0

I have an authentication problem in Windows Server 2016.

I've created a Local User (not Administrator) that needs to connect via SSH authenticating with its private key.

As Windows Server 2016 doesn't come with OpenSSH feature installable, I've followed this guide and succesfully installed the latest build of OpenSSH from PowerShell github repo. In Windows Server Services "OpenSSH SSH Server" is correctly running and set to automatic startup.

I've also created a specific Inbound Rule in Windows Firewall with Advanced Security to allow connections through port 22 only from specific IPs (as a matter of fact, standard authentication with username and password works both in Putty and WinSCP).

I've put the user's public key in an "authorized_keys" file in the ".ssh" folder inside user (later called username1) main directory. I've tried both manually (creating the folder and copying the file) and using WinSCP "Install Public Key into Server" feature. In both cases the result is the same.

The folder has read and write permissions both for the Administrators and the Local User that needs to authenticate. The key has the "ssh-rsa XXXXXXX rsa-key-YYYYMMDD" format.

Lastly, I've inserted the Private Key in the SSH -> Authentication tab inside WinSCP and tried to connect. I got the following "Server refused our key" error.

I got the same error both in WinSCP and Putty. I've created new Private/Public keys just for testing purposes, and created a "administrators_authorized_keys" file in "C:\ProgramData\ssh" with the same public key, but I get the same error. I suppose there is something wrong with file permission.

I can't figure out what I'm missing. I've read lots of questions, but they are all about Linux instances. Can someone please help me?

This is WinSCP log:

2019-12-17 14:16:03.852 --------------------------------------------------------------------------
2019-12-17 14:16:03.889 Looking up host "XXX.XXX.XXX.X" for SSH connection
2019-12-17 14:16:03.889 Connecting to XXX.XXX.XXX.X port 22
2019-12-17 14:16:03.936 Selecting events 63 for socket 1788
2019-12-17 14:16:03.936 We claim version: SSH-2.0-WinSCP_release_5.15.9
2019-12-17 14:16:03.960 Waiting for the server to continue with the initialization
2019-12-17 14:16:03.961 Looking for incoming data
2019-12-17 14:16:03.961 Looking for network events
2019-12-17 14:16:03.961 Detected network event
2019-12-17 14:16:03.961 Enumerating network events for socket 1788
2019-12-17 14:16:03.961 Enumerated 18 network events making 18 cumulative events for socket 1788
2019-12-17 14:16:03.961 Handling network write event on socket 1788 with error 0
2019-12-17 14:16:03.961 Handling network connect event on socket 1788 with error 0
2019-12-17 14:16:03.961 Looking for network events
2019-12-17 14:16:04.026 Detected network event
2019-12-17 14:16:04.026 Enumerating network events for socket 1788
2019-12-17 14:16:04.026 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.026 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.027 Server version: SSH-2.0-OpenSSH_for_Windows_8.0
2019-12-17 14:16:04.027 Using SSH protocol version 2
2019-12-17 14:16:04.027 Have a known host key of type ssh-ed25519
2019-12-17 14:16:04.028 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.028 Looking for incoming data
2019-12-17 14:16:04.028 Looking for network events
2019-12-17 14:16:04.078 Detected network event
2019-12-17 14:16:04.078 Enumerating network events for socket 1788
2019-12-17 14:16:04.078 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.078 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.079 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
2019-12-17 14:16:04.103 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.103 Looking for incoming data
2019-12-17 14:16:04.103 Looking for network events
2019-12-17 14:16:04.151 Detected network event
2019-12-17 14:16:04.151 Enumerating network events for socket 1788
2019-12-17 14:16:04.151 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.151 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.529 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
2019-12-17 14:16:04.531 Host key fingerprint is:
2019-12-17 14:16:04.531 ssh-ed25519 256 XXXXXXXXX
2019-12-17 14:16:04.531 Verifying host key ssh-ed25519 XXXXXXXXXXX
2019-12-17 14:16:04.572 Host key matches cached key
2019-12-17 14:16:04.572 Selecting events 63 for socket 1788
2019-12-17 14:16:04.572 Initialised AES-256 SDCTR client->server encryption
2019-12-17 14:16:04.572 Initialised HMAC-SHA-256 client->server MAC algorithm
2019-12-17 14:16:04.572 Initialised AES-256 SDCTR server->client encryption
2019-12-17 14:16:04.572 Initialised HMAC-SHA-256 server->client MAC algorithm
2019-12-17 14:16:04.572 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.572 Looking for incoming data
2019-12-17 14:16:04.572 Looking for network events
2019-12-17 14:16:04.746 Detected network event
2019-12-17 14:16:04.746 Enumerating network events for socket 1788
2019-12-17 14:16:04.746 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.746 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.746 Reading key file "C:\Users\username1\Desktop\private.ppk"
    ! 2019-12-17 14:16:04.748 Using username1 "USERNAME1".
2019-12-17 14:16:04.783 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.783 Looking for incoming data
2019-12-17 14:16:04.783 Looking for network events
2019-12-17 14:16:04.847 Detected network event
2019-12-17 14:16:04.847 Enumerating network events for socket 1788
2019-12-17 14:16:04.847 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.847 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.847 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:04.847 Offered public key
2019-12-17 14:16:04.847 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.847 Looking for incoming data
2019-12-17 14:16:04.847 Looking for network events
2019-12-17 14:16:04.923 Detected network event
2019-12-17 14:16:04.923 Enumerating network events for socket 1788
2019-12-17 14:16:04.923 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.923 Handling network read event on socket 1788 with error 0
    ! 2019-12-17 14:16:04.923 Server refused our key
2019-12-17 14:16:04.937 Server refused our key
2019-12-17 14:16:04.937 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:04.938 Attempting keyboard-interactive authentication
2019-12-17 14:16:04.938 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.938 Looking for incoming data
2019-12-17 14:16:04.938 Looking for network events
2019-12-17 14:16:05.004 Detected network event
2019-12-17 14:16:05.005 Enumerating network events for socket 1788
2019-12-17 14:16:05.005 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:05.005 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:05.005 Server refused keyboard-interactive authentication
2019-12-17 14:16:05.005 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:05.005 Prompt (password, "SSH password", <no instructions>, "&Password: ")

