For Windows OpenSSH, the only available authentication methods are 'password' and 'publickey'. The default is '.ssh/authorizedkeys.ssh/authorizedkeys2'. If the path is not absolute, it is taken relative to user's home directory (or profile image path).
Check /etc/ssh/sshdconfig in the server to ensure that RSAAuthentication, PubkeyAuthentication and UsePAM options aren't disabled, they can be enabled by default with yes. If you entered a passphrase while generating your client key, then you may try ssh-agent & ssh-add to achieve password-less connections in your session. One of the basic SSH hardening step is to disable password based SSH login. You know that you can use ssh with the root or other account’s password to login remotely into a Linux server. But this poses a security risk because a huge numbers of bots are always trying to login to your system with random passwords. This is called brute force attack. Use expect to do ssh with password instead of key. We can utilise expect to provide the password in.
If you’re tired of putting a password everything you login via SSH into your server via ssh root@your_server, there are ways to automatically login to your server without requiring you input a password. This is by using the built-in ssh-keygen command available in your Windows 10.
Basically, the ssh-keygen will create an authentication key pairs that you can use for Secure Shell protocol login.
How to login to SSH without Password
To start, open up a command prompt on your Windows 10. Type in your Cortana CMD.
Now, enter the command ssh-keygen, this will asked to enter a file name for it, make sure to leave it as blank so that it will save the pair as the default filename id_rsa:
Now, you’ll be asked to enter a passphrase. To improved security of your RSA key pair add your passphrase in it. You’ll also be asked to re-enter it again.
It will then create the id_rsa and id_rsa.pub file in your C:UsersYOUR_USERNAME.ssh directory and in the command screen it will show a randomart image.
Since ssh-copy-idis not a built-in command in Windows 10 (See explanation at the bottom), you need to manually add your public key to your server.
open up the id_rsa.pub file with a notepad and copy the whole text. The file is in C:UsersYOUR_USERNAME.ssh folder. Example id_rsa.pub file below.
Now, you need to login to your server via SSH with password as of now ssh root@YOUR_SERVER. Then you need to edit or make a file authorized_keys via vim. Enter this command:
Then paste the content of your id_rsa.pub on it or if it has existing keys, just paste it on the bottom. Then don’t forget to save it :wq.
If you have problem where there is ^M showing, especially if there are existing keys, just type this command e ++ff=dos and those ^M will be converted to normal lines.
After that, you can now login to your CMD via ssh root@YOUR_SERVER without requiring for entering your password.
SSH-Copy-ID is not available on Windows 10
The only problem with windows 10 is there is no ssh-copy-id command available in the OS and you need to manually add the pair into your server. You’ll get an error ‘ssh-copy-id’ is not recognized as an internal or external command, operable program or batch file.’ when you try to input it.
Load Key Operation not Permitted
If you’re getting an error saying “Load key “C:UsersYOUR_USERNAME/.ssh/id_rsa”: Operation not permitted”, this means you’re trying to create a folder in your .ssh directory named id_rsa.
Some people create these folder because they though the key was saved in that folder when they entered the ssh-keygen which says the following:
This happens, when you named the file when saving the ssh-keygen, make sure to leave it as blank to make sure the private key is save as the default id_rsa and id_rsa.pub.
Some server providers, such as Amazon EC2 and Google Compute Engine, disable SSH password authentication by default. That is, you can only log in over SSH using public key authentication.
SFTP is a protocol that runs over SSH, so this means SFTP using passwords will not work by default when SSH password authentication is disabled.
To enable SSH password authentication, you must SSH in as root to edit this file:
Then, change the line
to
After making that change, restart the SSH service by running the following command as root:
Ssh Server Password Change
Enable Logging In as root
Ssh Server Without Password
Some providers also disable the ability to SSH in directly as root. In those cases, they created a different user for you that has sudo privileges (often named ubuntu). With that user, you can get a root shell by running the command:
If you instead want to be able to directly SSH in as root, again edit this file:
And change the line
to
After making that change, restart the SSH service by running the following command as root:
If you enable this setting, don't forget to set a strong password for root by running the command.