Win32-OpenSSH
Win32-OpenSSH copied to clipboard
Published
20 hours ago •
PowerShell
PowerShell
AllowGroups using "cached" group Membership information
trafficstars
Troubleshooting steps https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps
Terminal issue? please go through wiki https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
Please answer the following
"OpenSSH for Windows" version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
8.6.0.0
Server OperatingSystem
((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName)
Windows Server 2016 Datacenter
Client OperatingSystem
Ubuntu 20.04.3 LTS (WSL2 / Windows 11 21H2)
What is failing
Background We are using https://topicus-keyhub.com/ for access control, and public key provisioning in the AD. Basically this products enabled/disables and add's or removes user from groups (timebased) on the AD.
SSHD uses AllowGroups "administrators", and this group contains the domain security groups that users are added / removed from.
Now if the user is added to the correct domain group, before logon everething works. But not in the reverse situation.
And if after a successfully logon, the ssh session is closed normally and the user is removed from the domain group, the user kan still logon for some time.
Somehow group information is cached?
I think it is the same issues described for VPN's here https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/group-membership-changes-not-updating-over-some-vpn-connections
Using RDP/WinRM this behavior doesn't seem happen.
sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
SyslogFacility LOCAL0
LogLevel DEBUG3
# Authentication:
#LoginGraceTime 2m
LoginGraceTime 60
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
CASignatureAlgorithms -rsa-sha2-512,rsa-sha2-256
Ciphers -aes128-ctr,aes192-ctr,aes256-ctr
MACs [email protected],[email protected],[email protected],hmac-sha1
HostbasedAcceptedKeyTypes [email protected],[email protected],[email protected],,rsa-sha2-512,rsa-sha2-256,ssh-rsa
HostKeyAlgorithms [email protected],[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
PubkeyAcceptedKeyTypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysCommand C:\ProgramData\ssh\adauthorizedkeys.cmd
AuthorizedKeysCommandUser System
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PasswordAuthentication no
#PermitEmptyPasswords no
# GSSAPI options
#GSSAPIAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
ClientAliveInterval 300
#ClientAliveCountMax 3
ClientAliveCountMax 0
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
DisableForwarding yes
DenyUsers "administrator" "guest"
AllowGroups "administrators"
# no default banner path
#Banner none
Banner C:\ProgramData\ssh\banner
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
adauthorizedkeys.cmd
@ECHO OFF
FOR /F "tokens=2 delims=\\" %%G in ("%1") DO (
C:\Windows\System32\dsquery.exe * -filter "(&(objectClass=user)(sAMAccountName=%%G))" -attr sshPublicKey -l
)
sshd.log
5644 2022-01-20 10:07:41.757 debug2: fd 3 setting O_NONBLOCK
5644 2022-01-20 10:07:41.757 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
5644 2022-01-20 10:07:41.757 debug1: Bind to port 22 on ::.
5644 2022-01-20 10:07:41.757 Server listening on :: port 22.
5644 2022-01-20 10:07:41.757 debug2: fd 4 setting O_NONBLOCK
5644 2022-01-20 10:07:41.757 debug1: Bind to port 22 on 0.0.0.0.
5644 2022-01-20 10:07:41.757 Server listening on 0.0.0.0 port 22.
5644 2022-01-20 10:07:45.841 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:07:45.841 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:07:45.841 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:07:45.841 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:07:45.841 debug3: send_rexec_state: done
4820 2022-01-20 10:07:45.872 debug1: inetd sockets after dupping: 4, 4
4820 2022-01-20 10:07:45.872 Connection from 10.x.x.82 port 60638 on 10.x.x.34 port 22
4820 2022-01-20 10:07:45.872 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
4820 2022-01-20 10:07:45.872 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
4820 2022-01-20 10:07:45.872 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
4820 2022-01-20 10:07:45.872 debug2: fd 4 setting O_NONBLOCK
4820 2022-01-20 10:07:45.904 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
4820 2022-01-20 10:07:45.904 debug2: Network child is on pid 3760
4820 2022-01-20 10:07:45.904 debug3: send_rexec_state: entering fd = 6 config len 1500
4820 2022-01-20 10:07:45.904 debug3: ssh_msg_send: type 0
4820 2022-01-20 10:07:45.904 debug3: send_rexec_state: done
4820 2022-01-20 10:07:45.904 debug3: ssh_msg_send: type 0
4820 2022-01-20 10:07:45.904 debug3: ssh_msg_send: type 0
4820 2022-01-20 10:07:45.904 debug3: preauth child monitor started
4820 2022-01-20 10:07:45.919 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
4820 2022-01-20 10:07:45.919 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
4820 2022-01-20 10:07:45.919 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4820 2022-01-20 10:07:45.919 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4820 2022-01-20 10:07:45.919 debug3: send packet: type 20 [preauth]
4820 2022-01-20 10:07:45.919 debug1: SSH2_MSG_KEXINIT sent [preauth]
4820 2022-01-20 10:07:45.919 debug3: receive packet: type 20 [preauth]
4820 2022-01-20 10:07:45.919 debug1: SSH2_MSG_KEXINIT received [preauth]
4820 2022-01-20 10:07:45.919 debug2: local server KEXINIT proposal [preauth]
4820 2022-01-20 10:07:45.919 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
4820 2022-01-20 10:07:45.919 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4820 2022-01-20 10:07:45.919 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4820 2022-01-20 10:07:45.919 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4820 2022-01-20 10:07:45.919 debug2: compression ctos: none,[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: compression stoc: none,[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: languages ctos: [preauth]
4820 2022-01-20 10:07:45.919 debug2: languages stoc: [preauth]
4820 2022-01-20 10:07:45.919 debug2: first_kex_follows 0 [preauth]
4820 2022-01-20 10:07:45.919 debug2: reserved 0 [preauth]
4820 2022-01-20 10:07:45.919 debug2: peer client KEXINIT proposal [preauth]
4820 2022-01-20 10:07:45.919 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
4820 2022-01-20 10:07:45.919 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
4820 2022-01-20 10:07:45.919 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4820 2022-01-20 10:07:45.919 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4820 2022-01-20 10:07:45.919 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4820 2022-01-20 10:07:45.919 debug2: compression ctos: none,[email protected],zlib [preauth]
4820 2022-01-20 10:07:45.919 debug2: compression stoc: none,[email protected],zlib [preauth]
4820 2022-01-20 10:07:45.919 debug2: languages ctos: [preauth]
4820 2022-01-20 10:07:45.919 debug2: languages stoc: [preauth]
4820 2022-01-20 10:07:45.919 debug2: first_kex_follows 0 [preauth]
4820 2022-01-20 10:07:45.919 debug2: reserved 0 [preauth]
4820 2022-01-20 10:07:45.919 debug1: kex: algorithm: curve25519-sha256 [preauth]
4820 2022-01-20 10:07:45.919 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
4820 2022-01-20 10:07:45.919 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
4820 2022-01-20 10:07:45.919 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
4820 2022-01-20 10:07:45.919 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4820 2022-01-20 10:07:45.972 debug3: receive packet: type 30 [preauth]
4820 2022-01-20 10:07:45.972 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_sshkey_sign: entering [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_request_send: entering, type 6 [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_request_receive: entering [preauth]
4820 2022-01-20 10:07:45.972 debug3: mm_request_receive: entering
4820 2022-01-20 10:07:45.972 debug3: monitor_read: checking request 6
4820 2022-01-20 10:07:45.972 debug3: mm_answer_sign: entering
4820 2022-01-20 10:07:45.988 debug3: mm_answer_sign: KEX signature 0000017619191500(100)
4820 2022-01-20 10:07:45.988 debug3: mm_request_send: entering, type 7
4820 2022-01-20 10:07:45.988 debug2: monitor_read: 6 used once, disabling now
4820 2022-01-20 10:07:45.988 debug3: send packet: type 31 [preauth]
4820 2022-01-20 10:07:45.988 debug3: send packet: type 21 [preauth]
4820 2022-01-20 10:07:45.988 debug2: set_newkeys: mode 1 [preauth]
4820 2022-01-20 10:07:45.988 debug1: rekey out after 134217728 blocks [preauth]
4820 2022-01-20 10:07:45.988 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4820 2022-01-20 10:07:45.988 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4820 2022-01-20 10:07:45.988 debug3: send packet: type 7 [preauth]
