WSL - Password Less SSH Authentication between two users - Not Working

[kamal140415]

Hello

I have Installed Windows Subsystem for Linux on a windows 10 Pro machine. I have installed two software packages in it

1. PostgreSQL database packages for which "postgres" is the user
2. Barman Packages for which "barman" is the user.

I'm trying to establish "password less SSH authentication" between the "postgres" and "barman" users within WSL2 installed on my Windows 10 Pro machine. I've followed these steps:

1. Generated SSH keys (4096 bits) for both users using ssh-keygen -t rsa -b 4096.
2. Copied the public key of "postgres" to the authorized_keys file of the "barman" user at /var/lib/barman/.ssh/authorized_keys.
3. Repeated the process for the "barman" user, copying their public key to the "postgres" user's authorized_keys file.

However, when I try to connect from the "barman" user using ssh postgres@, I'm still prompted for the "postgres" user's password.

Things I've Checked:

1. Permissions of the authorized_keys files are set to 600 (chmod 600 ~/.ssh/authorized_keys).
2. SSH service is running on WSL2.

Question:
What additional configurations might be necessary to achieve "password less SSH Connection" between these users in WSL2?

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to wsl-gh-logs@microsoft.com with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

[elsaco]

@kamal140415 use ssh -vvv postgres and see why the key is rejected. And do you login into your WSL session as user barman? I did a quick check and key authentication works as expected:

barman@texas:~$ ssh postgres@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:A4+SjJsmMZ+JfmNRmTUF52MCXod2qq+mz7HIi1WqfMc.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
postgres@texas:~$ ls -la .ssh
total 28
drwx------ 2 postgres postgres 4096 Oct 15 12:55 .
drwxr-xr-x 5 postgres postgres 4096 Oct 15 12:55 ..
-rw------- 1 postgres postgres   95 Oct 15 12:55 authorized_keys
-rw------- 1 postgres postgres  411 Oct 15 12:53 id_ed25519
-rw-r--r-- 1 postgres postgres   97 Oct 15 12:53 id_ed25519.pub
-rw------- 1 postgres postgres  978 Oct 15 12:54 known_hosts
-rw------- 1 postgres postgres  142 Oct 15 12:54 known_hosts.old
postgres@texas:~$ cat .ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGj5q681hlswCudMHwwTsEjoW7SFogGYFkBmsnqhLCu9 barman@texas

ed25519 was uses instead of rsa but key type shouldn't matter.

[microsoft-github-policy-service]

This issue has been automatically closed since it has not had any author activity for the past 7 days. If you're still experiencing this issue please re-file it as a new issue.

Thank you!