Generate SSH Keys for Windows System account
Windows services usually run under the System account. In cases where a service needs SSH access like cloning a Git repository, a SSH key pair might be required. But how do you generate these keys for the System account?
The Sysinternals Process Utilities provide PowerShell tools. Among these is PsExec, which can be used to invoke a process on a remote machine. But it also allows executing a process on the same machine under a different user. A detailed description on how to download and use this tool is provided in the above linked article.
Start a PowerShell in the System account
For our purpose, we open an elevated PowerShell and start another PowerShell which is then run with the System account.
PsExec.exe -ids powershell.exe
-iRuns the process in the console session
-dStart the process non-interactive - do not wait for the process to end
-sRuns the process in the System account
Generate SSH keys
In the new PowerShell keys can be generated as usual, e.g.
ssh-keygen.exe -t rsa
Location of System’s account SSH keys
Other than human user accounts, the user’s home path is not located in
C:\Users. The SSH keys of the System account are in
C:\WINDOWS\system32\config\systemprofile\.ssh. Since other users cannot access this path, it is a good idea to copy the public key now to a path which is accessible.