Link to home
Create AccountLog in
Avatar of jdana
jdanaFlag for United States of America

asked on

Location of authorized_keys file

I just set up my first SFTP server (SSHWindows or OpenSSH for Windows) on a client Windows 2000 Server.  Here's where things stand:
1. Installation complete.
2. Password file is setup.
3. Home directory changed to a Windows share named SFTP.
4. Firewall setup for Port 22.
5. Successful client logon using Filezilla from my home network with a user / password combo.
6. EE expert DaveHowe provided me with a very useful explanation of the SFTP public key / private key concept and the authorized_keys file.  Dave suggested that I place the public key in $HOME/.ssh/authorized_keys or in an alternate location if my server isn't a "true" SSH server.  
7. I poked around a bit on the server.  I ran ssh-keygen and produced authorized_keys and authorized_keys.pub files in the ...\OpenSSH\bin folder.  Will the files work from this location?  (I suspect they won't.)  I'm unable to create $HOME/.ssh/authorized_keys because ".ssh" is an invalid name for a Windows folder.  
8. I'm also struggling with Filezilla.  I couldn't locate a way to reference a private key using the Site Manager.  Is this functionality beyond Filezilla?  
Avatar of ravenpl
ravenpl
Flag of Poland image

OpenSSH for Windows: keys should be placed in c:\Documents and Settings\username\.ssh\
> because ".ssh" is an invalid name for a Windows folder.
It's supported since win95 osr2 and fat32, and windows nt40 w/ntfs.
Avatar of jdana

ASKER

ravenpl - I was able to create ".ssh" using the command prompt utility mkdir.  I changed the home directory to D:\sftp.  (Unfortunately, the c drive is not an option for the home directory.)  Will I have any trouble with D:\sftp\username\.ssh as a repository for keys?
> Will I have any trouble with D:\sftp\username\.ssh as a repository for keys?
It have to be in user's HOME directory. Under Windows it's
echo %HOMEPATH%
or
echo %USERPROFILE%
ASKER CERTIFIED SOLUTION
Avatar of ravenpl
ravenpl
Flag of Poland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
It doesn't *have* to be called that - if you go to the sshd_config file and add a line "AuthorizedKeysFile <file path>" into it, and then that becomes the "new" location for the file. this is by default relative to the user's home dir (so .ssh/authorized_keys would be the default value) but if you start it with a / you can make it an absolute path (so /etc/sshkeys/%u would look for a file with the same name as the user in a subdirectory of /etc called sshkeys)

it will then fall back to $HOME/.ssh/authorized_keys though, unless you *also* set AuthorizedKeysFile2 - its an undocumented (well poorly documented, given I know it :) failback for openssh. or you could just remove the dot, so your subdir is called ssh rather than ssh (which is noticably more windows-friendly)


oh - and if you run pageant from the puTTY toolset, and attempt a login with an empty password, filezilla will use the key from pageant for the login.

http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe
Avatar of jdana

ASKER

Just to get things working, I temporarily pointed OpenSSH for Windows back at C:\Documents and Settings\jdana, and created a ...\jdana\.ssh file.  I can connect to the jdana folder from the WAN using Filezilla using a user / pw combo.  

Now I want to using connect using the private / public keys.  I generated a key pair using ssh-keygen.  The private / public keys are in the files authorized_keys and authorized_keys.pub, respectively.  

In a previous EE posting, DaveHowe informed me that I should use the public key on the server side.  Does that mean I should put authorized_keys.pub in ...\jdana\.ssh.  Where does the authorized_keys file go on the Filezilla client side?
the data from the .pub goes into the authorized_keys file for the user.

Filezilla uses the "putty" toolset for its crypto - use http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe to convert the ssh-keygen key into the correct file format for putty, then pageant (link earlier) to make it available to filezilla.
Avatar of jdana

ASKER

ravenpl & Dave,

Great comments from both of you.  Thanks.  Dave, bear with me.  This last question should do the trick.  You stated, "the data from the .pub goes into the authorized_keys file for the user."  Does this mean that I should:
1. Take the public key from "authorized_keys.pub."  (I assume "pub" is short for public.)
2. Put this data in an "authorized_keys" file (w/o the ".pub").
3. Put this file in the ...\jdana\.ssh folder on the server.
On the client machine.  
1. I take the private key from "authorized_keys"
2. I drop that key into puttygen.exe to make the key into the "putty format."
3. I run pageant.exe from the "putty toolset," and attempt to logon using a blank password.  
Correct?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account