Setting up OpenSSH for Windows using public key authentication

Question

I am having issues setting up OpenSSH for Windows, using public key authentication.

I have this working on my local desktop and can ssh with a key from Unix machines

Answer 1

This is just my scripted version of @n0rds great answer.

Place this script in a directory w/ your private/public key/pair and run!

PowerShell.exe -ExecutionPolicy Bypass -File "C:\bypass\prompt\standard.ps1" 2>&1>$null

Add-WindowsCapability -Online -Name OpenSSH.Server
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "%WINDIR%\System32\OpenSSH\sshd.exe"

#Must Enable ssh-agent before starting
Set-Service -Name ssh-agent -StartupType Automatic
Set-Service -Name sshd -StartupType Automatic
Start-Service ssh-agent; Start-Service sshd

$sshdir="$env:USERPROFILE\.ssh"
mkdir $sshdir
copy .\id_rsa $sshdir\
cat  $sshdir\id_rsa
copy .\*.pub  $sshdir\authorized_keys
cat $sshdir\authorized_keys
ssh-add $sshdir\id_rsa

$sshd_config="C:\ProgramData\ssh\sshd_config" 
(Get-Content $sshd_config) -replace '#PubkeyAuthentication', 'PubkeyAuthentication' | Out-File -encoding ASCII $sshd_config
(Get-Content $sshd_config) -replace 'AuthorizedKeysFile __PROGRAMDATA__', '#AuthorizedKeysFile __PROGRAMDATA__' | Out-File -encoding ASCII $sshd_config
(Get-Content $sshd_config) -replace 'Match Group administrators', '#Match Group administrators' | Out-File -encoding ASCII $sshd_config
cat C:\ProgramData\ssh\sshd_config

Restart-Service ssh-agent; Restart-Service sshd

Write-Host "Use this to Login/test Now"
write-host ssh $env:UserName@localhost

Answer 2

I solved it by:

1. Installing in SSHD_SERVER + privilege separation mode. I also set privilege separation to "yes" in the config manually. This didn't work for me for a lot time, the user didn't get created. Then it worked, I don't know why. I only went to user accounts in control panel to check that UAC is off. I also had /var/empty with full access for everyone.
2. For C:\openssh\var\empty I've set "attributes get/set" permissions to Everyone and myself and "full" permissions to .\sshd_server. I also made it the owner.