such file or directory
2096 11:20:19:902 debug3: Failed to open file:./ssh_host_rsa_key error:2
2096 11:20:19:902 debug1: will rely on agent for hostkey ./ssh_host_rsa_key
2096 11:20:19:902 debug1: agent host key #0: ssh-rsa SHA256:YExvD7/Rnr+5AWn86WFaqTwnjZWlil3/W1EbHxlGfTM
2096 11:20:19:902 debug3: failed to open file:./ssh_host_dsa_key error:2
2096 11:20:19:902 debug1: key_load_private: No such file or directory
2096 11:20:19:902 debug3: Failed to open file:./ssh_host_dsa_key error:2
2096 11:20:19:902 debug1: will rely on agent for hostkey ./ssh_host_dsa_key
2096 11:20:19:902 debug1: agent host key #1: ssh-dss SHA256:Y/3XrbMNDtK0OUoSuwhhF3+yuHla6jrDJCDMPX55YvY
2096 11:20:19:902 debug3: failed to open file:./ssh_host_ecdsa_key error:2
2096 11:20:19:902 debug1: key_load_private: No such file or directory
2096 11:20:19:902 debug3: Failed to open file:./ssh_host_ecdsa_key error:2
2096 11:20:19:902 debug1: will rely on agent for hostkey ./ssh_host_ecdsa_key
2096 11:20:19:902 debug1: agent host key #2: ecdsa-sha2-nistp256 SHA256:Q2c1pa+mlZ1N0+aNN1XnOUkKLVpYh9RO7LBlsR9gAbw
2096 11:20:19:902 debug3: failed to open file:./ssh_host_ed25519_key error:2
2096 11:20:19:902 debug1: key_load_private: No such file or directory
2096 11:20:19:902 debug3: Failed to open file:./ssh_host_ed25519_key error:2
2096 11:20:19:902 debug1: will rely on agent for hostkey ./ssh_host_ed25519_key
2096 11:20:19:902 debug1: agent host key #3: ssh-ed25519 SHA256:xIAKsqs/SltdRYenFQuvWR7ERvyZhNDqim815dZ7fC8
2096 11:20:19:902 debug3: Failed to open file:./sshd.pid error:13
2096 11:20:19:902 error: Couldn't create pid file "./sshd.pid": Permission denied
2096 11:20:19:902 debug1: child socket: 284
2096 11:20:19:902 debug1: child startup_pipe: 292
2096 11:20:19:902 Connection from ::1 port 59586 on ::1 port 22
2096 11:20:19:917 debug1: Client protocol version 2.0; client software version PuTTYTray_p0.66_t028
2096 11:20:19:917 debug1: no match: PuTTYTray_p0.66_t028
2096 11:20:19:917 debug1: Local version string SSH-2.0-OpenSSH_7.5
2096 11:20:19:917 debug2: fd 3 setting O_NONBLOCK
2096 11:20:19:917 debug3: socket:0, socktype:1, io:000002A341154A90, fd:5 
2096 11:20:19:917 debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms
2096 11:20:19:917 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
2096 11:20:19:917 debug3: send packet: type 20
2096 11:20:19:917 debug1: SSH2_MSG_KEXINIT sent
2096 11:20:19:917 debug3: receive packet: type 20
2096 11:20:19:917 debug1: SSH2_MSG_KEXINIT received
2096 11:20:19:917 debug2: local server KEXINIT proposal
2096 11:20:19:917 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
2096 11:20:19:917 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
2096 11:20:19:917 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
2096 11:20:19:917 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
2096 11:20:19:917 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
2096 11:20:19:917 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
2096 11:20:19:917 debug2: compression ctos: none
2096 11:20:19:917 debug2: compression stoc: none
2096 11:20:19:917 debug2: languages ctos: 
2096 11:20:19:917 debug2: languages stoc: 
2096 11:20:19:917 debug2: first_kex_follows 0 
2096 11:20:19:917 debug2: reserved 0 
2096 11:20:19:917 debug2: peer client KEXINIT proposal
2096 11:20:19:917 debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1
2096 11:20:19:917 debug2: host key algorithms: ssh-rsa,ssh-dss
2096 11:20:19:917 debug2: ciphers ctos: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
2096 11:20:19:917 debug2: ciphers stoc: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
2096 11:20:19:917 debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5
2096 11:20:19:917 debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5
