Seeking assistance with pubkey authentication problem on Windows OS

Peter_Lawrence at belgocontrol.be Peter_Lawrence at belgocontrol.be
Wed Dec 14 22:17:33 AEDT 2016 

Hello.

May I please get your assistance regarding a road-block I've hit in setting up password-less ssh communication from a Linux host to a Windows client?


The Linux machine that I am using inside the company network runs SUSE Linux version 3.0.101-0.31-default and has had OpenSSH_6.2p2 installed.
I have installed OpenSSH-Win64 v0.0.4.0 on a Windows machine inside the same network that runs Windows 7 Professional 64-bit edition.

I can successfully connect from the Linux to Windows machine using ssh, however after I create an rsa public key on the Linux machine (and transfer it to the appropriate .ssh folder used by OpenSSH on my Windows machine) I can not longer connect (Permission denied (publickey,keyboard-interactive)).

Upon looking into the output when running sshd.exe in debug mode on my Windows machine I observed the following information:

debug1: userauth-request for user LAW service ssh-connection method publickey
debug1: attempt 2 failures 0
debug2: input_userauth_request: try method publickey
debug3: userauth_pubkey: have signature for RSA SHA256:KaoUvZv0d5zAcj9ZGsJ9uM+Fi
/p+pmp25pQywzNhriA
debug3: w32_write fd:-1
debug1: w32_write ERROR: bad fd: -1
debug1: auth agent did not authorize client LAW
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for LAW from 10.127.1.11 port 53773 ssh2: RSA SHA256:KaoUvZv0d5
zAcj9ZGsJ9uM+Fi/p+pmp25pQywzNhriA
debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-inte
ractive"


The w32_write function in the source code of OpenSSH is coming up against a bad file descriptor at the public-key authentication stage, but I can't understand what this may be alluding to.

All my folders related to the authorized_keys file have been given the correct permissions for my user (LAW), and the settings in the sshd_config file seem fine (I have set the line 
AuthorizedKeysFile C:\Users\LAW\.ssh\authorized_keys
in this file, where the authorized_keys file was the direct copy of the rsa public key generated on the Linux side).

I have also performed the ssh-lsa installation step for OpenSSH in Windows, which has successfully copied the ssh-lsa.dll file into the C:\Windows\System32 folder and has also added the entry ssh-lsa to the registry key "Authentication Packages" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
I have of course restarted my Windows machine for these changes to have taken effect. 


All I'm doing as a test was to log in to the windows machine from the Linux machine using the shell command
ssh LAW@<ip_address>
which works with my Windows password when there are no generated rsa public keys /root/.ssh folder on the Linux machine, however as soon as I generate a public key in this location I get the aforementioned problems with connection. I have noticed that not even ssh-copy-id works at this stage to copy over the public key to the Windows machine, and hence I am forced to use WinSCP on the Windows machine to copy over the key.

Could you please assist me to find a solution.
I have been able to get password-less ssh login working fine when installing Cygwin on the Windows machine with its openssh packages, however I wish to avoid the overhead of such an installation package on the Windows machine as I will be aiming to replicate the OpenSSH installation on many Windows machines thereafter. I thus wish to simply install OpenSSH to have an sshd service available and running on Windows.


I wish to add that if I can get this password-less ssh connection working successfully, I will request for my company to make a financial contribution to the OpenSSH project once I replicate the installations and configurations on the Windows machines of other site users. 
I thank you for your time, and I look forward to your reply. 
Yours sincerely,
Peter.
___________________________________________________________
Dr. Peter E. Lawrence  BSc(Ma & Comp Sc)(Hons) MSc(Ma Sc)(Res) PhD(Ma Sc)
Analyst & Software Engineer
BELGOCONTROL (CANAC) 
Tervuursesteenweg 303 
B - 1820 Steenokkerzeel 
Tel: [Office]:  +32 2 206 2588
       [GSM]:   +32 4 701 80752
Email: law at belgocontrol.be
Web:  www.belgocontrol.be
 



Belgocontrol Mail Disclaimer

More information about the openssh-unix-dev mailing list