How to use key authentication to ssh to a Windows host

How to connect using copssh

I just succeeded in connecting to a Windows 2000 computer running copssh from a Linux computer. I thought it would be a good idea to document what I've done, but I must warn you that I thrashed trying to make this happen, so some of the following may be wrong or may not be necessary.

Obtain copssh from ITefix. I selected Copssh from the sourceforge box (second box down on the left) and installed it on the Windows 2000 computer.

INSTPATH is the path into which you installed on the Windows computer, perhaps C:\Program Files\ITE, but since you may install anywhere, substitute the path you used for INSTPATH herein.

During the installation, I set the password for user SvcCOPSSH blank. When the installation completed, I created a user on the Windows computer, setting the password to never expire and making the user a Member Of Administrators. I then set a simple password, thinking it would only be used once. When I deleted the user, attempts to ssh from the Linux client to the Windows host were rejected with a message displayed on the client that said Connection closed by (followed by the IP address of the Windows computer). So, I created the user again, using the same poor password. Now I wish I had used a better password. Note that there is no directory in C:\Documents and Settings for this user.

On the Windows computer, I ran 01. COPSSH Control Panel and added my user, setting Shell: to Windows shell and checking both Password authentication and Public key authentication, but not checking Allow TCP forwarding. After clicking Apply, I found that INSTPATH\bin\copsshcp.config contained a [User ...] entry that had the settings I had just specified. However, the [Commands] section contained the wrong path to the Windows shell, which in Windows 2000 is WINNT (not Windows), so I corrected that line so it now looks like this:

Windows shell=/cygdrive/c/winnt/system32/cmd.exe

In INSTPATH\etc\sshd_config I found the same error in the ForceCommand line in the Match User section, so I corrected it also. Now it looks like this:

ForceCommand   /cygdrive/c/winnt/system32/cmd.exe

In INSTPATH\home I found a directory with the same name as my user, and a subdirectory there named .ssh. I copied the content of INSTPATH\etc\ssh_host_ecdsa_key.pub into Notepad and saved it into INSTPATH\home\MY_USER_LOGIN_NAME\.ssh\authorized_keys

On my Linux client, in my HOME/.ssh directory, I created a file named id_ecdsa.pub with permissions 0644 containing that same key. Also in that .ssh directory, I made a copy of the INSTPATH\etc\ssh_host_ecdsa_key into a file named id_ecdsa with permissions 0600. I doubt that doing so was necessary, but because I was having problems connecting, it was something I tried, and I have no intention of removing it now that I'm connecting to the Windows box.

I restarted the Openssh SSHD service from the COPSSH Control Panel and then ran ssh REMOTENAME, but the connection was refused. I found the reason in the Control Panel log, where the error message said

reverse mapping checking getaddrinfo for LINUXBOX [IP] failed

so I edited C:\WINNT\system32\drivers\etc\hosts to contain the (static) IP addresses and names of all of the computers on my LAN.

I finally managed to ssh into the Windows box using ssh MY_USER_LOGIN_NAME@WINBOXNAME, and I continue to need that syntax because ssh WINBOXNAME often returns error

Connection closed by

otherwise. The first attempt required password authentication, but after that initial connection was made, removing the check mark from Password authentication in Control Panel and clicking Apply proved that subsequent connections used key authentication rather than password authentication.

23 February 2011