0

All,

I'm quite adept at key generation and public/private key authentication on Linux, but am basically a fish out of water on windows. I have Win10 with Ubuntu bash installed and I've had no problem with the ssh-keygen from within bash and setting up outbound passwordless ssh access to all Linux hosts. That is not what this questions asks.

This is about generating keys natively within Win10 OS so that I can ssh into Win10 w/o a password. (not the WSL bash instance, Win10 itself) For example, I can sit on my arch host and ssh into Win10 as follows:

Arch Host valhalla to Win10 host elite (HP elite workstation):

20:04 valhalla:~> uname -a
Linux valhalla 4.8.3-1-ARCH #1 SMP PREEMPT Thu Oct 20 19:53:59 CEST 2016 x86_64 GNU/Linux
20:04 valhalla:~> ssh elite
david@elite's password:

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\david>dir /a
Volume in drive C is Windows
Volume Serial Number is EA64-6B82

Directory of C:\Users\david

10/23/2016  03:38 PM    <DIR>          .
10/23/2016  03:38 PM    <DIR>          ..
10/22/2016  05:40 AM    <DIR>          AppData
10/22/2016  05:40 AM    <JUNCTION>     Application Data [C:\Users\david\AppData\Roaming]
10/22/2016  07:35 AM    <DIR>          Contacts
10/22/2016  05:40 AM    <JUNCTION>     Cookies [C:\Users\david\AppData\Local\Microsoft\Windows\INetCookies]
10/22/2016  07:35 AM    <DIR>          Desktop
10/23/2016  04:17 PM    <DIR>          Documents
10/23/2016  02:53 AM    <DIR>          Downloads
10/22/2016  11:40 PM    <DIR>          Favorites
10/22/2016  07:35 AM    <DIR>          Links
10/22/2016  05:40 AM    <JUNCTION>     Local Settings [C:\Users\david\AppData\Local]
10/22/2016  07:35 AM    <DIR>          Music
10/22/2016  05:40 AM    <JUNCTION>     My Documents [C:\Users\david\Documents]
10/22/2016  05:40 AM    <JUNCTION>     NetHood [C:\Users\david\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/23/2016  03:37 PM         1,572,864 NTUSER.DAT
10/22/2016  05:40 AM           163,840 ntuser.dat.LOG1
10/22/2016  05:40 AM           131,072 ntuser.dat.LOG2
10/23/2016  03:38 PM         1,048,576 NTUSER.DAT{de890eec-984b-11e6-b234-9452f8984253}.TxR.0.regtrans-ms
<snip>
C:\Users\david>exit
Connection to elite closed.
20:04 valhalla:~>

The question is "is there a way to generate ssh keys (ecdsa) on Win10 natively?" (e.g. id_ecdsa and id_ecdsa.pub) and "if so, where do you put them on windows"? (is there a user .ssh directory, where they go?)

Worst case, "can I generate a key-pair on Linux and move the pair to Win10 and tell windows to use it?" (if so, same question "where would they go?")

(as a side note, it was just impressive as heck to be able to ssh into a windows OS, something I've taken for granted on Linux for 16 years, but was somewhat surprised when it worked into Win10 :)

Improve this question
2
  • I'm a bit puzzled by your question. If you want to ssh from valhalla (arch) to elite (win10), wouldn't you just use ssh-keygen on valhalla to generate a suitable key-pair, and then copy the public key to elite? (In fact, this is what you label "worst case".) Granted, I don't know exactly where in elite one would copy valhalla's public key, but my point is that, for this particular use case, all the key-generation would happen in valhalla, not in elite. Therefore, I don't understand why you'd want to generate a key-pair on win10 (elite)? Am I missing something?
    – kjo
    Commented Feb 22, 2017 at 13:55
  • 1
    No puzzlement -- you have whittle down the question to its essence -- Where in the hell do the keys go on elite? I can gen keypairs all day long, but if there is not magic location or reg-entry to point to them, then they are of very little use. I'm used to the linux side where everything has a logical home. .ssh, authorized_keys and known_hosts -- but trying to locate the equivalents on windoze -- I'm still trying :p
    – David C. Rankin
    Commented Feb 24, 2017 at 8:25

1 Answer 1

Reset to default
1

You might need to wait patiently ...

The native Windows SSH service (as opposed to the sshd in WSL) doesn't seem to have much documentation published for it. It seems to have appeared along with WSL but, so far as I can tell, is somewhat separate.

See Win32 OpenSSH RoadMap

Rough timeline on when the key tasks would be accomplished:

Date        Task 
3/31/2016   Reliability Enhancements    
5/15/2016   Security Enhancements   
10/15/2016  Code Prep for integration   
10/30/2016  Integration in main repo

Following Windows specific feature/work items are not in scope for this deadline:

  • MINGW build support
  • Use MS CNG (instead of OpenSSL)
  • Key management using MS CNG
  • Xterm, VT220 terminal modes
  • ETW Logging (syslog alternative in Windows)

(my emphasis)

But note you can now/soon run native Windows executables from Bash under Ubuntu under Windows (WSL). Using the sshd in WSL might therefore suit some use cases that were hitherto problematic.

Improve this answer
1
  • Hah! That explains why I couldn't find out any information about it! The WSL side of the house is simple. It's just Linux (Ubuntu) and it functions just like Linux always does. The default install (is really quite good, and includes ssh-keygen) makes it a snap to generate your keys and connect to the rest of the server world. Doing the same thing into Win10 proper was where documentation ran out. Being able to ssh into Win10 was a surprise (a good one), but determining what Windows used for ~/.ssh or authorized_keys prompted this question. (WSL runs X apps fine with xming)
    – David C. Rankin
    Commented Nov 1, 2016 at 8:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .