Administrator Authentication
On Windows systems running OpenSSH, administrator accounts require public keys to be stored in a different location than standard Unix and Linux implementations. Rather than storing authorized keys in individual user home directories, Windows OpenSSH centralizes administrator public keys in a system-wide location at C:\ProgramData\ssh\administrators_authorized_keys. This centralized approach reflects Windows’ distinct privilege model and administrative account structure.
Storage Mechanism
The administrators_authorized_keys file functions similarly to the standard authorized_keys file found on Unix-like systems, containing public keys that permit remote authentication. However, its placement in the system-wide ProgramData directory allows administrative authentication to be managed at the system level rather than at the individual user level. This separation ensures that administrator access is controlled through a dedicated mechanism distinct from regular user authentication.
Security Considerations
Access permissions on the administrators_authorized_keys file are more restrictive than those on standard user authorized_keys files, reflecting the elevated privileges involved. The file should only be readable and writable by the system and administrators, preventing unauthorized modification that could compromise administrative access. Administrators should ensure proper file permissions are maintained when configuring OpenSSH on Windows systems.