2096 11:20:19:917 debug2: compression ctos: none,zlib
2096 11:20:19:917 debug2: compression stoc: none,zlib
2096 11:20:19:917 debug2: languages ctos: 
2096 11:20:19:917 debug2: languages stoc: 
2096 11:20:19:917 debug2: first_kex_follows 0 
2096 11:20:19:917 debug2: reserved 0 
2096 11:20:19:917 debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
2096 11:20:19:917 debug1: kex: host key algorithm: ssh-rsa
2096 11:20:19:917 debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
2096 11:20:19:917 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
2096 11:20:19:917 debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST
2096 11:20:19:917 debug3: receive packet: type 34
2096 11:20:19:917 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
2096 11:20:19:917 debug3: Failed to open file:./moduli error:2
2096 11:20:19:917 WARNING: could not open ./moduli (No such file or directory), using fixed modulus
2096 11:20:19:917 debug3: dh_new_group_fallback: requested max size 8192
2096 11:20:19:917 debug3: using 8k bit group 18
2096 11:20:19:917 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
2096 11:20:19:917 debug3: send packet: type 31
2096 11:20:20:011 debug2: bits set: 4057/8192
2096 11:20:20:011 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
2096 11:20:20:558 debug3: receive packet: type 32
2096 11:20:20:558 debug2: bits set: 4109/8192
2096 11:20:20:683 debug3: send packet: type 33
2096 11:20:20:683 debug3: send packet: type 21
2096 11:20:20:683 debug2: set_newkeys: mode 1
2096 11:20:20:683 debug1: rekey after 4294967296 blocks
2096 11:20:20:683 debug1: SSH2_MSG_NEWKEYS sent
2096 11:20:20:683 debug1: expecting SSH2_MSG_NEWKEYS
2096 11:20:21:245 debug3: receive packet: type 21
2096 11:20:21:245 debug1: SSH2_MSG_NEWKEYS received
2096 11:20:21:245 debug2: set_newkeys: mode 0
2096 11:20:21:245 debug1: rekey after 4294967296 blocks
2096 11:20:21:245 debug1: KEX done
2096 11:20:21:245 debug3: receive packet: type 5
2096 11:20:21:245 debug3: send packet: type 6
2096 11:20:21:245 debug3: receive packet: type 50
2096 11:20:21:245 debug1: userauth-request for user Administrator service ssh-connection method none
2096 11:20:21:245 debug1: attempt 0 failures 0
2096 11:20:21:245 debug2: parse_server_config: config reprocess config len 248
2096 11:20:21:245 debug2: input_userauth_request: setting up authctxt for Administrator
2096 11:20:21:245 debug2: input_userauth_request: try method none
2096 11:20:21:245 Failed none for Administrator from ::1 port 59586 ssh2
2096 11:20:21:245 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive"
2096 11:20:21:245 debug3: send packet: type 51
2096 11:20:21:245 debug3: receive packet: type 50
2096 11:20:21:245 debug1: userauth-request for user Administrator service ssh-connection method keyboard-interactive
2096 11:20:21:245 debug1: attempt 1 failures 0
2096 11:20:21:245 debug2: input_userauth_request: try method keyboard-interactive
2096 11:20:21:245 debug1: keyboard-interactive devs 
2096 11:20:21:245 debug1: auth2_challenge: user=Administrator devs=
2096 11:20:21:245 debug1: kbdint_alloc: devices ''
2096 11:20:21:245 debug2: auth2_challenge_start: devices 
2096 11:20:21:245 Failed keyboard-interactive for Administrator from ::1 port 59586 ssh2
2096 11:20:21:245 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive"
2096 11:20:21:245 debug3: send packet: type 51
2096 11:20:23:730 Connection closed by authenticating user Administrator ::1 port 59586
2096 11:20:23:730 debug1: do_cleanup
10080 11:20:23:730 debug3: close - io:00000214340691B0, type:2, fd:6, table_index:6
10080 11:20:23:730 debug3: zombie'ing child at index 0, 0 zombies of 1
10080 11:20:23:730 debug3: Unregister child at index 0, 1 zombies of 1
vovcacik commented 7 years ago