4820 2022-01-20 10:07:45.988 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4820 2022-01-20 10:07:46.035 debug3: receive packet: type 21 [preauth]
4820 2022-01-20 10:07:46.035 debug1: SSH2_MSG_NEWKEYS received [preauth]
4820 2022-01-20 10:07:46.035 debug2: set_newkeys: mode 0 [preauth]
4820 2022-01-20 10:07:46.035 debug1: rekey in after 134217728 blocks [preauth]
4820 2022-01-20 10:07:46.035 debug1: KEX done [preauth]
4820 2022-01-20 10:07:46.144 debug3: receive packet: type 5 [preauth]
4820 2022-01-20 10:07:46.144 debug3: send packet: type 6 [preauth]
4820 2022-01-20 10:07:46.160 debug3: receive packet: type 50 [preauth]
4820 2022-01-20 10:07:46.160 debug1: userauth-request for user username service ssh-connection method none [preauth]
4820 2022-01-20 10:07:46.160 debug1: attempt 0 failures 0 [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_getpwnamallow: entering [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_request_send: entering, type 8 [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_request_receive: entering [preauth]
4820 2022-01-20 10:07:46.160 debug3: mm_request_receive: entering
4820 2022-01-20 10:07:46.160 debug3: monitor_read: checking request 8
4820 2022-01-20 10:07:46.160 debug3: mm_answer_pwnamallow: entering
4820 2022-01-20 10:07:46.160 debug2: parse_server_config_depth: config reprocess config len 1500
4820 2022-01-20 10:07:46.160 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
4820 2022-01-20 10:07:46.176 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4820 2022-01-20 10:07:46.176 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
4820 2022-01-20 10:07:46.176 debug3: get_user_token - unable to generate token for user domain\\username
4820 2022-01-20 10:07:46.207 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4820 2022-01-20 10:07:46.207 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
4820 2022-01-20 10:07:46.207 error: get_user_token - unable to generate token on 2nd attempt for user domain\\username
4820 2022-01-20 10:07:46.207 fatal: ga_init, unable to resolve user domain\\username
4820 2022-01-20 10:07:46.207 debug1: do_cleanup
4820 2022-01-20 10:07:46.207 debug1: Killing privsep child 3760
5644 2022-01-20 10:07:59.644 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:07:59.644 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:07:59.660 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:07:59.660 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:07:59.660 debug3: send_rexec_state: done
4448 2022-01-20 10:07:59.675 debug1: inetd sockets after dupping: 4, 4
4448 2022-01-20 10:07:59.675 Connection from 10.x.x.82 port 60642 on 10.x.x.34 port 22
4448 2022-01-20 10:07:59.675 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
4448 2022-01-20 10:07:59.675 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
4448 2022-01-20 10:07:59.675 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
4448 2022-01-20 10:07:59.675 debug2: fd 4 setting O_NONBLOCK
4448 2022-01-20 10:07:59.691 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
4448 2022-01-20 10:07:59.691 debug2: Network child is on pid 3284
4448 2022-01-20 10:07:59.706 debug3: send_rexec_state: entering fd = 6 config len 1500
4448 2022-01-20 10:07:59.706 debug3: ssh_msg_send: type 0
4448 2022-01-20 10:07:59.706 debug3: send_rexec_state: done
4448 2022-01-20 10:07:59.706 debug3: ssh_msg_send: type 0
4448 2022-01-20 10:07:59.706 debug3: ssh_msg_send: type 0
4448 2022-01-20 10:07:59.706 debug3: preauth child monitor started
4448 2022-01-20 10:07:59.722 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
4448 2022-01-20 10:07:59.722 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
4448 2022-01-20 10:07:59.722 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4448 2022-01-20 10:07:59.722 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4448 2022-01-20 10:07:59.722 debug3: send packet: type 20 [preauth]
4448 2022-01-20 10:07:59.722 debug1: SSH2_MSG_KEXINIT sent [preauth]
4448 2022-01-20 10:07:59.722 debug3: receive packet: type 20 [preauth]
4448 2022-01-20 10:07:59.722 debug1: SSH2_MSG_KEXINIT received [preauth]
4448 2022-01-20 10:07:59.722 debug2: local server KEXINIT proposal [preauth]
4448 2022-01-20 10:07:59.722 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
4448 2022-01-20 10:07:59.722 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4448 2022-01-20 10:07:59.722 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4448 2022-01-20 10:07:59.722 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4448 2022-01-20 10:07:59.722 debug2: compression ctos: none,[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: compression stoc: none,[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: languages ctos: [preauth]
4448 2022-01-20 10:07:59.722 debug2: languages stoc: [preauth]
4448 2022-01-20 10:07:59.722 debug2: first_kex_follows 0 [preauth]
4448 2022-01-20 10:07:59.722 debug2: reserved 0 [preauth]
4448 2022-01-20 10:07:59.722 debug2: peer client KEXINIT proposal [preauth]
4448 2022-01-20 10:07:59.722 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
4448 2022-01-20 10:07:59.722 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
4448 2022-01-20 10:07:59.722 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4448 2022-01-20 10:07:59.722 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4448 2022-01-20 10:07:59.722 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4448 2022-01-20 10:07:59.722 debug2: compression ctos: none,[email protected],zlib [preauth]
4448 2022-01-20 10:07:59.722 debug2: compression stoc: none,[email protected],zlib [preauth]
4448 2022-01-20 10:07:59.722 debug2: languages ctos: [preauth]
4448 2022-01-20 10:07:59.722 debug2: languages stoc: [preauth]
4448 2022-01-20 10:07:59.722 debug2: first_kex_follows 0 [preauth]
4448 2022-01-20 10:07:59.722 debug2: reserved 0 [preauth]
4448 2022-01-20 10:07:59.722 debug1: kex: algorithm: curve25519-sha256 [preauth]
4448 2022-01-20 10:07:59.722 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
4448 2022-01-20 10:07:59.722 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
4448 2022-01-20 10:07:59.722 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
4448 2022-01-20 10:07:59.722 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4448 2022-01-20 10:07:59.785 debug3: receive packet: type 30 [preauth]
4448 2022-01-20 10:07:59.785 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4448 2022-01-20 10:07:59.800 debug3: mm_sshkey_sign: entering [preauth]
4448 2022-01-20 10:07:59.800 debug3: mm_request_send: entering, type 6 [preauth]
4448 2022-01-20 10:07:59.800 debug3: mm_request_receive: entering
4448 2022-01-20 10:07:59.800 debug3: monitor_read: checking request 6
4448 2022-01-20 10:07:59.800 debug3: mm_answer_sign: entering
4448 2022-01-20 10:07:59.800 debug3: mm_answer_sign: KEX signature 000001ADF7B3DE70(101)
4448 2022-01-20 10:07:59.800 debug3: mm_request_send: entering, type 7
4448 2022-01-20 10:07:59.800 debug2: monitor_read: 6 used once, disabling now
4448 2022-01-20 10:07:59.800 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4448 2022-01-20 10:07:59.800 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4448 2022-01-20 10:07:59.800 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:07:59.800 debug3: send packet: type 31 [preauth]
4448 2022-01-20 10:07:59.800 debug3: send packet: type 21 [preauth]
4448 2022-01-20 10:07:59.800 debug2: set_newkeys: mode 1 [preauth]
4448 2022-01-20 10:07:59.800 debug1: rekey out after 134217728 blocks [preauth]
4448 2022-01-20 10:07:59.800 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4448 2022-01-20 10:07:59.800 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4448 2022-01-20 10:07:59.800 debug3: send packet: type 7 [preauth]
4448 2022-01-20 10:07:59.800 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4448 2022-01-20 10:07:59.847 debug3: receive packet: type 21 [preauth]
4448 2022-01-20 10:07:59.847 debug1: SSH2_MSG_NEWKEYS received [preauth]
4448 2022-01-20 10:07:59.863 debug2: set_newkeys: mode 0 [preauth]
4448 2022-01-20 10:07:59.863 debug1: rekey in after 134217728 blocks [preauth]
4448 2022-01-20 10:07:59.863 debug1: KEX done [preauth]
4448 2022-01-20 10:07:59.894 debug3: receive packet: type 5 [preauth]
4448 2022-01-20 10:07:59.894 debug3: send packet: type 6 [preauth]
4448 2022-01-20 10:07:59.910 debug3: receive packet: type 50 [preauth]
4448 2022-01-20 10:07:59.910 debug1: userauth-request for user username service ssh-connection method none [preauth]
4448 2022-01-20 10:07:59.910 debug1: attempt 0 failures 0 [preauth]
