Configure and Install OpenSSH Public key authentication in Windows 10 for remote connectivity

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey what's up guys this is brandon lee with virtualization how to hope you guys are doing well and today we're going to talk about a topic that is normally associated with linux environments and that topic is ssh however ssh can be an extremely powerful connection protocol that we can use with windows specifically windows 10 is what we're going to focus on in this video so we're going to take a look at how to effectively configure ssh connections to your windows 10 machines and then also configure public key authentication to secure that ssh connection to windows so to get started with configuring our windows 10 workstation for openssh connectivity we need to install the optional feature so to do that we're going to navigate to the settings windows in settings we're going to click apps apps and features optional features add a feature so once we click add a feature we're going to scroll down to open ssh server place a check next to that and then click install now this will take a couple of minutes now that open ssh is installed we can close the optional features dialog box and now we want to edit the open ssh services that were installed so let's open our services console and navigate to open ssh and here we find two services that were installed with the optional features installation we've got open ssh ssh server and then authentication agent so if you notice the authentication agent is set to disabled we're going to set that to automatic click apply click ok we're going to now look at the settings for openssh server we're going to set this to automatic this will allow the service to start if we have to restart our windows hosts so i'm going to click apply and now both are set to automatic i'm going to now start the open ssh server service as well as the authentication agent service now both of the services are started we're now going to navigate to the program data directory on our local windows 10 workstation that will be the target for our open ssh connection i'm going to view hidden items so we can get to the program data directory and if you notice we have an ssh directory the ssh directory is populated now with several files that were created once we started the open ssh server services so many of those relate to the host side configuration public key private keys that are associated with the server but in particular we want to edit this sshd underscore config file so we're going to open this with notepad and in particular we're going to change three configuration items having to do with public key authentication so if you scroll down just a bit you will notice there is a pub key authentication yes stanza however it's commented out we're going to remove the the pound sign to uncomment that configuration scroll down just a bit more and you will see password authentication set to yes however it's commented out we want to remove that comment and i'm going to set that to no and that ensures that this open ssh server installed in windows 10 will only accept public key secured authentication requests which is a more secure method of authentication to our remote windows 10 host now scroll all the way to the bottom there are two lines in the configuration match group administrators as well as its associated configuration i'm going to comment that out uh windows 10 versions 1809 and higher were noted to have issues with this particular configuration and public key authentication so now i'm just simply going to save the file we're going to close this sshd config file and we're going to go back to our services console and restart our open ssh server anytime you make changes to that sshd underscore config file you need to bounce the open ssh server service to successfully pull the configuration changes so i'm going to restart the services for openssh server and we should be good to go now to begin the configuration for public key authentication now that we have the workstation configured to allow openssh server connections we have configured the sshd config file to allow public key authentication now we have logged in to the same workstation as the user that we intend to remotely connect from a remote workstation to this open ssh server so that work that user for me is a user that i have set up called uh test user so just a quick who am i you can see i'm running under the context of test user so now what we need to do under the profile of the user that you will be connecting to this workstation as under that profile directory we are going to create a special file known as the authorized keys file so under users test user i'm going to create a special directory called dot ssh now i've got dot ssh created now we're going to create a another special file that's known as the authorized keys file now if you look closely as i created and we're simply going to remove this dot txt extension so that this file no longer has a file extension it's just called authorized keys now another step that is extremely important is configuring the permissions for this special file for openssh public key authentication the recommended permissions for this authorized keys file for this particular user only contains the system apples as well as the user that you're logged in with that's creating this file those two permissions are the only ones that should have permissions on this file so let's take a look if we go to properties we go to security we can see that administrators also is a group that has permissions on this file so to get rid of any permissions outside of the system and test user permissions we need to break inheritance now let's break in a good way because really what that means is we are just simply saying we want to now be able to control all of the permissions without any being inherited so i'm going to click the button disable inheritance we're going to convert inherited permissions into explicit permissions because we want to keep the ones that are there and then start tweaking those so we're going to click that and if you notice now we haven't heard inherited from is none across the board through and click apply click ok now we can essentially start tweaking those permissions so now i can say edit and click administrators and remove so this is the recommendation system as well as the user that is uh the owner of that user profile directory and the user that you will be connecting as so we're going to say we're going to click apply click ok click ok and now we have this authorized keys file set up correctly now this authorized keys file will house the public key of the public key key pair so we've got a private key and a public key authorized keys file will house the public key component how do we get the private key let's look at generating this private public key pair so to generate this uh public private key pair or the public key pair that it's also called we can use a special command either in powershell or a command prompt and this command or this powershell window is actually on the host machine that i my host workstation which is also windows 10 and to generate that public private key pair you use a special command called ssh dash key gen now when you enter the ssh keygen command we basically have several defaults that we'll be prompted with i am simply going to accept the defaults by default it creates your public key pair private and public key in the dot ssh folder locally of your workstation that you're creating it on and it will put those files there where we can actually see the private and public key so i'm going to accept the defaults here it says it already exists i've been testing this and doing some other things so i'm just going to simply overwrite say yes you can also secure it with a passphrase which is recommended that way you've got an additional layer of security i'm just simply going to enter past that and then as you can see we have generated this public key pair now if i navigate to that directory which i have done it's under the user profile directory and i'm logged in as administrator locally and the dot ssh folder now we see the private key which is simply noted by the lack of the dot pub and then we have the public key now the public key is the one that we want to grab to put into the authorized keys file that we created earlier so as you can see here i have opened this up in notepad plus plus it's the private or the excuse me the public key file and so i'm just going to select all and i'm going to copy and then i'm simply just going to go back to the user profile directory that we house the authorized keys file in and i'm simply going to just edit that file open it with notepad and we are going to paste that public key into this authorized keys file i'm going to close out choosing save as i'm closing so now we have the public key file in our remote windows 10 host ready for connections now how do we connect going back to the powershell window now we can use the ssh command to connect as the user that we intend to connect as that we've set up the public key authentication for the ip address as well as pass in the public key and you can see all those elements here i've got ssh connecting as test user the remote i p address and the dash i parameter is the parameter that allows us to point to that correct private key that matches the public key that we just pasted in that authorized keys file so now that we have everything formed up in the command let's see what happens let's hit enter on the command and this is something that is expected basically uh we get a thumbprint uh security notice that says hey this host is not a host that you've connected to before are you sure that you trust the authenticity or the security of this host so we're just simply going to type in a yes and hit enter and there we go we have successfully connected via the open ssh server public key authentication using the public key variant in the authorized underscore keys file and then using that matching private key for test user and we can see we have a successful connection to our remote windows 10 host
Info
Channel: VirtualizationHowto
Views: 31,059
Rating: undefined out of 5
Keywords: Windows10, configuration, openssh, public key authentication, remote connectivity, secure Windows 10, server
Id: 9dhQIa8fAXU
Channel Id: undefined
Length: 13min 28sec (808 seconds)
Published: Mon Feb 21 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.