windows 上 OpenSSH 服务 启用秘钥登录
windows 上 OpenSSH 服务 启用秘钥登录
windows 安装 OpenSSH 服务
最近需要在windows 服务器上部署自动发布程序,那么就需要用到 scp 和 ssh 的免密登录了
首先需要安装 OpenSSH 服务,过程可以看我上篇
windows 安装 OpenSSH 服务
windows 创建秘钥
定位到 C:\Program Files\OpenSSH,启用 powershell
cd 'C:\Program Files\OpenSSH'
$ .\ssh-keygen <== 建立密钥对
Generating public/private rsa key pair. ...
一路enter
定位到 C:\Users\Administrator.ssh 生成 authorized_keys 文件
cd C:\Users\Administrator\.ssh
cat id_rsa.pub >> authorized_keys
到这里你以为就可以像linux一样使用秘钥登录了?
不你错了!!! 这坑了我好长时间,我以为是权限问题,后来Google发现 微软真心坑爹
解决办法如下
找到 C:\ProgramData\ssh 文件夹中的 sshd_config
看看最后一行!!
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
这啥意思呢? 就是刚刚生成的authorized_keys 文件要放在 C:\ProgramData\ssh
文件夹下,还要改名成 administrators_authorized_keys
!!!
执行 cat id_rsa.pub >> administrators_authorized_keys
还有就是修改ssh 配置也是在 sshd_config 里面!
修改 sshd_config
完整配置
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin yes
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# GSSAPI options
#GSSAPIAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
与原配置相比增加三行
RSAAuthentication yes # 允许rsa
PubkeyAuthentication yes # 允许公钥登录
PermitRootLogin yes # 允许root登录
好吧 我照做
复制 id_rsa 到 linux 文件夹下 ,
chmod 600 id_rsa
设置 id_rsa 权限
测试ssh
ssh 登录
ssh -i ./id_rsa Administrator@your_ip
好吧 我照做,成功了 ...