4448 2022-01-20 10:07:59.910 debug3: mm_getpwnamallow: entering [preauth]
4448 2022-01-20 10:07:59.910 debug3: mm_request_send: entering, type 8 [preauth]
4448 2022-01-20 10:07:59.910 debug3: mm_request_receive: entering
4448 2022-01-20 10:07:59.910 debug3: monitor_read: checking request 8
4448 2022-01-20 10:07:59.910 debug3: mm_answer_pwnamallow: entering
4448 2022-01-20 10:07:59.910 debug2: parse_server_config_depth: config reprocess config len 1500
4448 2022-01-20 10:07:59.910 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
4448 2022-01-20 10:07:59.925 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4448 2022-01-20 10:07:59.925 debug3: LsaLogonUser Succeeded (Impersonation: 0)
4448 2022-01-20 10:07:59.925 debug1: user domain\\username matched group list administrators at line 109
4448 2022-01-20 10:07:59.925 debug3: match found
4448 2022-01-20 10:07:59.925 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4448 2022-01-20 10:07:59.925 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4448 2022-01-20 10:07:59.925 debug3: LsaLogonUser Succeeded (Impersonation: 0)
4448 2022-01-20 10:07:59.925 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
4448 2022-01-20 10:07:59.925 debug3: mm_request_send: entering, type 9
4448 2022-01-20 10:07:59.925 debug2: monitor_read: 8 used once, disabling now
4448 2022-01-20 10:07:59.925 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:07:59.925 debug2: input_userauth_request: setting up authctxt for username [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_inform_authserv: entering [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_send: entering, type 4 [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_auth2_read_banner: entering [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_send: entering, type 10 [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive_expect: entering, type 11 [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive: entering
4448 2022-01-20 10:07:59.925 debug3: monitor_read: checking request 4
4448 2022-01-20 10:07:59.925 debug3: mm_answer_authserv: service=ssh-connection, style=
4448 2022-01-20 10:07:59.925 debug2: monitor_read: 4 used once, disabling now
4448 2022-01-20 10:07:59.925 debug3: mm_request_receive: entering
4448 2022-01-20 10:07:59.925 debug3: monitor_read: checking request 10
4448 2022-01-20 10:07:59.925 debug3: mm_request_send: entering, type 11
4448 2022-01-20 10:07:59.925 debug2: monitor_read: 10 used once, disabling now
4448 2022-01-20 10:07:59.925 debug3: send packet: type 53 [preauth]
4448 2022-01-20 10:07:59.925 debug1: userauth_send_banner: sent [preauth]
4448 2022-01-20 10:07:59.925 debug2: input_userauth_request: try method none [preauth]
4448 2022-01-20 10:07:59.925 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4448 2022-01-20 10:07:59.925 debug3: ensure_minimum_time_since: elapsed 15.608ms, delaying 4.782ms (requested 5.098ms) [preauth]
4448 2022-01-20 10:07:59.941 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
4448 2022-01-20 10:07:59.941 debug3: send packet: type 51 [preauth]
4448 2022-01-20 10:08:00.003 debug3: receive packet: type 50 [preauth]
4448 2022-01-20 10:08:00.003 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
4448 2022-01-20 10:08:00.003 debug1: attempt 1 failures 0 [preauth]
4448 2022-01-20 10:08:00.003 debug2: input_userauth_request: try method publickey [preauth]
4448 2022-01-20 10:08:00.003 debug2: userauth_pubkey: valid user username querying public key ssh-ed25519 <pubkey> [preauth]
4448 2022-01-20 10:08:00.003 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:<pubkey> [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_key_allowed: entering [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_request_send: entering, type 22 [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:08:00.003 debug3: mm_request_receive: entering
4448 2022-01-20 10:08:00.003 debug3: monitor_read: checking request 22
4448 2022-01-20 10:08:00.003 debug3: mm_answer_keyallowed: entering
4448 2022-01-20 10:08:00.003 debug3: mm_answer_keyallowed: key_from_blob: 000001ADF7B06BA0
4448 2022-01-20 10:08:00.003 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4448 2022-01-20 10:08:00.003 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
4448 2022-01-20 10:08:00.003 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
4448 2022-01-20 10:08:00.003 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
4448 2022-01-20 10:08:00.003 debug1: starting subprocess using posix_spawnp
4448 2022-01-20 10:08:00.003 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
4448 2022-01-20 10:08:00.035 debug3: subprocess: AuthorizedKeysCommand pid 5788
4448 2022-01-20 10:08:00.128 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
4448 2022-01-20 10:08:00.128 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4448 2022-01-20 10:08:00.128 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
4448 2022-01-20 10:08:00.128 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
4448 2022-01-20 10:08:00.128 debug3: mm_request_send: entering, type 23
4448 2022-01-20 10:08:00.128 debug3: send packet: type 60 [preauth]
4448 2022-01-20 10:08:00.128 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
4448 2022-01-20 10:08:00.128 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4448 2022-01-20 10:08:00.128 debug3: ensure_minimum_time_since: elapsed 124.990ms, delaying 38.131ms (requested 5.098ms) [preauth]
4448 2022-01-20 10:08:00.175 Postponed publickey for username from 10.x.x.82 port 60642 ssh2 [preauth]
4448 2022-01-20 10:08:00.222 debug3: receive packet: type 50 [preauth]
4448 2022-01-20 10:08:00.222 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
4448 2022-01-20 10:08:00.222 debug1: attempt 2 failures 0 [preauth]
4448 2022-01-20 10:08:00.222 debug2: input_userauth_request: try method publickey [preauth]
4448 2022-01-20 10:08:00.222 debug2: userauth_pubkey: valid user username attempting public key ssh-ed25519 <pubkey> [preauth]
4448 2022-01-20 10:08:00.222 debug3: userauth_pubkey: have ssh-ed25519 signature for ED25519 SHA256:<pubkey> [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_key_allowed: entering [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_request_send: entering, type 22 [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:08:00.222 debug3: mm_request_receive: entering
4448 2022-01-20 10:08:00.222 debug3: monitor_read: checking request 22
4448 2022-01-20 10:08:00.222 debug3: mm_answer_keyallowed: entering
4448 2022-01-20 10:08:00.222 debug3: mm_answer_keyallowed: key_from_blob: 000001ADF7B06F10
4448 2022-01-20 10:08:00.222 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4448 2022-01-20 10:08:00.222 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
4448 2022-01-20 10:08:00.222 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
4448 2022-01-20 10:08:00.222 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
4448 2022-01-20 10:08:00.222 debug1: starting subprocess using posix_spawnp
4448 2022-01-20 10:08:00.222 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
4448 2022-01-20 10:08:00.222 debug3: subprocess: AuthorizedKeysCommand pid 5896
4448 2022-01-20 10:08:00.331 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
4448 2022-01-20 10:08:00.331 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4448 2022-01-20 10:08:00.331 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
4448 2022-01-20 10:08:00.331 debug3: mm_answer_keyallowed: publickey authentication: ED25519 key is allowed
4448 2022-01-20 10:08:00.331 debug3: mm_request_send: entering, type 23
4448 2022-01-20 10:08:00.331 debug3: mm_sshkey_verify: entering [preauth]
4448 2022-01-20 10:08:00.331 debug3: mm_request_send: entering, type 24 [preauth]
4448 2022-01-20 10:08:00.331 debug3: mm_request_receive: entering
4448 2022-01-20 10:08:00.331 debug3: monitor_read: checking request 24
4448 2022-01-20 10:08:00.331 debug3: mm_answer_keyverify: publickey 000001ADF7B06BA0 signature verified
4448 2022-01-20 10:08:00.331 debug1: auth_activate_options: setting new authentication options
4448 2022-01-20 10:08:00.331 debug3: mm_request_send: entering, type 25
4448 2022-01-20 10:08:00.347 Accepted publickey for username from 10.x.x.82 port 60642 ssh2: ED25519 SHA256:<pubkey>
4448 2022-01-20 10:08:00.347 debug1: monitor_child_preauth: user username authenticated by privileged process
4448 2022-01-20 10:08:00.347 debug3: mm_get_keystate: Waiting for new keys
4448 2022-01-20 10:08:00.347 debug3: mm_request_receive_expect: entering, type 26
4448 2022-01-20 10:08:00.347 debug3: mm_request_receive: entering
4448 2022-01-20 10:08:00.394 debug3: mm_get_keystate: GOT new keys
4448 2022-01-20 10:08:00.394 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