@bagajjal I tried to set the permissions exactly as on your screenshot, but still the same problem - authorzied_keys is not even attempted to be read.

vovcacik commented 7 years ago

I took another approach, I've removed all permissions on the authorized_keys file and kept ownership. Then I run the fix script:

PS C:\Program Files\OpenSSH> Import-Module .\OpenSSHUtils.psd1 -Force
PS C:\Program Files\OpenSSH> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator\.ssh\authorized_keys
  [*] C:\Users\Administrator\.ssh\authorized_keys

'NT SERVICE\sshd' needs Read access to 'C:\Users\Administrator\.ssh\authorized_keys'.
Shall I make the above change?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
'NT SERVICE\sshd' now has Read access to 'C:\Users\Administrator\.ssh\authorized_keys'.
      Repaired permissions

PS C:\Program Files\OpenSSH> (Get-Acl C:\Users\Administrator\.ssh\authorized_keys).Access

FileSystemRights  : Read, Synchronize
AccessControlType : Allow
IdentityReference : NT SERVICE\sshd
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

I also tried to check Effective access and it looks just fine: img

I get same results when I assign additional permission to Traverse folder/execute file or even Full control. Also note that I have input NT SERVICE\sshd, but the ui abbreviate it to just sshd.

I made sure the sshd processes are running with correct permissions:

sshd.exe    NT SERVICE\sshd
ssh-agent.exe   NT AUTHORITY\SYSTEM

Despite all that:

6524 11:47:15:895 debug1: trying public key file C:\\Users\\Administrator\\.ssh/authorized_keys
6524 11:47:15:895 debug3: Failed to open file:C:\\Users\\Administrator\\.ssh/authorized_keys error:13
6524 11:47:15:895 debug1: Could not open authorized keys 'C:\\Users\\Administrator\\.ssh/authorized_keys': Permission denied
vovcacik commented 7 years ago

I managed to successfully install the OpenSSH on another Windows 10 machine. I will try to reinstall OpenSSH on the problematic machine, but as far as I can tell the only difference was that I have skipped the New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH line in installation instructions and went for netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22 directly. I ran both lines on the first machine.

sspencer3 commented 7 years ago

I was seeing this same issue and while it may not have been vovcacik's issue I figured I'd post here to assist anyone else that runs into it. The problem ended up being that I had mistakenly created "authorized_keys" as a folder with my .pub key file simply copied into the folder. Authorized_keys should be created as a generic text file with the text of the pub key file copied into Athorized_keys.

To accomplish this I did the following;

  1. Used notepad to create a text file named authorized_keys in C:\users\username\ .ssh\
  2. Copied the contents of my .pub key file into the authorized_keys text file as a single line of text.
  3. Used "Save As" to change the encoding to use UTF-8 because the default ANSI can have issues being read by the sshd service.
  4. After closing the authorized_keys file I then removed its .txt extension. To do this you may need to uncheck "Hide extensions for known file types" from the Windows Folder Options control panel. When done correctly Windows should now show the file type as "File" instead of "Text Document".
  5. I then used icacls to updated the permissions for the authorized_keys file as shown here: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-win32-openssh
  6. I then updated the sshd_config file's "AuthorizedKeysFile" line to point to C:\users\username\ .ssh\authorized_keys
  7. Restart sshd service
  8. Test SSH connection
vovcacik commented 7 years ago

I didn't solve this issue, however I think I have provide enough data to point finger at win32-openssh. Especially the fact, that Windows reported proper permissions for user sshd in Effective access view.

I no longer need this to fix.

dermeister0 commented 5 years ago

I'm frustrated by Win32-OpenSSH too. It has problems with simple configs and does not write enough info to logs. However, I was able to fix pubkey authentication when removed some unwanted inherited permissions.

@vovcacik Are you sure that the service runs under sshd user? It's Local System in my case.

darrynhoskingluna commented 5 years ago

@sspencer3 thank you. That resolved my issue. For anyone else, follow @sspencer3's instructions then run the following to set the permissions correctly

In an elevated powershell open and run the following Import-Module .\OpenSSHUtils.psd1 -Force Repair-AuthorizedKeyPermission -FilePath C:\Users\username.ssh\authorized_keys

sgargel commented 5 years ago

I've trouble too:

PS C:\Program Files\OpenSSH-Win64> Import-Module .\OpenSSHUtils.psd1 -Force
PS C:\Program Files\OpenSSH-Win64> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator.DOMAIN\.ssh\authoriz
ed_keys
  [*] C:\Users\Administrator.DOMAIN\.ssh\authorized_keys

Need to remove the inheritance before repair the rules.
Shall I remove the inheritace?
[S] Sì  [T] Sì a tutti  [N] No  [U] No a tutti  [O] Sospendi  [?] Guida (il valore predefinito è "S"): s
Inheritance is removed from 'C:\Users\Administrator.DOMAIN\.ssh\authorized_keys'.