Here OpenSSH log:

3356 2019-12-17 19:31:44.650 debug1: inetd sockets after dupping: 4, 4
3356 2019-12-17 19:31:44.650 Connection from X.XX.XX.XXX port 54728 on 10.0.0.2 port 22
3356 2019-12-17 19:31:44.650 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.0
3356 2019-12-17 19:31:44.650 debug1: Remote protocol version 2.0, remote software version WinSCP_release_5.15.9
3356 2019-12-17 19:31:44.650 debug1: no match: WinSCP_release_5.15.9
3356 2019-12-17 19:31:44.650 debug2: fd 4 setting O_NONBLOCK
3356 2019-12-17 19:31:44.666 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y
3356 2019-12-17 19:31:44.666 debug2: Network child is on pid 4660
3356 2019-12-17 19:31:44.666 debug3: send_rexec_state: entering fd = 6 config len 289
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: send_rexec_state: done
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: preauth child monitor started
3356 2019-12-17 19:31:44.681 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.681 debug3: send packet: type 20 [preauth]
3356 2019-12-17 19:31:44.681 debug1: SSH2_MSG_KEXINIT sent [preauth]
3356 2019-12-17 19:31:44.744 debug3: receive packet: type 20 [preauth]
3356 2019-12-17 19:31:44.744 debug1: SSH2_MSG_KEXINIT received [preauth]
3356 2019-12-17 19:31:44.744 debug2: local server KEXINIT proposal [preauth]
3356 2019-12-17 19:31:44.744 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression ctos: none [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression stoc: none [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages ctos:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages stoc:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: first_kex_follows 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: reserved 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: peer client KEXINIT proposal [preauth]
3356 2019-12-17 19:31:44.744 debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers ctos: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers stoc: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression ctos: none,zlib [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression stoc: none,zlib [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages ctos:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages stoc:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: first_kex_follows 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: reserved 0  [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: algorithm: [email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3356 2019-12-17 19:31:44.744 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3356 2019-12-17 19:31:44.822 debug3: receive packet: type 30 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_sshkey_sign entering [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_send entering: type 6 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive entering
3356 2019-12-17 19:31:44.822 debug3: monitor_read: checking request 6
3356 2019-12-17 19:31:44.822 debug3: mm_answer_sign
3356 2019-12-17 19:31:44.822 debug3: mm_answer_sign: hostkey proof signature 000001D8B28BAFA0(83)
3356 2019-12-17 19:31:44.822 debug3: mm_request_send entering: type 7
3356 2019-12-17 19:31:44.822 debug2: monitor_read: 6 used once, disabling now
3356 2019-12-17 19:31:44.822 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive_expect entering: type 7 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:44.822 debug3: send packet: type 31 [preauth]
3356 2019-12-17 19:31:44.822 debug3: send packet: type 21 [preauth]
3356 2019-12-17 19:31:44.822 debug2: set_newkeys: mode 1 [preauth]
3356 2019-12-17 19:31:44.822 debug1: rekey out after 4294967296 blocks [preauth]
3356 2019-12-17 19:31:44.822 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3356 2019-12-17 19:31:44.822 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3356 2019-12-17 19:31:45.338 debug3: receive packet: type 21 [preauth]
3356 2019-12-17 19:31:45.338 debug1: SSH2_MSG_NEWKEYS received [preauth]
3356 2019-12-17 19:31:45.338 debug2: set_newkeys: mode 0 [preauth]
3356 2019-12-17 19:31:45.338 debug1: rekey in after 4294967296 blocks [preauth]
3356 2019-12-17 19:31:45.338 debug1: KEX done [preauth]
3356 2019-12-17 19:31:45.416 debug3: receive packet: type 5 [preauth]
3356 2019-12-17 19:31:45.416 debug3: send packet: type 6 [preauth]
3356 2019-12-17 19:31:45.494 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.494 debug1: userauth-request for user username1 service ssh-connection method none [preauth]
3356 2019-12-17 19:31:45.494 debug1: attempt 0 failures 0 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_getpwnamallow entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 8 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive_expect entering: type 9 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.494 debug3: monitor_read: checking request 8
3356 2019-12-17 19:31:45.494 debug3: mm_answer_pwnamallow
3356 2019-12-17 19:31:45.494 debug2: parse_server_config: config reprocess config len 289