4448 2022-01-20 10:08:00.394 debug3: mm_request_receive_expect: entering, type 25 [preauth]
4448 2022-01-20 10:08:00.394 debug3: mm_request_receive: entering [preauth]
4448 2022-01-20 10:08:00.394 debug1: auth_activate_options: setting new authentication options [preauth]
4448 2022-01-20 10:08:00.394 debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
4448 2022-01-20 10:08:00.394 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4448 2022-01-20 10:08:00.394 debug3: ensure_minimum_time_since: elapsed 124.995ms, delaying 38.126ms (requested 5.098ms) [preauth]
4448 2022-01-20 10:08:00.394 debug3: send packet: type 52 [preauth]
4448 2022-01-20 10:08:00.394 debug3: mm_request_send: entering, type 26 [preauth]
4448 2022-01-20 10:08:00.394 debug3: mm_send_keystate: Finished sending state [preauth]
4448 2022-01-20 10:08:00.394 debug1: monitor_read_log: child log fd closed
4448 2022-01-20 10:08:00.394 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4448 2022-01-20 10:08:00.394 debug3: LsaLogonUser Succeeded (Impersonation: 1)
4448 2022-01-20 10:08:00.410 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -z as user
4448 2022-01-20 10:08:00.410 User child is on pid 4660
4448 2022-01-20 10:08:00.410 debug3: send_rexec_state: entering fd = 5 config len 1500
4448 2022-01-20 10:08:00.410 debug3: ssh_msg_send: type 0
4448 2022-01-20 10:08:00.425 debug3: send_rexec_state: done
4448 2022-01-20 10:08:00.425 debug3: ssh_msg_send: type 0
4448 2022-01-20 10:08:00.425 debug3: ssh_msg_send: type 0
4660 2022-01-20 10:08:00.425 debug3: recv_idexch_state: entering fd = 3
4660 2022-01-20 10:08:00.425 debug3: ssh_msg_recv entering
4660 2022-01-20 10:08:00.425 debug3: recv_idexch_state: done
4660 2022-01-20 10:08:00.425 debug2: fd 4 setting O_NONBLOCK
4660 2022-01-20 10:08:00.425 debug3: recv_autxctx_state: entering fd = 3
4660 2022-01-20 10:08:00.425 debug3: ssh_msg_recv entering
4448 2022-01-20 10:08:00.425 debug3: ssh_msg_send: type 0
4660 2022-01-20 10:08:00.425 debug3: recv_autxctx_state: done
4660 2022-01-20 10:08:00.425 debug2: parse_server_config_depth: config reprocess config len 1500
4660 2022-01-20 10:08:00.425 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
4660 2022-01-20 10:08:00.425 debug3: get_user_token - i am running as domain\\username, returning process token
4660 2022-01-20 10:08:00.425 debug1: user domain\\username matched group list administrators at line 109
4660 2022-01-20 10:08:00.425 debug3: match found
4660 2022-01-20 10:08:00.425 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4660 2022-01-20 10:08:00.425 debug3: get_user_token - i am running as domain\\username, returning process token
4448 2022-01-20 10:08:00.425 debug3: ssh_msg_send: type 0
4660 2022-01-20 10:08:00.425 debug3: monitor_recv_keystate: entering
4660 2022-01-20 10:08:00.425 debug3: ssh_msg_recv entering
4660 2022-01-20 10:08:00.425 debug3: monitor_recv_keystate: done
4660 2022-01-20 10:08:00.425 debug3: monitor_apply_keystate: packet_set_state
4660 2022-01-20 10:08:00.425 debug2: set_newkeys: mode 0
4660 2022-01-20 10:08:00.425 debug1: rekey in after 134217728 blocks
4660 2022-01-20 10:08:00.425 debug2: set_newkeys: mode 1
4660 2022-01-20 10:08:00.425 debug1: rekey out after 134217728 blocks
4660 2022-01-20 10:08:00.425 debug1: ssh_packet_set_postauth: called
4660 2022-01-20 10:08:00.425 debug3: ssh_packet_set_state: done
4660 2022-01-20 10:08:00.425 debug3: monitor_recv_authopt: entering
4660 2022-01-20 10:08:00.425 debug3: ssh_msg_recv entering
4448 2022-01-20 10:08:00.425 debug3: ssh_msg_send: type 0
4660 2022-01-20 10:08:00.425 debug3: monitor_recv_authopt: done
4660 2022-01-20 10:08:00.425 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:+TmwBO/kipGLNVWphM+9qFCXNg68ihfAEJ9uFZ94zvM
4660 2022-01-20 10:08:00.425 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:ejFES9PWNwoEhN7TfeO8vlasi/D7t5difu1qMLGipGU
4660 2022-01-20 10:08:00.425 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:YKiccWtwQr58hLkEvjDmX91kpaNlcJXO1Tpitc2v2mc
4660 2022-01-20 10:08:00.425 debug3: notify_hostkeys: sent 3 hostkeys
4660 2022-01-20 10:08:00.425 debug3: send packet: type 80
4660 2022-01-20 10:08:00.425 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4660 2022-01-20 10:08:00.425 debug1: Entering interactive session for SSH2.
4660 2022-01-20 10:08:00.425 debug2: fd 7 setting O_NONBLOCK
4660 2022-01-20 10:08:00.425 debug2: fd 8 setting O_NONBLOCK
4660 2022-01-20 10:08:00.425 debug1: server_init_dispatch
4660 2022-01-20 10:08:00.425 debug3: receive packet: type 90
4660 2022-01-20 10:08:00.425 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
4660 2022-01-20 10:08:00.425 debug1: input_session_request
4660 2022-01-20 10:08:00.425 debug1: channel 0: new [server-session]
4660 2022-01-20 10:08:00.425 debug2: session_new: allocate (allocated 0 max 10)
4660 2022-01-20 10:08:00.425 debug3: session_unused: session id 0 unused
4660 2022-01-20 10:08:00.425 debug1: session_new: session 0
4660 2022-01-20 10:08:00.425 debug1: session_open: channel 0
4660 2022-01-20 10:08:00.425 debug1: session_open: session 0: link with channel 0
4660 2022-01-20 10:08:00.425 debug1: server_input_channel_open: confirm session
4660 2022-01-20 10:08:00.425 debug3: send packet: type 91
4660 2022-01-20 10:08:00.425 debug3: receive packet: type 80
4660 2022-01-20 10:08:00.425 debug1: server_input_global_request: rtype [email protected] want_reply 0
4660 2022-01-20 10:08:00.550 debug3: receive packet: type 98
4660 2022-01-20 10:08:00.550 debug1: server_input_channel_req: channel 0 request pty-req reply 1
4660 2022-01-20 10:08:00.550 debug1: session_by_channel: session 0 channel 0
4660 2022-01-20 10:08:00.550 debug1: session_input_channel_req: session 0 req pty-req
4660 2022-01-20 10:08:00.550 debug1: Allocating pty.
4660 2022-01-20 10:08:00.550 debug3: fd 9 is not O_NONBLOCK
4660 2022-01-20 10:08:00.550 debug3: fd 10 is not O_NONBLOCK
4660 2022-01-20 10:08:00.550 debug1: session_pty_req: session 0 alloc windows-pty
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
4660 2022-01-20 10:08:00.550 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
4660 2022-01-20 10:08:00.550 debug3: send packet: type 99
4660 2022-01-20 10:08:00.550 debug3: receive packet: type 98
4660 2022-01-20 10:08:00.550 debug1: server_input_channel_req: channel 0 request env reply 0
4660 2022-01-20 10:08:00.550 debug1: session_by_channel: session 0 channel 0
4660 2022-01-20 10:08:00.550 debug1: session_input_channel_req: session 0 req env
4660 2022-01-20 10:08:00.550 debug2: Ignoring env request LANG: disallowed name
4660 2022-01-20 10:08:00.550 debug3: receive packet: type 98
4660 2022-01-20 10:08:00.550 debug1: server_input_channel_req: channel 0 request shell reply 1
4660 2022-01-20 10:08:00.550 debug1: session_by_channel: session 0 channel 0
4660 2022-01-20 10:08:00.550 debug1: session_input_channel_req: session 0 req shell
4660 2022-01-20 10:08:00.550 Starting session: shell on windows-pty for domain\\username from 10.x.x.82 port 60642 id 0
4660 2022-01-20 10:08:00.551 debug2: fd 11 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug2: fd 12 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug2: fd 13 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug2: fd 14 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug2: fd 15 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug2: fd 16 setting O_NONBLOCK
4660 2022-01-20 10:08:00.551 debug3: shell: "c:\\windows\\system32\\cmd.exe"
4660 2022-01-20 10:08:00.551 debug3: shell_option: /c
4660 2022-01-20 10:08:00.551 debug3: couldn't find CreatePseudoConsole() in kernel32.dll dll
4660 2022-01-20 10:08:00.551 debug3: This windows OS doesn't support conpty
4660 2022-01-20 10:08:00.551 debug3: pty commandline: "C:\\Program Files\\OpenSSH-Win64\\ssh-shellhost.exe" ---pty "c:\\windows\\system32\\cmd.exe"
4660 2022-01-20 10:08:00.556 debug2: fd 4 setting TCP_NODELAY
4660 2022-01-20 10:08:00.556 debug2: channel 0: rfd 13 isatty
4660 2022-01-20 10:08:00.556 debug3: fd 13 is O_NONBLOCK
4660 2022-01-20 10:08:00.556 debug3: fd 12 is O_NONBLOCK
4660 2022-01-20 10:08:00.557 debug3: send packet: type 99
4660 2022-01-20 10:08:03.418 debug2: channel 0: read<=0 rfd 13 len 0
4660 2022-01-20 10:08:03.418 debug2: channel 0: read failed
4660 2022-01-20 10:08:03.418 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 13 efd -1 [closed])
4660 2022-01-20 10:08:03.418 debug2: channel 0: input open -> drain
4660 2022-01-20 10:08:03.418 debug2: channel 0: ibuf empty
4660 2022-01-20 10:08:03.418 debug2: channel 0: send eof
4660 2022-01-20 10:08:03.418 debug3: send packet: type 96
4660 2022-01-20 10:08:03.418 debug2: channel 0: input drain -> closed
4660 2022-01-20 10:08:03.418 debug1: Received SIGCHLD.
