I'm trying to setup my Windows 10 machine to be an ssh server by using Win32-OpenSSH. The server is part of a domain, so I use the command
ssh -i ~/.ssh/id_rsa -l user@domain ip_address to connect from my ssh client.
This gives an error "Permission denied (publickey,keyboard-interactive)". On the server side, the log reads
sshd: Invalid user user@domain from ip_address port 59676
sshd: Connection closed by invalid user user@domain ip_address port 59676 [preauth]
I have also tried the following variation on the ssh command
ssh -i ~/.ssh/id_rsa domain/user@ip_address to try to connect from the client side. I get a "Connection reset by ip_address port 22" error.
If I look at the log on the server side, it says:
sshd: error: lookup_principal_name: User principal name lookup failed for user 'domain\user' (explicit: 5, implicit: 5)"
sshd: error: get_user_token - unable to generate token on 2nd attempt for user domain\user
sshd: fatal: ga_init, unable to resolve user domain\user
How can I resolve this error?
Details
On the server (Windows 10) side:
whoami confirms that my username is domain\user
I'd like to use public key authentication only, so I set the permissions in sshd_config to
PubkeyAuthentication yes PasswordAuthentication no All other settings are default. The full sshd_config file follows
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PubkeyAuthentication yes PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys I have the id_rsa.pub appended to the authorized_keys file in the C:\Users\user\.ssh directory. icacls .\authorized_keys returns
C:\Users\user\\.ssh\authorized_keys NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) DOMAIN\user:(I)(F) On the client (Ubuntu 20.04.3) side:
~/.ssh/id_rsa has the following permissions
-rw------- 1 ubuntu ubuntu 2655 Dec 30 18:16 id_rsa -rw-r--r-- 1 ubuntu ubuntu 576 Dec 30 18:16 id_rsa.pub 
$env:USERPROFILE\.ssh