3356 2019-12-17 19:31:45.494 debug3: checking match for 'Group administrators' user username1 host X.XX.XX.XXX addr X.XX.XX.XXX laddr 10.0.0.2 lport 22
3356 2019-12-17 19:31:45.494 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3356 2019-12-17 19:31:45.494 debug1: user username1 does not match group list administrators at line 87
3356 2019-12-17 19:31:45.494 debug3: match not found
3356 2019-12-17 19:31:45.494 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 9
3356 2019-12-17 19:31:45.494 debug2: monitor_read: 8 used once, disabling now
3356 2019-12-17 19:31:45.494 debug2: input_userauth_request: setting up authctxt for username1 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_inform_authserv entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 4 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.494 debug3: monitor_read: checking request 4
3356 2019-12-17 19:31:45.494 debug3: mm_answer_authserv: service=ssh-connection, style=
3356 2019-12-17 19:31:45.494 debug2: monitor_read: 4 used once, disabling now
3356 2019-12-17 19:31:45.494 debug2: input_userauth_request: try method none [preauth]
3356 2019-12-17 19:31:45.494 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.494 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.510 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.510 debug3: send packet: type 51 [preauth]
3356 2019-12-17 19:31:45.556 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.556 debug1: userauth-request for user username1 service ssh-connection method publickey [preauth]
3356 2019-12-17 19:31:45.556 debug1: attempt 1 failures 0 [preauth]
3356 2019-12-17 19:31:45.556 debug2: input_userauth_request: try method publickey [preauth]
3356 2019-12-17 19:31:45.556 debug2: userauth_pubkey: valid user username1 querying public key ssh-rsa XXXXXXXXXXX [preauth]
3356 2019-12-17 19:31:45.556 debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:XXXXXXX [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_key_allowed entering [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_send entering: type 22 [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.556 debug3: monitor_read: checking request 22
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed entering
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed: key_from_blob: 000001D8B28BF1C0
3356 2019-12-17 19:31:45.556 debug1: trying public key file C:\\Users\\username1\\.ssh/authorized_keys
3356 2019-12-17 19:31:45.556 debug3: Bad permissions. Try removing permissions for user: VM-EPM\\username2 (S-1-5-21-3826319457-1004635287-1909893433-1001) on file C:/Users/username1/.ssh/authorized_keys.
3356 2019-12-17 19:31:45.556 Authentication refused.
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
3356 2019-12-17 19:31:45.556 Failed publickey for username1 from X.XX.XX.XXX port 54728 ssh2: RSA SHA256:o8b9CXuYPzNSz6M/rsN+XAQHqEcdPwWasDglinXbtig
3356 2019-12-17 19:31:45.556 debug3: mm_request_send entering: type 23
3356 2019-12-17 19:31:45.556 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive_expect entering: type 23 [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:45.556 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
3356 2019-12-17 19:31:45.556 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.556 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.572 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.572 debug3: send packet: type 51 [preauth]
3356 2019-12-17 19:31:45.666 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.666 debug1: userauth-request for user username1 service ssh-connection method keyboard-interactive [preauth]
3356 2019-12-17 19:31:45.666 debug1: attempt 2 failures 1 [preauth]
3356 2019-12-17 19:31:45.666 debug2: input_userauth_request: try method keyboard-interactive [preauth]
3356 2019-12-17 19:31:45.666 debug1: keyboard-interactive devs  [preauth]
3356 2019-12-17 19:31:45.666 debug1: auth2_challenge: user=username1 devs= [preauth]
3356 2019-12-17 19:31:45.666 debug1: kbdint_alloc: devices '' [preauth]
3356 2019-12-17 19:31:45.666 debug2: auth2_challenge_start: devices  [preauth]
3356 2019-12-17 19:31:45.666 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.666 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.681 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.681 debug3: send packet: type 51 [preauth]

In both logs, username1 is the Local User that needs to connect, username2 is an Administrator (not SYSTEM).

Thanks,

Andrea

Improve this question

1 Answer 1

Reset to default
1

I believe that this message is pretty clear:

3356 2019-12-17 19:31:45.556 debug3: Bad permissions. Try removing permissions for user: VM-EPM\username2 (S-1-5-21-3826319457-1004635287-1909893433-1001) on file C:/Users/username1/.ssh/authorized_keys.

No other user except for the user himself/herself (username1) can have write permissions to the authorized_keys file.

See also the section "Setting up SSH public key authentication" in my article on Windows OpenSSH.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .