Hi,
when creating a server for accepting a reverse tunnel, the files C:\ProgramData\ssh\ssh_rdp_over_ssh_key, C:\ProgramData\ssh\ssh_rdp_over_ssh_key.pub and C:\ProgramData\ssh\administrators_authorized_keys are all created as existing but empty 0KB files.
If I try to use the "Show SSH Server Key" GUI function, an empty window is shown.
Also, the permissions for the file C:\ProgramData\ssh\administrators_authorized_keys are too permissive. I needed to run icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" on it (see this documentation).
Same problem on the client that initiates the tunnel:
The permissions of the file C:\ProgramData\ssh\ssh_rdp_over_ssh_1_key are too permissive.
Also, key files for the Windows native SSH client need a line feed at the end, which might not get copy&pasted (see here).
Despite manually fixing all of this, I'm still stuck at "Permission denied (publickey)." on the client side.
I can connect manually. I have verified that the command ssh -i C:\ProgramData\ssh\ssh_rdp_over_ssh_1_key -p [Same port as in GUI] [Windows Username on server]@[Same host as in GUI] works without a password prompt.
My current suspicion is that RDPoverSSH uses the wrong username, because that's the only part I can't set in the GUI.
The Windows username of the user running RDPoverSSH is different on both systems.
When using ssh without the "[Username of server]@" part, the connection fails because it ssh tries to use the current logged in user as the default. Since I have never told RDPoverSSH the username used on the system that accepts the tunnel, it can't know the correct one.
Hi,
when creating a server for accepting a reverse tunnel, the files C:\ProgramData\ssh\ssh_rdp_over_ssh_key, C:\ProgramData\ssh\ssh_rdp_over_ssh_key.pub and C:\ProgramData\ssh\administrators_authorized_keys are all created as existing but empty 0KB files.
If I try to use the "Show SSH Server Key" GUI function, an empty window is shown.
Also, the permissions for the file C:\ProgramData\ssh\administrators_authorized_keys are too permissive. I needed to run
icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"on it (see this documentation).Same problem on the client that initiates the tunnel:
The permissions of the file C:\ProgramData\ssh\ssh_rdp_over_ssh_1_key are too permissive.
Also, key files for the Windows native SSH client need a line feed at the end, which might not get copy&pasted (see here).
Despite manually fixing all of this, I'm still stuck at "Permission denied (publickey)." on the client side.
I can connect manually. I have verified that the command
ssh -i C:\ProgramData\ssh\ssh_rdp_over_ssh_1_key -p [Same port as in GUI] [Windows Username on server]@[Same host as in GUI]works without a password prompt.My current suspicion is that RDPoverSSH uses the wrong username, because that's the only part I can't set in the GUI.
The Windows username of the user running RDPoverSSH is different on both systems.
When using ssh without the "[Username of server]@" part, the connection fails because it ssh tries to use the current logged in user as the default. Since I have never told RDPoverSSH the username used on the system that accepts the tunnel, it can't know the correct one.