Please answer the following
"OpenSSH for Windows" version
OpenSSH_7.6p1, LibreSSL 2.5.3
but the GitHub release is openssh 0.0.24.0 which I installed via Chocolatey.
Server OperatingSystem
Windows Server 2008 R2 Datacenter
What is failing
Permissions with host keys.
sshd by default using your install-sshd.ps1 script installs using some "NT SERVICE\SSHD" account which I don't actually see in my systems.. but in older installations it somehow works. However with this version this is not working. It's not able to load the files at all. So I change the permission for 1 of those files to Everyone, and it was able to read it, but then gave the following warning:
2576 15:25:27:432 error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2576 15:25:27:432 error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
2576 15:25:27:432 error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2576 15:25:27:432 error: Permissions for 'C:\Program Files\OpenSSH-Win64/./ssh_host_ed25519_key' are too open.
2576 15:25:27:432 error: It is required that your private key files are NOT accessible by others.
2576 15:25:27:432 error: This private key will be ignored.
2576 15:25:27:432 error: key_load_private: bad permissions
OK fine.. so I removed the Everyone permission.
Then I thought to change the user of the SSHD service to be the Local System account.
Well, that allowed it to load the keys, but all of them gave the above warning. Result from that I think is that when trying to connect to the SSH server it immediately rejects.
So... I took one of those keys and removed all permissions of the Administrators and left only SYSTEM to have rights. Same warning... it is not explain WHAT is the bad permission or what they should be.
But I also don't understand how this "NT SERVICE\SSHD" user is used to run the service while not being able to find this account on the computer at all.
Can you guys clean this up? Not sure why for the past several months there isn't a simple install script that just works. It's all this copy and pasting, flipping back and forth between CMD and Powershell.
I've been using this OpenSSH on my Win 2008r2 servers for about a couple of years, with various versions.. and with some minor tweaking it would always work. But this time I'm stumped.
Forgot to show the error coming also from the ssh-add command:
PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_dsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_dsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_rsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_ecdsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_ecdsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_ed25519_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_ed25519_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.
Please answer the following
"OpenSSH for Windows" version
OpenSSH_7.6p1, LibreSSL 2.5.3
but the GitHub release is openssh 0.0.24.0 which I installed via Chocolatey.
Server OperatingSystem
Windows Server 2008 R2 Datacenter
What is failing
Permissions with host keys.
sshd by default using your install-sshd.ps1 script installs using some "NT SERVICE\SSHD" account which I don't actually see in my systems.. but in older installations it somehow works. However with this version this is not working. It's not able to load the files at all. So I change the permission for 1 of those files to Everyone, and it was able to read it, but then gave the following warning:
2576 15:25:27:432 error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2576 15:25:27:432 error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
2576 15:25:27:432 error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2576 15:25:27:432 error: Permissions for 'C:\Program Files\OpenSSH-Win64/./ssh_host_ed25519_key' are too open.
2576 15:25:27:432 error: It is required that your private key files are NOT accessible by others.
2576 15:25:27:432 error: This private key will be ignored.
2576 15:25:27:432 error: key_load_private: bad permissions
OK fine.. so I removed the Everyone permission.
Then I thought to change the user of the SSHD service to be the Local System account.
Well, that allowed it to load the keys, but all of them gave the above warning. Result from that I think is that when trying to connect to the SSH server it immediately rejects.
So... I took one of those keys and removed all permissions of the Administrators and left only SYSTEM to have rights. Same warning... it is not explain WHAT is the bad permission or what they should be.
But I also don't understand how this "NT SERVICE\SSHD" user is used to run the service while not being able to find this account on the computer at all.
Can you guys clean this up? Not sure why for the past several months there isn't a simple install script that just works. It's all this copy and pasting, flipping back and forth between CMD and Powershell.
I've been using this OpenSSH on my Win 2008r2 servers for about a couple of years, with various versions.. and with some minor tweaking it would always work. But this time I'm stumped.
Forgot to show the error coming also from the ssh-add command:
PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_dsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_dsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_rsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_ecdsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_ecdsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. PS C:\Program Files\OpenSSH-Win64> ssh-add ssh_host_ed25519_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'ssh_host_ed25519_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.