SSHFS with publickey on Windows 11 is not working properly

Zirpoo commented 1 year ago

Hello! I have a fresh install of Windows 11 with the latest version of SSHFS-Win and WinFsp.

I used the ssh-keygen command to generate a private and public key. This was previously working on Windows 10, so... no problems should come from my home nas.

I both used the command line sshfs and the windows interface to add a network drive, both didn't work. Here is my connection line \\sshfs.k\sftp-storage\sftp

on my Windows 11 I have this config file located at ~/.ssh/config for this server settings

Host sftp-storage
HostName 10.0.0.195
User sftp-storage
IdentitiesOnly yes
IdentityFile ~/.ssh/sftp-storage

Now that I have explained my setup, here is what I've tried and observed. First I have to say that i'm not a beginner and I have a pretty good knowledge of software development.

By using the debug argument on the SSHFS I read every line and got a sense of what was going on and it seems to be internal. This was the error that happened at the end, debug3: read - ERROR from cb :87, io: ... The Authentication was successfull and went through but upon some more communication with the server the client can't seem to go past this error.

Hard to say what's the problem right? But when I changed my private key to id_rsa as the exact name for the file it worked! Halfway though, because I can't have multiple server with this setup. I need multiple network drives to be connected for my use.

As a temporary fix, I could make a script that changes names of my private keys and setup the sshfs afterwards and each time I restart my computer it runs the scripts but it's kinda sad ...

So now I know it's because the private key isn't or cannot be read at some point in the program, or the path itself. Because my keys are listed in the ~/.ssh/config file.

Since it's a matter of files that are in my computer, then there must be a problem between my computer and the program itself. Since the server works properly when I have the private key id_rsa as its name.

Or maybe something else? I'm very lost and I can't seem to be able to run SSHFS properly Also, I know it works with a password, but I am not allowed to use a password to connect to my servers, I have to use a private/public key. It's just not getting my private keys properly and I don't know why...

Any ideas ?

TobiVanHelsinki commented 1 year ago

Hi there, I can encountered the same behaviour. It seems that sshfs-win has a problem with custom names for the private key.

I was not able to debug like you, I tried however:

 .\sshfs-win.exe svc PREFIX V: \sshfs.k\username@serveralias -d
executing <ssh> <-x> <-a> <-oClearAllForwardings=yes> <-oUserKnownHostsFile=/dev/null> <-oStrictHostKeyChecking=no> <-oPreferredAuthentications=publickey> <-oPort=22> <-2> <> <-s> <sftp>
ssh: connect to host  port 22: Connection refused
read: Connection reset by peer

I also noticed, that a alias like this, with the standard-key-name, also doesn't work. So maybe the error lies more at reading the config file?

Host serveralias 
    HostName ipaddress
    User username
    IdentityFile "~/.ssh/id_rsa"

net use b: \\sshfs.k\username@serveralias 
Systemerror 67

Name not found.

But have no solution in mind. Maybe a bug. I think I wait for a next version.

john-hen commented 1 year ago

@TobiVanHelsinki I think there is a typo in your first command: the literal PREFIX shouldn't be there.

This works for me:

❯ sshfs-win.exe svc \sshfs.k\hostalias R:
Warning: Permanently added '[redacted]' (ECDSA) to the list of known hosts.
The service sshfs has been started.

With hostalias defined in %USERPROFILE%\.ssh\config, even with a custom name for the identity file, i.e. something other than id_rsa.

Host hostalias
    HostName server.domain.tld
    User username
    IdentityFile ~/.ssh/id_whatever

What doesn't work for me is the net use command, where I also get that system error:

❯ net use R: \\sshfs.k\hostalias
System error 67 has occurred.

The network name cannot be found.

This is all on Windows 11, with SSHFS-Win 3.5.20357 and WinFsp 2.0.23075.

peiwenxu commented 1 year ago

Same problem on win11. Looks like HOST alias doesn't work and could not read key files in ssh/config

b-a0 commented 1 year ago

Same problem as in the comment of john-hen, but I am on Windows 10 22H2 build 19045.3448 with SSHFS-Win 3.5.20357 and WinFsp 2.0.23075.

A custom private key name works when using the sshfs-win.exe svc route, but does not work when using net use or when typing the address directly in Windows Explorer. The latter works for hosts that use the a private key that is named id_rsa.

CaffeineViking commented 11 months ago

I also ran into this today, and probably spent an hour or so trying to figure what went wrong. Sharing my findings here in case it helps someone else.

Like some other people here mentioned (and in another related issue) the problem comes from using SSH keys that aren't in the "standard" format. i.e. they're not named id_rsa and id_rsa.pub. This is a bit of a problem, and I think more people will start to run into issues with this since e.g. GitHub are recommending using ed25519 instead of RSA. ssh-keygen generates a key with a different name for those.

This isn't usually a problem, ssh and all other tools that I've used have been fine with the default naming. However, if you try and use sshfs-win it doesn't seem like it's possible. In the docs it says you can use a custom profile by adding a ~/.ssh/config file. That doesn't seem to work. Even if I provide the correct location with a custom host, it fails to resolve the key (in some cases). The only way I have gotten it to work as-is is by using sshfs-win.exe svc as mentioned above. The problem there is that it doesn't seem to stay across restarts. For me, I wanted to some servers to auto-connect on Windows startup. Terminating sshfs-win.exe unmounts those drivers, so it's not ideal (might be possible by calling sshfs-win.exe svc on boot, but that sounds very hacky considering we can use "Mount network driver" in the regular case).

I also tried using net use but that also didn't work. I got "System Error 67" like someone else mentioned above.

The solution: rename id_ed25519 and id_ed25519.pub to id_rsa and id_rsa.pub in ~/.ssh. It's fine if they still have ED25519 keys in the file, SSH is able to figure out what they are (it's in the file). This works with both net use and Map network drive. It's not super elegant way to solve it... but it works, and at least for me was the best solution (since I use the same key for all of my servers). This would've been trickier if they all used different ones...

I'm curious where the problem is, if it's sshfs-win or winfsp or Windows itself. It seems it works fine with sshfs-win.exe svc so I'm almost assuming this is some Windows-side limitation of being able to resolve the hosts in ~/.ssh/config

Andyloz commented 11 months ago

Same issue here. Any updates of a fix?

johnrclark3 commented 10 months ago

Do not use net use or map network drive on windows as it seems buggy. In another issue I found a solution that is working well.

Related: #74

Zirpoo commented 9 months ago

Do not use net use or map network drive on windows as it seems buggy. In another issue I found a solution that is working well.

Related: #74

Hey! Thanks for your comment, I tried your solution and it seemed to work very well! I just did something a bit different on my Windows 11 setup I created a file.bat and wrote powershell "Start-Process -WindowStyle hidden -filepath sshfs-win -ArgumentList \"svc \sshfs.k\user@host D:"\" and this worked for me. I didn't have to let the command line opened at all time for it to work.

manu0401 commented 4 weeks ago

This issue is a duplicate of https://github.com/winfsp/sshfs-win/issues/74 where I posted some good news in https://github.com/winfsp/sshfs-win/issues/74#issuecomment-2451112771

winfsp / sshfs-win

SSHFS with publickey on Windows 11 is not working properly #387