'NT AUTHORITY\SYSTEM' has the following access to 'C:\Users\Administrator.DOMAIN\.ssh\authorized_keys': 'Allow'-'Read,
 Synchronize'.
Shall I make it Allow FullControl?
[S] Sì  [T] Sì a tutti  [N] No  [U] No a tutti  [O] Sospendi  [?] Guida (il valore predefinito è "S"): s
'NT AUTHORITY\SYSTEM' now has FullControl access to 'C:\Users\Administrator.DOMAIN\.ssh\authorized_keys'.
      Repaired permissions

PS C:\Program Files\OpenSSH-Win64> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator.DOMAIN\.ssh\authoriz
ed_keys
  [*] C:\Users\Administrator.DOMAIN\.ssh\authorized_keys
      looks good
PS C:\Program Files\OpenSSH-Win64> Repair-AuthorizedKeyPermission -FilePath C:\Users\Administrator.DOMAIN\.ssh\authoriz
ed_keys
  [*] C:\Users\Administrator.DOMAIN\.ssh\authorized_keys
      looks good
PS C:\Program Files\OpenSSH-Win64> icacls.exe C:\Users\Administrator.DOMAIN\.ssh
C:\Users\Administrator.DOMAIN\.ssh DOMAIN\Administrator:(OI)(CI)(F)
                                    NT AUTHORITY\SYSTEM:(OI)(CI)(R)

Elaborazione completata per 1 file. Elaborazione non riuscita per 0 file
PS C:\Program Files\OpenSSH-Win64> icacls.exe C:\Users\Administrator.DOMAIN\.ssh\authorized_keys
C:\Users\Administrator.DOMAIN\.ssh\authorized_keys NT AUTHORITY\SYSTEM:(F)
                                                    DOMAIN\Administrator:(F)

Elaborazione completata per 1 file. Elaborazione non riuscita per 0 file

On the linux client side:

debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
bingbing8 commented 5 years ago

@sgargel , is C:\Users\Administrator.DOMAIN.ssh\authorized_keys a file or a directory?

sgargel commented 5 years ago

@bingbing8 C:\Users\Administrator.DOMAIN\.ssh\authorized_keys is a file containing my pub key

xq114 commented 3 years ago

If you are using the openssh-server from windows utilities, just comment out the last lines in C:\ProgramData\ssh\sshd_config, it works for me.

image

VALLIS-NERIA commented 2 years ago

If you are using the openssh-server from windows utilities, just comment out the last lines in C:\ProgramData\ssh\sshd_config, it works for me.

image

that helps.

Even though I've put the public key in it, it seems does not work. But ~/.ssh/authorized_keys works fine

gregorykolasis commented 1 year ago

I was seeing this same issue and while it may not have been vovcacik's issue I figured I'd post here to assist anyone else that runs into it. The problem ended up being that I had mistakenly created "authorized_keys" as a folder with my .pub key file simply copied into the folder. Authorized_keys should be created as a generic text file with the text of the pub key file copied into Athorized_keys.

To accomplish this I did the following;

  1. Used notepad to create a text file named authorized_keys in C:\users\username\ .ssh\
  2. Copied the contents of my .pub key file into the authorized_keys text file as a single line of text.
  3. Used "Save As" to change the encoding to use UTF-8 because the default ANSI can have issues being read by the sshd service.
  4. After closing the authorized_keys file I then removed its .txt extension. To do this you may need to uncheck "Hide extensions for known file types" from the Windows Folder Options control panel. When done correctly Windows should now show the file type as "File" instead of "Text Document".
  5. I then used icacls to updated the permissions for the authorized_keys file as shown here: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-win32-openssh
  6. I then updated the sshd_config file's "AuthorizedKeysFile" line to point to C:\users\username\ .ssh\authorized_keys
  7. Restart sshd service
  8. Test SSH connection

Step 5. Especially these commands

` PS C:>icacls administrators_authorized_keys /inheritance:r

PS C:>icacls administrators_authorized_keys /grant SYSTEM:(F)

PS C:>icacls administrators_authorized_keys /grant BUILTIN\Administrators:(F)

` Solved my issue!