Monday, February 10, 2025

openssh use public-key to connect (both server and client was windows)

 server side:

    1 edit sshd_config

        1.1 remove # at line

        PubkeyAuthentication yes

        PasswordAuthentication no   (change yes -->no)

        1.2 add # at two lines of end file

        #Match Group administrators

           #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

    restart openssh service

    3 create file authorized_keys   (c:\user\prapop\.ssh\authorized_keys)

    may be need

    4 remove inherite permission and remove adminostator of file authorized_keys  

client side

    1 ssh-keygen

    2 copy id_rsa.pub (client side) --> authorized_keys (server side)

ssh -N -R 12345:localhost:21118 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 192.168.0.86


at
Labels:

Friday, February 7, 2025

openssh server windows and revese tunnel

  • Download the latest OpenSSH for Windows binaries (package OpenSSH-Win64.zip or OpenSSH-Win32.zip)
  • As the Administrator, extract the package to C:\Program Files\OpenSSH
  • As the Administrator, install sshd and ssh-agent services:
    powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

Configuring SSH server

  • Allow incoming connections to SSH server in Windows Firewall:
    • When installed as an optional feature, the firewall rule “OpenSSH SSH Server (sshd)” should have been created automatically. If not, proceed to create and enable the rule as follows.
    • Either run the following PowerShell command as the Administrator:
      New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe"
      Replace C:\Windows\System32\OpenSSH\sshd.exe with the actual path to the sshd.exe (C:\Program Files\OpenSSH\ssh.exe, had you followed the manual installation instructions above).
    • or go to Windows Security > Firewall & network protection1 > Advanced Settings > Inbound Rules and add a new rule for port 22.
  • Start the service and/or configure automatic start:
    • Go to Control Panel > System and Security > Windows Tools (Administrative Tools on Windows 10 and older) and open Services. Locate OpenSSH SSH Server service.
    • If you want the server to start automatically when your machine is started: Go to Action > Properties (or just double-click the service). In the Properties dialog, change Startup type to Automatic and confirm.
    • Start the OpenSSH SSH Server service by clicking the Start the service link or Action > Start in the menu.

Setting up SSH public key authentication

Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with the following difference:

  • Create the .ssh folder (for the authorized_keys file) in your Windows account profile folder (typically in C:\Users\username\.ssh).2
  • For permissions to the .ssh folder and the authorized_keys file, what matters are Windows ACL permissions, not simple *nix permissions. Set the ACL so that the respective Windows account is the owner of the folder and the file and is the only account that has a write access to them. The account that runs OpenSSH SSH Server service (typically SYSTEM or sshd) needs to have read access to the file.
  • Though, with the default Win32-OpenSSH configuration there is an exception set in sshd_config for accounts in Administrators group. For these, the server uses a different location for the authorized keys file: %ALLUSERSPROFILE%\ssh\administrators_authorized_keys (i.e. typically C:\ProgramData\ssh\administrators_authorized_keys).

C:\Program Files\OpenSSH\ssh-keygen.exe

(on windows10 will copy to user folder)


Client 

install openssh

cmd-->

ssh -N -R 12345:localhost:21118 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 192.168.0.86


Cr: https://winscp.net/eng/docs/guide_windows_openssh_server

at
Labels:
Subscribe to: Posts (Atom)