4660 2022-01-20 10:08:03.418 debug1: session_by_pid: pid 5044
4660 2022-01-20 10:08:03.418 debug1: session_exit_message: session 0 channel 0 pid 5044
4660 2022-01-20 10:08:03.418 debug2: channel 0: request exit-status confirm 0
4660 2022-01-20 10:08:03.418 debug3: send packet: type 98
4660 2022-01-20 10:08:03.418 debug1: session_exit_message: release channel 0
4660 2022-01-20 10:08:03.418 debug2: channel 0: write failed
4660 2022-01-20 10:08:03.418 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 12 efd -1 [closed])
4660 2022-01-20 10:08:03.418 debug2: channel 0: send eow
4660 2022-01-20 10:08:03.418 debug3: send packet: type 98
4660 2022-01-20 10:08:03.418 debug2: channel 0: output open -> closed
4660 2022-01-20 10:08:03.418 debug2: channel 0: send close
4660 2022-01-20 10:08:03.418 debug3: send packet: type 97
4660 2022-01-20 10:08:03.418 debug3: channel 0: will not send data after close
4660 2022-01-20 10:08:03.418 debug2: notify_done: reading
4660 2022-01-20 10:08:03.418 debug3: channel 0: will not send data after close
4660 2022-01-20 10:08:03.481 debug3: receive packet: type 97
4660 2022-01-20 10:08:03.481 debug2: channel 0: rcvd close
4660 2022-01-20 10:08:03.481 debug3: channel 0: will not send data after close
4660 2022-01-20 10:08:03.481 debug2: channel 0: is dead
4660 2022-01-20 10:08:03.481 debug2: channel 0: gc: notify user
4660 2022-01-20 10:08:03.481 debug1: session_by_channel: session 0 channel 0
4660 2022-01-20 10:08:03.481 debug1: session_close_by_channel: channel 0 child 0
4660 2022-01-20 10:08:03.481 Close session: user domain\\username from 10.x.x.82 port 60642 id 0
4660 2022-01-20 10:08:03.481 debug3: session_unused: session id 0 unused
4660 2022-01-20 10:08:03.481 debug2: channel 0: gc: user detached
4660 2022-01-20 10:08:03.481 debug2: channel 0: is dead
4660 2022-01-20 10:08:03.481 debug2: channel 0: garbage collecting
4660 2022-01-20 10:08:03.481 debug1: channel 0: free: server-session, nchannels 1
4660 2022-01-20 10:08:03.481 debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1)\r\n
4660 2022-01-20 10:08:03.481 debug3: receive packet: type 1
4660 2022-01-20 10:08:03.481 Received disconnect from 10.x.x.82 port 60642:11: disconnected by user
4660 2022-01-20 10:08:03.481 Disconnected from 10.x.x.82 port 60642
4660 2022-01-20 10:08:03.481 debug1: do_cleanup
4448 2022-01-20 10:08:03.481 debug3: mm_request_receive: entering
4448 2022-01-20 10:08:03.481 debug1: do_cleanup
5644 2022-01-20 10:08:07.013 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:08:07.013 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:08:07.013 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:08:07.013 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:08:07.029 debug3: send_rexec_state: done
1488 2022-01-20 10:08:07.044 debug1: inetd sockets after dupping: 4, 4
1488 2022-01-20 10:08:07.044 Connection from 10.x.x.82 port 60626 on 10.x.x.34 port 22
1488 2022-01-20 10:08:07.044 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
1488 2022-01-20 10:08:07.044 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
1488 2022-01-20 10:08:07.044 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
1488 2022-01-20 10:08:07.044 debug2: fd 4 setting O_NONBLOCK
1488 2022-01-20 10:08:07.076 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
1488 2022-01-20 10:08:07.076 debug2: Network child is on pid 4824
1488 2022-01-20 10:08:07.076 debug3: send_rexec_state: entering fd = 6 config len 1500
1488 2022-01-20 10:08:07.076 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.076 debug3: send_rexec_state: done
1488 2022-01-20 10:08:07.076 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.076 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.076 debug3: preauth child monitor started
1488 2022-01-20 10:08:07.091 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
1488 2022-01-20 10:08:07.091 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
1488 2022-01-20 10:08:07.091 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
1488 2022-01-20 10:08:07.091 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
1488 2022-01-20 10:08:07.091 debug3: send packet: type 20 [preauth]
1488 2022-01-20 10:08:07.091 debug1: SSH2_MSG_KEXINIT sent [preauth]
1488 2022-01-20 10:08:07.091 debug3: receive packet: type 20 [preauth]
1488 2022-01-20 10:08:07.091 debug1: SSH2_MSG_KEXINIT received [preauth]
1488 2022-01-20 10:08:07.091 debug2: local server KEXINIT proposal [preauth]
1488 2022-01-20 10:08:07.091 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
1488 2022-01-20 10:08:07.091 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
1488 2022-01-20 10:08:07.091 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
1488 2022-01-20 10:08:07.091 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
1488 2022-01-20 10:08:07.091 debug2: compression ctos: none,[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: compression stoc: none,[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: languages ctos: [preauth]
1488 2022-01-20 10:08:07.091 debug2: languages stoc: [preauth]
1488 2022-01-20 10:08:07.091 debug2: first_kex_follows 0 [preauth]
1488 2022-01-20 10:08:07.091 debug2: reserved 0 [preauth]
1488 2022-01-20 10:08:07.091 debug2: peer client KEXINIT proposal [preauth]
1488 2022-01-20 10:08:07.091 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
1488 2022-01-20 10:08:07.091 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
1488 2022-01-20 10:08:07.091 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
1488 2022-01-20 10:08:07.091 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
1488 2022-01-20 10:08:07.091 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
1488 2022-01-20 10:08:07.091 debug2: compression ctos: none,[email protected],zlib [preauth]
1488 2022-01-20 10:08:07.091 debug2: compression stoc: none,[email protected],zlib [preauth]
1488 2022-01-20 10:08:07.091 debug2: languages ctos: [preauth]
1488 2022-01-20 10:08:07.091 debug2: languages stoc: [preauth]
1488 2022-01-20 10:08:07.091 debug2: first_kex_follows 0 [preauth]
1488 2022-01-20 10:08:07.091 debug2: reserved 0 [preauth]
1488 2022-01-20 10:08:07.091 debug1: kex: algorithm: curve25519-sha256 [preauth]
1488 2022-01-20 10:08:07.091 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
1488 2022-01-20 10:08:07.091 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
1488 2022-01-20 10:08:07.091 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
1488 2022-01-20 10:08:07.091 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
1488 2022-01-20 10:08:07.169 debug3: receive packet: type 30 [preauth]
1488 2022-01-20 10:08:07.169 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_sshkey_sign: entering [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_request_send: entering, type 6 [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_request_receive_expect: entering, type 7 [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.169 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.169 debug3: monitor_read: checking request 6
1488 2022-01-20 10:08:07.169 debug3: mm_answer_sign: entering
1488 2022-01-20 10:08:07.169 debug3: mm_answer_sign: KEX signature 000001B027B5F830(100)
1488 2022-01-20 10:08:07.169 debug3: mm_request_send: entering, type 7
1488 2022-01-20 10:08:07.169 debug2: monitor_read: 6 used once, disabling now
1488 2022-01-20 10:08:07.169 debug3: send packet: type 31 [preauth]
1488 2022-01-20 10:08:07.169 debug3: send packet: type 21 [preauth]
1488 2022-01-20 10:08:07.169 debug2: set_newkeys: mode 1 [preauth]
1488 2022-01-20 10:08:07.169 debug1: rekey out after 134217728 blocks [preauth]
1488 2022-01-20 10:08:07.169 debug1: SSH2_MSG_NEWKEYS sent [preauth]
1488 2022-01-20 10:08:07.169 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
1488 2022-01-20 10:08:07.169 debug3: send packet: type 7 [preauth]
1488 2022-01-20 10:08:07.169 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
1488 2022-01-20 10:08:07.232 debug3: receive packet: type 21 [preauth]
1488 2022-01-20 10:08:07.232 debug1: SSH2_MSG_NEWKEYS received [preauth]
1488 2022-01-20 10:08:07.232 debug2: set_newkeys: mode 0 [preauth]
1488 2022-01-20 10:08:07.232 debug1: rekey in after 134217728 blocks [preauth]
1488 2022-01-20 10:08:07.232 debug1: KEX done [preauth]
1488 2022-01-20 10:08:07.279 debug3: receive packet: type 5 [preauth]
1488 2022-01-20 10:08:07.279 debug3: send packet: type 6 [preauth]
1488 2022-01-20 10:08:07.294 debug3: receive packet: type 50 [preauth]
1488 2022-01-20 10:08:07.294 debug1: userauth-request for user username service ssh-connection method none [preauth]
1488 2022-01-20 10:08:07.294 debug1: attempt 0 failures 0 [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_getpwnamallow: entering [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_request_send: entering, type 8 [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_request_receive_expect: entering, type 9 [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.294 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.294 debug3: monitor_read: checking request 8
1488 2022-01-20 10:08:07.294 debug3: mm_answer_pwnamallow: entering
1488 2022-01-20 10:08:07.294 debug2: parse_server_config_depth: config reprocess config len 1500
1488 2022-01-20 10:08:07.294 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
1488 2022-01-20 10:08:07.294 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
1488 2022-01-20 10:08:07.310 debug3: LsaLogonUser Succeeded (Impersonation: 0)
1488 2022-01-20 10:08:07.310 debug1: user domain\\username matched group list administrators at line 109
1488 2022-01-20 10:08:07.310 debug3: match found
1488 2022-01-20 10:08:07.310 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
1488 2022-01-20 10:08:07.310 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
1488 2022-01-20 10:08:07.310 debug3: LsaLogonUser Succeeded (Impersonation: 0)
1488 2022-01-20 10:08:07.310 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
1488 2022-01-20 10:08:07.310 debug3: mm_request_send: entering, type 9
1488 2022-01-20 10:08:07.310 debug2: monitor_read: 8 used once, disabling now
1488 2022-01-20 10:08:07.310 debug2: input_userauth_request: setting up authctxt for username [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_inform_authserv: entering [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_request_send: entering, type 4 [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_auth2_read_banner: entering [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_request_send: entering, type 10 [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_request_receive_expect: entering, type 11 [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.310 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.310 debug3: monitor_read: checking request 4
1488 2022-01-20 10:08:07.310 debug3: mm_answer_authserv: service=ssh-connection, style=
1488 2022-01-20 10:08:07.310 debug2: monitor_read: 4 used once, disabling now
1488 2022-01-20 10:08:07.310 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.310 debug3: monitor_read: checking request 10
1488 2022-01-20 10:08:07.310 debug3: mm_request_send: entering, type 11
1488 2022-01-20 10:08:07.310 debug2: monitor_read: 10 used once, disabling now
1488 2022-01-20 10:08:07.310 debug3: send packet: type 53 [preauth]
1488 2022-01-20 10:08:07.310 debug1: userauth_send_banner: sent [preauth]
1488 2022-01-20 10:08:07.310 debug2: input_userauth_request: try method none [preauth]
1488 2022-01-20 10:08:07.310 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
1488 2022-01-20 10:08:07.310 debug3: ensure_minimum_time_since: elapsed 15.619ms, delaying 4.771ms (requested 5.098ms) [preauth]
1488 2022-01-20 10:08:07.326 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
1488 2022-01-20 10:08:07.326 debug3: send packet: type 51 [preauth]
1488 2022-01-20 10:08:07.374 debug3: receive packet: type 50 [preauth]
1488 2022-01-20 10:08:07.374 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
1488 2022-01-20 10:08:07.374 debug1: attempt 1 failures 0 [preauth]
1488 2022-01-20 10:08:07.374 debug2: input_userauth_request: try method publickey [preauth]
1488 2022-01-20 10:08:07.374 debug2: userauth_pubkey: valid user username querying public key ssh-ed25519 <pubkey> [preauth]
1488 2022-01-20 10:08:07.374 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:<pubkey> [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_key_allowed: entering [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_request_send: entering, type 22 [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_request_receive_expect: entering, type 23 [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.374 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.374 debug3: monitor_read: checking request 22
1488 2022-01-20 10:08:07.374 debug3: mm_answer_keyallowed: entering
1488 2022-01-20 10:08:07.374 debug3: mm_answer_keyallowed: key_from_blob: 000001B027B2F8F0
1488 2022-01-20 10:08:07.374 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
1488 2022-01-20 10:08:07.374 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
1488 2022-01-20 10:08:07.374 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
1488 2022-01-20 10:08:07.374 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
1488 2022-01-20 10:08:07.374 debug1: starting subprocess using posix_spawnp
1488 2022-01-20 10:08:07.374 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
1488 2022-01-20 10:08:07.389 debug3: subprocess: AuthorizedKeysCommand pid 1776
1488 2022-01-20 10:08:07.483 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
1488 2022-01-20 10:08:07.483 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
1488 2022-01-20 10:08:07.483 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
1488 2022-01-20 10:08:07.483 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
1488 2022-01-20 10:08:07.483 debug3: mm_request_send: entering, type 23
1488 2022-01-20 10:08:07.483 debug3: send packet: type 60 [preauth]
1488 2022-01-20 10:08:07.483 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
1488 2022-01-20 10:08:07.483 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
1488 2022-01-20 10:08:07.483 debug3: ensure_minimum_time_since: elapsed 109.371ms, delaying 53.750ms (requested 5.098ms) [preauth]
1488 2022-01-20 10:08:07.546 Postponed publickey for username from 10.x.x.82 port 60626 ssh2 [preauth]
1488 2022-01-20 10:08:07.546 debug3: receive packet: type 50 [preauth]
1488 2022-01-20 10:08:07.546 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
1488 2022-01-20 10:08:07.546 debug1: attempt 2 failures 0 [preauth]
1488 2022-01-20 10:08:07.546 debug2: input_userauth_request: try method publickey [preauth]
1488 2022-01-20 10:08:07.546 debug2: userauth_pubkey: valid user username attempting public key ssh-ed25519 <pubkey> [preauth]
1488 2022-01-20 10:08:07.546 debug3: userauth_pubkey: have ssh-ed25519 signature for ED25519 SHA256:<pubkey> [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_key_allowed: entering [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_request_send: entering, type 22 [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_request_receive_expect: entering, type 23 [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.546 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.546 debug3: monitor_read: checking request 22
1488 2022-01-20 10:08:07.546 debug3: mm_answer_keyallowed: entering
1488 2022-01-20 10:08:07.546 debug3: mm_answer_keyallowed: key_from_blob: 000001B027B2F8F0
1488 2022-01-20 10:08:07.546 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
1488 2022-01-20 10:08:07.546 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
1488 2022-01-20 10:08:07.546 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
1488 2022-01-20 10:08:07.546 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
1488 2022-01-20 10:08:07.546 debug1: starting subprocess using posix_spawnp
1488 2022-01-20 10:08:07.546 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
1488 2022-01-20 10:08:07.546 debug3: subprocess: AuthorizedKeysCommand pid 3908
1488 2022-01-20 10:08:07.626 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
1488 2022-01-20 10:08:07.626 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
1488 2022-01-20 10:08:07.626 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
1488 2022-01-20 10:08:07.642 debug3: mm_answer_keyallowed: publickey authentication: ED25519 key is allowed
1488 2022-01-20 10:08:07.642 debug3: mm_request_send: entering, type 23
1488 2022-01-20 10:08:07.642 debug3: mm_sshkey_verify: entering [preauth]
1488 2022-01-20 10:08:07.642 debug3: mm_request_send: entering, type 24 [preauth]
1488 2022-01-20 10:08:07.642 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.642 debug3: monitor_read: checking request 24
1488 2022-01-20 10:08:07.642 debug3: mm_answer_keyverify: publickey 000001B027B2F8F0 signature verified
1488 2022-01-20 10:08:07.642 debug1: auth_activate_options: setting new authentication options
1488 2022-01-20 10:08:07.642 debug3: mm_request_send: entering, type 25
1488 2022-01-20 10:08:07.642 Accepted publickey for username from 10.x.x.82 port 60626 ssh2: ED25519 SHA256:<pubkey>
1488 2022-01-20 10:08:07.642 debug1: monitor_child_preauth: user username authenticated by privileged process
1488 2022-01-20 10:08:07.642 debug3: mm_get_keystate: Waiting for new keys
1488 2022-01-20 10:08:07.642 debug3: mm_request_receive_expect: entering, type 26
1488 2022-01-20 10:08:07.642 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:07.720 debug3: mm_get_keystate: GOT new keys
1488 2022-01-20 10:08:07.720 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
1488 2022-01-20 10:08:07.720 debug3: mm_request_receive_expect: entering, type 25 [preauth]
1488 2022-01-20 10:08:07.720 debug3: mm_request_receive: entering [preauth]
1488 2022-01-20 10:08:07.720 debug1: auth_activate_options: setting new authentication options [preauth]
1488 2022-01-20 10:08:07.720 debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
1488 2022-01-20 10:08:07.720 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
1488 2022-01-20 10:08:07.720 debug3: ensure_minimum_time_since: elapsed 95.990ms, delaying 67.131ms (requested 5.098ms) [preauth]
1488 2022-01-20 10:08:07.720 debug3: send packet: type 52 [preauth]
1488 2022-01-20 10:08:07.720 debug3: mm_request_send: entering, type 26 [preauth]
1488 2022-01-20 10:08:07.720 debug3: mm_send_keystate: Finished sending state [preauth]
1488 2022-01-20 10:08:07.720 debug1: monitor_read_log: child log fd closed
1488 2022-01-20 10:08:07.720 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
1488 2022-01-20 10:08:07.720 debug3: LsaLogonUser Succeeded (Impersonation: 1)
1488 2022-01-20 10:08:07.735 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -z as user
1488 2022-01-20 10:08:07.751 User child is on pid 2952
1488 2022-01-20 10:08:07.751 debug3: send_rexec_state: entering fd = 5 config len 1500
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.751 debug3: send_rexec_state: done
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
1488 2022-01-20 10:08:07.751 debug3: ssh_msg_send: type 0
2952 2022-01-20 10:08:07.767 debug3: recv_idexch_state: entering fd = 3
2952 2022-01-20 10:08:07.767 debug3: ssh_msg_recv entering
2952 2022-01-20 10:08:07.767 debug3: recv_idexch_state: done
2952 2022-01-20 10:08:07.767 debug2: fd 4 setting O_NONBLOCK
2952 2022-01-20 10:08:07.767 debug3: recv_autxctx_state: entering fd = 3
2952 2022-01-20 10:08:07.767 debug3: ssh_msg_recv entering
2952 2022-01-20 10:08:07.767 debug3: recv_autxctx_state: done
2952 2022-01-20 10:08:07.767 debug2: parse_server_config_depth: config reprocess config len 1500
2952 2022-01-20 10:08:07.767 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
2952 2022-01-20 10:08:07.767 debug3: get_user_token - i am running as domain\\username, returning process token
2952 2022-01-20 10:08:07.767 debug1: user domain\\username matched group list administrators at line 109
2952 2022-01-20 10:08:07.767 debug3: match found
2952 2022-01-20 10:08:07.767 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
2952 2022-01-20 10:08:07.767 debug3: get_user_token - i am running as domain\\username, returning process token
2952 2022-01-20 10:08:07.767 debug3: monitor_recv_keystate: entering
2952 2022-01-20 10:08:07.767 debug3: ssh_msg_recv entering
2952 2022-01-20 10:08:07.767 debug3: monitor_recv_keystate: done
2952 2022-01-20 10:08:07.767 debug3: monitor_apply_keystate: packet_set_state
2952 2022-01-20 10:08:07.767 debug2: set_newkeys: mode 0
2952 2022-01-20 10:08:07.767 debug1: rekey in after 134217728 blocks
2952 2022-01-20 10:08:07.767 debug2: set_newkeys: mode 1
2952 2022-01-20 10:08:07.767 debug1: rekey out after 134217728 blocks
2952 2022-01-20 10:08:07.767 debug1: ssh_packet_set_postauth: called
2952 2022-01-20 10:08:07.767 debug3: ssh_packet_set_state: done
2952 2022-01-20 10:08:07.767 debug3: monitor_recv_authopt: entering
2952 2022-01-20 10:08:07.767 debug3: ssh_msg_recv entering
2952 2022-01-20 10:08:07.767 debug3: monitor_recv_authopt: done
2952 2022-01-20 10:08:07.767 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:+TmwBO/kipGLNVWphM+9qFCXNg68ihfAEJ9uFZ94zvM
2952 2022-01-20 10:08:07.767 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:ejFES9PWNwoEhN7TfeO8vlasi/D7t5difu1qMLGipGU
2952 2022-01-20 10:08:07.767 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:YKiccWtwQr58hLkEvjDmX91kpaNlcJXO1Tpitc2v2mc
2952 2022-01-20 10:08:07.767 debug3: notify_hostkeys: sent 3 hostkeys
2952 2022-01-20 10:08:07.767 debug3: send packet: type 80
2952 2022-01-20 10:08:07.767 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
2952 2022-01-20 10:08:07.767 debug1: Entering interactive session for SSH2.
2952 2022-01-20 10:08:07.767 debug2: fd 7 setting O_NONBLOCK
2952 2022-01-20 10:08:07.767 debug2: fd 8 setting O_NONBLOCK
2952 2022-01-20 10:08:07.767 debug1: server_init_dispatch
2952 2022-01-20 10:08:07.767 debug3: receive packet: type 90
2952 2022-01-20 10:08:07.767 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
2952 2022-01-20 10:08:07.767 debug1: input_session_request
2952 2022-01-20 10:08:07.767 debug1: channel 0: new [server-session]
2952 2022-01-20 10:08:07.767 debug2: session_new: allocate (allocated 0 max 10)
2952 2022-01-20 10:08:07.767 debug3: session_unused: session id 0 unused
2952 2022-01-20 10:08:07.767 debug1: session_new: session 0
2952 2022-01-20 10:08:07.767 debug1: session_open: channel 0
2952 2022-01-20 10:08:07.767 debug1: session_open: session 0: link with channel 0
2952 2022-01-20 10:08:07.767 debug1: server_input_channel_open: confirm session
2952 2022-01-20 10:08:07.767 debug3: send packet: type 91
2952 2022-01-20 10:08:07.767 debug3: receive packet: type 80
2952 2022-01-20 10:08:07.767 debug1: server_input_global_request: rtype [email protected] want_reply 0
2952 2022-01-20 10:08:07.939 debug3: receive packet: type 98
2952 2022-01-20 10:08:07.939 debug1: server_input_channel_req: channel 0 request pty-req reply 1
2952 2022-01-20 10:08:07.939 debug1: session_by_channel: session 0 channel 0
2952 2022-01-20 10:08:07.939 debug1: session_input_channel_req: session 0 req pty-req
2952 2022-01-20 10:08:07.939 debug1: Allocating pty.
2952 2022-01-20 10:08:07.939 debug3: fd 9 is not O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug3: fd 10 is not O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug1: session_pty_req: session 0 alloc windows-pty
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
2952 2022-01-20 10:08:07.939 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
2952 2022-01-20 10:08:07.939 debug3: send packet: type 99
2952 2022-01-20 10:08:07.939 debug3: receive packet: type 98
2952 2022-01-20 10:08:07.939 debug1: server_input_channel_req: channel 0 request env reply 0
2952 2022-01-20 10:08:07.939 debug1: session_by_channel: session 0 channel 0
2952 2022-01-20 10:08:07.939 debug1: session_input_channel_req: session 0 req env
2952 2022-01-20 10:08:07.939 debug2: Ignoring env request LANG: disallowed name
2952 2022-01-20 10:08:07.939 debug3: receive packet: type 98
2952 2022-01-20 10:08:07.939 debug1: server_input_channel_req: channel 0 request shell reply 1
2952 2022-01-20 10:08:07.939 debug1: session_by_channel: session 0 channel 0
2952 2022-01-20 10:08:07.939 debug1: session_input_channel_req: session 0 req shell
2952 2022-01-20 10:08:07.939 Starting session: shell on windows-pty for domain\\username from 10.x.x.82 port 60626 id 0
2952 2022-01-20 10:08:07.939 debug2: fd 11 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug2: fd 12 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug2: fd 13 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug2: fd 14 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug2: fd 15 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug2: fd 16 setting O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug3: shell: "c:\\windows\\system32\\cmd.exe"
2952 2022-01-20 10:08:07.939 debug3: shell_option: /c
2952 2022-01-20 10:08:07.939 debug3: couldn't find CreatePseudoConsole() in kernel32.dll dll
2952 2022-01-20 10:08:07.939 debug3: This windows OS doesn't support conpty
2952 2022-01-20 10:08:07.939 debug3: pty commandline: "C:\\Program Files\\OpenSSH-Win64\\ssh-shellhost.exe" ---pty "c:\\windows\\system32\\cmd.exe"
2952 2022-01-20 10:08:07.939 debug2: fd 4 setting TCP_NODELAY
2952 2022-01-20 10:08:07.939 debug2: channel 0: rfd 13 isatty
2952 2022-01-20 10:08:07.939 debug3: fd 13 is O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug3: fd 12 is O_NONBLOCK
2952 2022-01-20 10:08:07.939 debug3: send packet: type 99
2952 2022-01-20 10:08:11.692 debug2: channel 0: read<=0 rfd 13 len 0
2952 2022-01-20 10:08:11.692 debug2: channel 0: read failed
2952 2022-01-20 10:08:11.692 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 13 efd -1 [closed])
2952 2022-01-20 10:08:11.692 debug2: channel 0: input open -> drain
2952 2022-01-20 10:08:11.692 debug2: channel 0: ibuf empty
2952 2022-01-20 10:08:11.692 debug2: channel 0: send eof
2952 2022-01-20 10:08:11.692 debug3: send packet: type 96
2952 2022-01-20 10:08:11.692 debug2: channel 0: input drain -> closed
2952 2022-01-20 10:08:11.692 debug1: Received SIGCHLD.
