No access to SYSTEMS's .ssh store (Windows) :: Support Forum

TheUntouchable
Joined:: 2013-11-27
Posts:: 8

No access to SYSTEMS's .ssh store (Windows)

2023-08-14 15:28

Hi guys,
I am in the process of switching from Windows built-in ssh/scp to WinSCP in my PowerShell script to make the transfer more reliable, but I have a little problem here.

Since the script will later run under the NT AUTHORITY\SYSTEM, I create an SSH key in its .ssh folder (C:\WINDOWS\system32\config\systemprofile\.ssh\) to make the key a bit more secure.

The first problem with this is that WinSCP cannot use this key because it only supports ppk.
The second problem is that when I try to convert this key via a PowerShell running as SYSTEM, it seems that WinSCP itself is not running as SYSTEM and cannot access this folder:

PS C:\WINDOWS\system32\config\systemprofile\.ssh> whoami
nt authority\system

PS C:\WINDOWS\system32\config\systemprofile\.ssh> ls
    Directory: C:\WINDOWS\system32\config\systemprofile\.ssh
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         6/28/2023   4:13 PM            444 id_ed25519
-a----         6/28/2023   4:13 PM            124 id_ed25519.pub
-a----         6/28/2023   4:14 PM            203 known_hosts

PS C:\WINDOWS\system32\config\systemprofile\.ssh> &"C:\temp\winscp.exe" /keygen .\id_ed25519 /output=.\id_ed25519.ppk

Private key file '.\id_ed25519' does not exist or cannot be opened.
System Error.  Code: 2.
The system cannot find the file specified

The same does work without any problems if I don't use that folder:

PS C:\temp\test> &"C:\temp\winscp.exe" /keygen .\id_ed25519 /output=.\id_ed25519.ppk

Key saved to ".\id_ed25519.ppk".

What I am doing wrong here?

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,442
Location:: Prague, Czechia

Re: No access to SYSTEMS's .ssh store (Windows)

2023-08-17

The C:\WINDOWS\System32 is a magical folder that is mapped to different folders for 32-bit and 64-bit processes. WinSCP is 32-bit process, so it sees C:\Windows\SysWOW64. While your PowerShell is most likely 64-bit, so it sees C:\Windows\sysnative.

Reply with quote

TheUntouchable

Re: No access to SYSTEMS's .ssh store (Windows)

2023-08-17 09:41

Ah yes, you're right, I had forgotten about that.... I'll try the other paths when I'm back in the office, thanks for the tip!

Reply with quote

TheUntouchable
Joined:: 2013-11-27
Posts:: 8

2023-08-22 11:50

Okay, I finally had time to test this, just for someone who has the same problem as me :)

PS C:\Windows\System32\config\systemprofile\.ssh> &"C:\temp\Winscp\winscp.exe" /keygen $env:windir\sysnative\config\systemprofile\.ssh\id_ed25519 /output=$env:windir\sysnative\config\systemprofile\.ssh\id_ed25519.ppk

Some more information regarding this mapping thing:
https://learn.microsoft.com/en-us/windows/win32/winprog64/file-system-redirector

And the important part here:

32-bit applications can access the native system directory by substituting %windir%\Sysnative for %windir%\System32. WOW64 recognizes Sysnative as a special alias used to indicate that the file system should not redirect the access. This mechanism is flexible and easy to use, therefore, it is the recommended mechanism to bypass file system redirection. Note that 64-bit applications cannot use the Sysnative alias as it is a virtual directory not a real one.

Reply with quote

No access to SYSTEMS's .ssh store (Windows)