Windows services usually run under the System account. In cases where a service needs SSH access like cloning a Git repository, a SSH key pair might be required. But how do you generate these keys for the System account?

The Sysinternals Process Utilities provide PowerShell tools. Among these is PsExec, which can be used to invoke a process on a remote machine. But it also allows executing a process on the same machine under a different user. A detailed description on how to download and use this tool is provided in the above linked article.

Start a PowerShell in the System account

For our purpose, we open an elevated PowerShell and start another PowerShell which is then run with the System account.

PsExec.exe -ids powershell.exe
  • -i Runs the process in the console session
  • -d Start the process non-interactive - do not wait for the process to end
  • -s Runs the process in the System account

Generate SSH keys

In the new PowerShell keys can be generated as usual, e.g.

ssh-keygen.exe -t rsa

Location of System’s account SSH keys

Other than human user accounts, the user’s home path is not located in C:\Users. The SSH keys of the System account are in C:\WINDOWS\system32\config\systemprofile\.ssh. Since other users cannot access this path, it is a good idea to copy the public key now to a path which is accessible.