Support SSH to windows machine

[JoeZiminski]

Currently the ssh key setup assumes the target machine is bash here

and fails on windows. The SSH setup will silently fail, and on transfer you will get:

2024/12/18 15:29:10 DEBUG : pacer: low level retry 5/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain)

Background: when setting up passwordles ssh connection, you will get a public and private key. The public key needs to be added to authorized_keys in ~/.ssh. This step is failing on windows. When rclone connects to a server, sshd (whihc manages ssh connection) will check the authorized_keysfile for allowed public keys. On windows, sshd_config found C:\ProgramData\ssh here for me contains a lot of configs related to this behaviour.

In datashuttle, the keys are managed by paramiko and stored in a file in the USER/.datashuttle/<project_name>/<project_name>_ssh_key file. The public key can be obtained in code with:

key = paramiko.RSAKey.from_private_key_file(project.cfg.ssh_key_path.as_posix())
print(f"{key.get_name()} {key.get_base64()}")

As a quick workaround, you can copy these keys to USER\.ssh\authorized_keys manually. However, if you are on an admin account, instead sshd it will (annoy and confusingly) check C:\ProgramData\ssh\administrators_authorized_keys instead.

Some other things to note when setting up the authorized_key file:

You can set permissions on the authorized_key file (important):

# Ensure the .ssh directory is secured
icacls "C:\Users\jzimi\.ssh" /inheritance:r /grant "jzimi:(OI)(CI)F"

# Ensure the authorized_keys file is secured
icacls "C:\Users\jzimi\.ssh\authorized_keys" /inheritance:r /grant "jzimi:(F)"

and you may need to set PubkeyAuthentication yes in sshd_config.

You can troubleshoot sshing with ssh -v -i C:\Users\jzimi\.ssh\id_ed25519 jzimi@localhost

This will need to be handled on the datashuttle side, to properly add the public key to authorized_keys for windows machine. ssh-copy-id works for linux, macos but is not available on windows, which is why it was done manually in the first place. A similar approach can be taken for windows, but it will be less easy you will have to figure out if you are on an admin account or not, and then place the public key in the correct authorized_keys / administrators_authorized_keys. We will also need to figure out of the target machine is windows / linux, rclone has some stuff for this.

Something else that came from this

The ssh_key_setup is silently failing, and is also not logged. It should definitely be logged, and ideally should not silently fail. This will require figuring out how to get the return code on the stfp calls here and propagating the error.