Command to copy client public key to Windows OpenSSH SFTP/SSH server authorized keys file

Question

I have a Linux machine, and I need to sftp to a Windows SFTP server. So for first step, I create my own id_rsa file and the id_rsa.pub in my Linux machine.

Then I copy the text in the id_rsa.pub into the id_rsa.pub in the SFTP server.

And the sftp connection work correctly.

However, I would like to ask about the command to copy the public key from client to server. I have search in google and I get a command which is:

ssh-copy-id -i id_rsa.pub ftp_user*@10.7.8.32

But I hit the following error:

'exec' is not recognized as an internal or external command, operable program or batch file. The system cannot find the path specified.

I believe there is some command exits for this right? Instead of I copy the public key manually to the SFTP server.

The SFTP version is SFTP protocol version 3.

Answer 1

ssh-copy-id script works only against *nix servers (or servers with *nix emulation), as it internally executes some *nix shell commands on the server (like exec, sh, umask, rm, mkdir, tail, cat, etc).

---

You can setup the key manually. I'm aware that you know that, but as there are subtle differences, when doing that on a Windows server, I'll mention it anyway for benefit of other readers.

Main steps are:

• Create the .ssh folder in your Windows account profile folder (typically in C:\Users\username\.ssh).
• Create authorized_keys file in the folder and add your public key to it.
• Make sure that the ACL of the .ssh folder and the authorized_keys are set so that only a respective Windows account have a write access to the folder and the file and the account that runs the server have a read access. Also note that the location of the file for Administrators is overridden in the default sshd_config file to %ALLUSERSPROFILE%\ssh\administrators_authorized_keys.

For details, see my guide for Setting up SSH public key authentication on Win32-OpenSSH.

---

If you want to do that from your local machine, you can do it using sftp. Particularly if you have no key on the server registered yet, you can just upload the id_rsa.pub file as authorized_keys file:

$ sftp martin@example.com
martin@example.com's password:
Connected to martin@example.com.
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub authorized_keys
Uploading id_rsa.pub to /C:/Users/martin/.ssh/authorized_keys
id_rsa.pub                                   100%  401   197.5KB/s   00:00
sftp> bye                  

The above is basically, what ssh-copy-id does internally – Except that ssh-copy-id appends the authorized_keys, what plain sftp cannot do. If you need to append, you can download authorized_keys to the local machine, append it locally and re-upload it back.

---

Alternatively, you can setup the key from another Windows machine using (my) WinSCP client, with its Install Public Key into Server function.

See also my answer to Setting up public key authentication to Linux server from Windows (ppk private key).

Answer 2

You can follow Microsoft documentation to do it - https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#deploying-the-public-key

Summary (for Administrator)

• Generate ssh key files using the command ssh-key-gen on your client.
• Copy id_rsa.pub file to windows server at location C:\ProgramData\ssh\administrators_authorized_keys.
• Update ACL on windows server using command

  icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
  

• Now you should be able to connect to your windows server from your client using ssh without password.

Answer 3

Use git-bash in Windows 10: cmd below

ssh-copy-id user@hostname.example.com

Answer 4

You can copy it with

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh user@example.com "cat >> .ssh/authorized_keys"