Linux – Command to copy client public key to Windows OpenSSH SFTP/SSH server authorized keys file

linuxopensshsftpsshwindows

I have a Linux machine, and I need to sftp to a Windows SFTP server. So for first step, I create my own id_rsa file and the id_rsa.pub in my Linux machine.

Then I copy the text in the id_rsa.pub into the id_rsa.pub in the SFTP server.

And the sftp connection work correctly.

However, I would like to ask about the command to copy the public key from client to server. I have search in google and I get a command which is:

ssh-copy-id -i id_rsa.pub ftp_user*@10.7.8.32

But I hit the following error:

'exec' is not recognized as an internal or external command, operable program or batch file.
The system cannot find the path specified.

enter image description here

I believe there is some command exits for this right? Instead of I copy the public key manually to the SFTP server.

The SFTP version is SFTP protocol version 3.

Best Answer

ssh-copy-id script works only against *nix servers (or servers with *nix emulation), as it internally executes some *nix shell command on the server (like exec, sh, umask, rm, mkdir, tail, cat, etc).

You can setup the key manually. I'm aware that you know that, but as there subtle differences, when doing that on a Windows server, I'll mention it anyway for benefit of other readers.

Main steps are:

  • Create the .ssh folder in your Windows account profile folder (typically in C:\Users\username\.ssh).
  • Create authorized_keys file in the folder and add your public key to it.
  • Make sure that the ACL of the .ssh folder and the authorized_keys so that only a respective Windows account have a write access to the folder and the file and the account that runs the server have a read access. Also note that the location of the file for Administrators is overriden in the default sshd_config file to %ALLUSERSPROFILE%\ssh\administrators_authorized_keys.

For details, see my guide for Setting up SSH public key authentication on Win32-OpenSSH.

If you want to do that from your local machine, you can do it using sftp. Particularly if you have no key on the server registered yet, you can just upload the id_rsa.pub file as authorized_keys file:

$ sftp martin@example.com
martin@example.com's password:
Connected to martin@example.com.
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub authorized_keys
Uploading id_rsa.pub to /C:/Users/martin/.ssh/authorized_keys
id_rsa.pub                                   100%  401   197.5KB/s   00:00
sftp> bye

The above is basically, what ssh-copy-id does internally – Except that ssh-copy-id appends the authorized_keys, what plain sftp cannot do. If you need to append, you can download authorized_keys to the local machine, append it locally and re-upload it back.

Alternatively, you you can setup the key from another Windows machine using (my) WinSCP client, with its Install Public Key into Server function.

See also my answer to Setting up public key authentication to Linux server from Windows (ppk private key).

Related Question