No access to SYSTEMS's .ssh store (Windows)

Advertisement

TheUntouchable
Joined:
Posts:
8

No access to SYSTEMS's .ssh store (Windows)

Hi guys,
I am in the process of switching from Windows built-in ssh/scp to WinSCP in my PowerShell script to make the transfer more reliable, but I have a little problem here.

Since the script will later run under the NT AUTHORITY\SYSTEM, I create an SSH key in its .ssh folder (C:\WINDOWS\system32\config\systemprofile\.ssh\) to make the key a bit more secure.

The first problem with this is that WinSCP cannot use this key because it only supports ppk.
The second problem is that when I try to convert this key via a PowerShell running as SYSTEM, it seems that WinSCP itself is not running as SYSTEM and cannot access this folder:
PS C:\WINDOWS\system32\config\systemprofile\.ssh> whoami
nt authority\system
PS C:\WINDOWS\system32\config\systemprofile\.ssh> ls
    Directory: C:\WINDOWS\system32\config\systemprofile\.ssh
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         6/28/2023   4:13 PM            444 id_ed25519
-a----         6/28/2023   4:13 PM            124 id_ed25519.pub
-a----         6/28/2023   4:14 PM            203 known_hosts
PS C:\WINDOWS\system32\config\systemprofile\.ssh> &"C:\temp\winscp.exe" /keygen .\id_ed25519 /output=.\id_ed25519.ppk
Private key file '.\id_ed25519' does not exist or cannot be opened.
System Error.  Code: 2.
The system cannot find the file specified
The same does work without any problems if I don't use that folder:
PS C:\temp\test> &"C:\temp\winscp.exe" /keygen .\id_ed25519 /output=.\id_ed25519.ppk
Key saved to ".\id_ed25519.ppk".
What I am doing wrong here?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,442
Location:
Prague, Czechia

Re: No access to SYSTEMS's .ssh store (Windows)

The C:\WINDOWS\System32 is a magical folder that is mapped to different folders for 32-bit and 64-bit processes. WinSCP is 32-bit process, so it sees C:\Windows\SysWOW64. While your PowerShell is most likely 64-bit, so it sees C:\Windows\sysnative.

Reply with quote

TheUntouchable
Joined:
Posts:
8

Okay, I finally had time to test this, just for someone who has the same problem as me :)

PS C:\Windows\System32\config\systemprofile\.ssh> &"C:\temp\Winscp\winscp.exe" /keygen $env:windir\sysnative\config\systemprofile\.ssh\id_ed25519 /output=$env:windir\sysnative\config\systemprofile\.ssh\id_ed25519.ppk
Some more information regarding this mapping thing:
https://learn.microsoft.com/en-us/windows/win32/winprog64/file-system-redirector

And the important part here:
32-bit applications can access the native system directory by substituting %windir%\Sysnative for %windir%\System32. WOW64 recognizes Sysnative as a special alias used to indicate that the file system should not redirect the access. This mechanism is flexible and easy to use, therefore, it is the recommended mechanism to bypass file system redirection. Note that 64-bit applications cannot use the Sysnative alias as it is a virtual directory not a real one.

Reply with quote

Advertisement

You can post new topics in this forum