How to authorize Local System Account for OpenSSH

We have Jenkins installed and want it to pull from bitbucket and github – authorization should happen through Open SSH (Public Keys).

Jenkins runs as Local System.

The problem

How to find and then place id_rsa into ~/.ssh? How to get it to add things to ~/.ss/known_hosts?

The solution

As always: fake it until you make it!

  1. Run this command in an elevated command prompt on the server, in order to start a command prompt as Local System user:

    sc create testsvc binpath= "cmd /K start" type= own type= interact && sc start testsvc & sc delete testsvc

    The Interactive Services Detection will now bring up a dialog (probably in the background) where it asks you to “View the message” in order to display the service session where the command window will run.

  2. Run echo %userprofile% to see where your storage is… In my case it is "C:\Windows\system32\config\systemprofile”.

    Odd, but true: Sadly, when i try to put the id_rsa file into that directory from my normal user session, it somehow doesn’t make it into the local system accounts profile.
  3. From here you can open the git bash by running C:\Program Files (x86)\Git\bin\sh –login –i
  4. Then run cd ~ to switch to your home directory.
  5. Then copy your id_rsa file here with a simple
    cp <id_rsa-location> .
  6. Now run ssh in order to try to authenticate and accept the host as known host.

BTW: also make sure you run git.cmd, not git.exe!!

Other posts that helped (and confused) me:

10 thoughts on “How to authorize Local System Account for OpenSSH

  1. Hello Lars,

    I am a growing developer in IT industry. I would like to know how to create git set up on local system. Could please help me what steps i need to follow to set git that will helpful for me


  2. Hi Lars

    Thank you very much for the article. It helped me a lot.
    My Jenkins instance required the extra step to configure HOME system variable in
    set HOME=C:\Windows\System32\config\systemprofile
    set PATH=%PATH%;C:\Program Files (x86)\Git\bin\
    git pull origin master
    it works!


  3. Thanks for this. One note though; the interactive prompt as service does not work in Server 2008. Interactive services have been deprecated it appears.

    The config/systemprofile folder appears helpful however. Thanks!

  4. please accept my profuse thanks that you blogged this. finding this blog post relieved me of a *huge* annoyance! i was struggling to figure out where to put an ini preference file for an app being run as a service. your post was the proper guidance. in my case, the precise location turned out to be in: C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\

  5. thanks for this. I just copied the id_rsa to:

    folder and it worked. (even though the %userprofile% path was C:\Windows\system32\config\systemprofile)

  6. @Talebia after a long an excruciating searching through the god forsaken pages of google your fix helped me alot. May I ask you, why do we need to place it in SysWOW64 even though if %userprofile% points to another place? How did you find this out ?

    Cheers mate

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s