无法使用 Ngrok SSH 到 Windows 机器

Question

I'm trying to connect to Windows user through SSH (public key authentication) from a remote machine over the internet using ngrok. But apparently not working.

Here are what I have done.

I installed and activated the SSH on the windows.

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

I generated public key files and sent to the remote machine to ssh from.

ssh-keygen

I changed/added following lines in the SSH setting file "C:\ProgramData\ssh\sshd_config"

PermitRootLogin yes
AllowUsers otheruser
PubkeyAuthentication yes 
PasswordAuthentication no 

I restarted the ssh server to apply the setting changes.

net stop sshd ; net start sshd

I installed ngrok and run ngrok

./ngrok tcp 22
# got "6.tcp.ngrok.io:25252"

I tried to ssh from the remote machine to the windows machine, using the "tmp" secret key file to the user "tmp".

ssh -i "C:\pg\.ssh\tmp" tmp@6.tcp.ngrok.io -p 25252

and failed.

ssh -i "C:\pg\.ssh\tmp" tmp@6.tcp.ngrok.io -p 25252
Enter passphrase for key 'C:\pg\.ssh\tmp':
tmp@6.tcp.ngrok.io: Permission denied (publickey,keyboard-interactive).

Answer 1

SSH to Windows is kind of waste of time. Their document https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement is outdated https://github.com/MicrosoftDocs/windowsserverdocs/issues/4598 and no longer works, unfortunately.

If you're on Windows 10, I suggest using WSL Linux on your Windows 10. It's basically Linux machine on Windows, but also available for the SSH feature. The WSL SSHing does work perfectly as well as you can do on a Linux machine.

Answer 2

Not tested on Ngrok myself but have a try the following steps.

• Install the features

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

• Start the sshd server (optionally add the service to Automatic launch)

Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

• Add the below to C:\ProgramData\ssh\sshd_config (the path may be different)

Notice that StrictModes no .

PubkeyAuthentication yes
PasswordAuthentication no
StrictModes no

• Add your client pub key(s) (or generate newly by ssh-keygen ) to the server's C:\ProgramData\ssh\administrators_authorized_keys and C:\Users\user\.ssh\authorized_keys

Note that not only into authorized_keys but also into administrators_authorized_keys . Because if you're an admin on the server you need to have the authorized pub keys in the administrators_authorized_keys file specifically. Adding the all pub keys to the both files doesn't hurt you. (or edit the sshd_config file)

• Restart the sshd server

You must restart the server when its authorized_keys and/or sshd_config file is updated.

stop-Service ssh
Start-Service sshd

• SSH into

Then try.

ssh user@192.168.1.2