windows 上 OpenSSH 服務 啟用秘鑰登錄

windows 安裝 OpenSSH 服務

最近需要在windows 服務器上部署自動發布程序，那么就需要用到 scp 和 ssh 的免密登錄了
首先需要安裝 OpenSSH 服務，過程可以看我上篇
windows 安裝 OpenSSH 服務

windows 創建秘鑰

定位到 C:\Program Files\OpenSSH,啟用 powershell
cd 'C:\Program Files\OpenSSH'

$ .\ssh-keygen  <== 建立密鑰對
Generating public/private rsa key pair. ...
一路enter

定位到 C:\Users\Administrator.ssh 生成 authorized_keys 文件

cd C:\Users\Administrator\.ssh
cat id_rsa.pub >> authorized_keys 

到這里你以為就可以像linux一樣使用秘鑰登錄了？
不你錯了！！！ 這坑了我好長時間，我以為是權限問題，后來Google發現 微軟真心坑爹

解決辦法如下

找到 C:\ProgramData\ssh 文件夾中的 sshd_config

看看最后一行！！

# override default of no subsystems
Subsystem	sftp	sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

這啥意思呢？ 就是剛剛生成的authorized_keys 文件要放在 C:\ProgramData\ssh 文件夾下，還要改名成 administrators_authorized_keys ！！！

執行 cat id_rsa.pub >> administrators_authorized_keys

還有就是修改ssh 配置也是在 sshd_config 里面！
修改 sshd_config

完整配置

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin yes

#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# GSSAPI options
#GSSAPIAuthentication no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

與原配置相比增加三行

RSAAuthentication yes # 允許rsa
PubkeyAuthentication yes # 允許公鑰登錄
PermitRootLogin yes # 允許root登錄

好吧 我照做

復制 id_rsa 到 linux 文件夾下 ，
chmod 600 id_rsa 設置 id_rsa 權限

測試ssh

ssh 登錄
ssh -i ./id_rsa Administrator@your_ip

好吧 我照做，成功了 ...