2952 2022-01-20 10:08:11.692 debug1: session_by_pid: pid 5956
2952 2022-01-20 10:08:11.692 debug1: session_exit_message: session 0 channel 0 pid 5956
2952 2022-01-20 10:08:11.692 debug2: channel 0: request exit-status confirm 0
2952 2022-01-20 10:08:11.692 debug3: send packet: type 98
2952 2022-01-20 10:08:11.692 debug1: session_exit_message: release channel 0
2952 2022-01-20 10:08:11.692 debug2: channel 0: write failed
2952 2022-01-20 10:08:11.692 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 12 efd -1 [closed])
2952 2022-01-20 10:08:11.692 debug2: channel 0: send eow
2952 2022-01-20 10:08:11.692 debug3: send packet: type 98
2952 2022-01-20 10:08:11.692 debug2: channel 0: output open -> closed
2952 2022-01-20 10:08:11.692 debug2: channel 0: send close
2952 2022-01-20 10:08:11.692 debug3: send packet: type 97
2952 2022-01-20 10:08:11.692 debug3: channel 0: will not send data after close
2952 2022-01-20 10:08:11.692 debug2: notify_done: reading
2952 2022-01-20 10:08:11.692 debug3: channel 0: will not send data after close
2952 2022-01-20 10:08:11.755 debug3: receive packet: type 97
2952 2022-01-20 10:08:11.755 debug2: channel 0: rcvd close
2952 2022-01-20 10:08:11.755 debug3: channel 0: will not send data after close
2952 2022-01-20 10:08:11.755 debug2: channel 0: is dead
2952 2022-01-20 10:08:11.755 debug2: channel 0: gc: notify user
2952 2022-01-20 10:08:11.755 debug1: session_by_channel: session 0 channel 0
2952 2022-01-20 10:08:11.755 debug1: session_close_by_channel: channel 0 child 0
2952 2022-01-20 10:08:11.755 Close session: user domain\\username from 10.x.x.82 port 60626 id 0
2952 2022-01-20 10:08:11.755 debug3: session_unused: session id 0 unused
2952 2022-01-20 10:08:11.755 debug2: channel 0: gc: user detached
2952 2022-01-20 10:08:11.755 debug2: channel 0: is dead
2952 2022-01-20 10:08:11.755 debug2: channel 0: garbage collecting
2952 2022-01-20 10:08:11.755 debug1: channel 0: free: server-session, nchannels 1
2952 2022-01-20 10:08:11.755 debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1)\r\n
2952 2022-01-20 10:08:11.755 debug3: receive packet: type 1
2952 2022-01-20 10:08:11.755 Received disconnect from 10.x.x.82 port 60626:11: disconnected by user
2952 2022-01-20 10:08:11.755 Disconnected from 10.x.x.82 port 60626
2952 2022-01-20 10:08:11.755 debug1: do_cleanup
1488 2022-01-20 10:08:11.755 debug3: mm_request_receive: entering
1488 2022-01-20 10:08:11.755 debug1: do_cleanup
5644 2022-01-20 10:08:13.029 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:08:13.029 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:08:13.029 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:08:13.029 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:08:13.029 debug3: send_rexec_state: done
5652 2022-01-20 10:08:13.060 debug1: inetd sockets after dupping: 4, 4
5652 2022-01-20 10:08:13.060 Connection from 10.x.x.82 port 60630 on 10.x.x.34 port 22
5652 2022-01-20 10:08:13.060 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
5652 2022-01-20 10:08:13.060 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
5652 2022-01-20 10:08:13.060 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
5652 2022-01-20 10:08:13.060 debug2: fd 4 setting O_NONBLOCK
5652 2022-01-20 10:08:13.076 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
5652 2022-01-20 10:08:13.076 debug2: Network child is on pid 648
5652 2022-01-20 10:08:13.076 debug3: send_rexec_state: entering fd = 6 config len 1500
5652 2022-01-20 10:08:13.076 debug3: ssh_msg_send: type 0
5652 2022-01-20 10:08:13.076 debug3: send_rexec_state: done
5652 2022-01-20 10:08:13.076 debug3: ssh_msg_send: type 0
5652 2022-01-20 10:08:13.076 debug3: ssh_msg_send: type 0
5652 2022-01-20 10:08:13.076 debug3: preauth child monitor started
5652 2022-01-20 10:08:13.107 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
5652 2022-01-20 10:08:13.107 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
5652 2022-01-20 10:08:13.107 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
5652 2022-01-20 10:08:13.107 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5652 2022-01-20 10:08:13.107 debug3: send packet: type 20 [preauth]
5652 2022-01-20 10:08:13.107 debug1: SSH2_MSG_KEXINIT sent [preauth]
5652 2022-01-20 10:08:13.107 debug3: receive packet: type 20 [preauth]
5652 2022-01-20 10:08:13.107 debug1: SSH2_MSG_KEXINIT received [preauth]
5652 2022-01-20 10:08:13.107 debug2: local server KEXINIT proposal [preauth]
5652 2022-01-20 10:08:13.107 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
5652 2022-01-20 10:08:13.107 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5652 2022-01-20 10:08:13.107 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
5652 2022-01-20 10:08:13.107 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
5652 2022-01-20 10:08:13.107 debug2: compression ctos: none,[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: compression stoc: none,[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: languages ctos: [preauth]
5652 2022-01-20 10:08:13.107 debug2: languages stoc: [preauth]
5652 2022-01-20 10:08:13.107 debug2: first_kex_follows 0 [preauth]
5652 2022-01-20 10:08:13.107 debug2: reserved 0 [preauth]
5652 2022-01-20 10:08:13.107 debug2: peer client KEXINIT proposal [preauth]
5652 2022-01-20 10:08:13.107 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
5652 2022-01-20 10:08:13.107 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
5652 2022-01-20 10:08:13.107 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
5652 2022-01-20 10:08:13.107 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
5652 2022-01-20 10:08:13.107 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
5652 2022-01-20 10:08:13.107 debug2: compression ctos: none,[email protected],zlib [preauth]
5652 2022-01-20 10:08:13.107 debug2: compression stoc: none,[email protected],zlib [preauth]
5652 2022-01-20 10:08:13.107 debug2: languages ctos: [preauth]
5652 2022-01-20 10:08:13.107 debug2: languages stoc: [preauth]
5652 2022-01-20 10:08:13.107 debug2: first_kex_follows 0 [preauth]
5652 2022-01-20 10:08:13.107 debug2: reserved 0 [preauth]
5652 2022-01-20 10:08:13.107 debug1: kex: algorithm: curve25519-sha256 [preauth]
5652 2022-01-20 10:08:13.107 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
5652 2022-01-20 10:08:13.107 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
5652 2022-01-20 10:08:13.107 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
5652 2022-01-20 10:08:13.107 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
5652 2022-01-20 10:08:13.185 debug3: receive packet: type 30 [preauth]
5652 2022-01-20 10:08:13.185 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_sshkey_sign: entering [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_request_send: entering, type 6 [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_request_receive_expect: entering, type 7 [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_request_receive: entering [preauth]
5652 2022-01-20 10:08:13.185 debug3: mm_request_receive: entering
5652 2022-01-20 10:08:13.185 debug3: monitor_read: checking request 6
5652 2022-01-20 10:08:13.185 debug3: mm_answer_sign: entering
5652 2022-01-20 10:08:13.185 debug3: mm_answer_sign: KEX signature 0000014D6FE6DC10(101)
5652 2022-01-20 10:08:13.185 debug3: mm_request_send: entering, type 7
5652 2022-01-20 10:08:13.185 debug2: monitor_read: 6 used once, disabling now
5652 2022-01-20 10:08:13.185 debug3: send packet: type 31 [preauth]
5652 2022-01-20 10:08:13.185 debug3: send packet: type 21 [preauth]
5652 2022-01-20 10:08:13.185 debug2: set_newkeys: mode 1 [preauth]
5652 2022-01-20 10:08:13.185 debug1: rekey out after 134217728 blocks [preauth]
5652 2022-01-20 10:08:13.185 debug1: SSH2_MSG_NEWKEYS sent [preauth]
5652 2022-01-20 10:08:13.185 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
5652 2022-01-20 10:08:13.185 debug3: send packet: type 7 [preauth]
5652 2022-01-20 10:08:13.185 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
5652 2022-01-20 10:08:13.248 debug3: receive packet: type 21 [preauth]
5652 2022-01-20 10:08:13.248 debug1: SSH2_MSG_NEWKEYS received [preauth]
5652 2022-01-20 10:08:13.248 debug2: set_newkeys: mode 0 [preauth]
5652 2022-01-20 10:08:13.248 debug1: rekey in after 134217728 blocks [preauth]
5652 2022-01-20 10:08:13.248 debug1: KEX done [preauth]
5652 2022-01-20 10:08:13.294 debug3: receive packet: type 5 [preauth]
5652 2022-01-20 10:08:13.294 debug3: send packet: type 6 [preauth]
5652 2022-01-20 10:08:13.310 debug3: receive packet: type 50 [preauth]
5652 2022-01-20 10:08:13.310 debug1: userauth-request for user username service ssh-connection method none [preauth]
5652 2022-01-20 10:08:13.310 debug1: attempt 0 failures 0 [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_getpwnamallow: entering [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_request_send: entering, type 8 [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_request_receive_expect: entering, type 9 [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_request_receive: entering [preauth]
5652 2022-01-20 10:08:13.310 debug3: mm_request_receive: entering
5652 2022-01-20 10:08:13.310 debug3: monitor_read: checking request 8
5652 2022-01-20 10:08:13.310 debug3: mm_answer_pwnamallow: entering
5652 2022-01-20 10:08:13.310 debug2: parse_server_config_depth: config reprocess config len 1500
5652 2022-01-20 10:08:13.310 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
5652 2022-01-20 10:08:13.310 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
5652 2022-01-20 10:08:13.326 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
5652 2022-01-20 10:08:13.326 debug3: get_user_token - unable to generate token for user domain\\username
5652 2022-01-20 10:08:13.326 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
5652 2022-01-20 10:08:13.326 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
5652 2022-01-20 10:08:13.326 error: get_user_token - unable to generate token on 2nd attempt for user domain\\username
5652 2022-01-20 10:08:13.326 fatal: ga_init, unable to resolve user domain\\username
5652 2022-01-20 10:08:13.326 debug1: do_cleanup
5652 2022-01-20 10:08:13.326 debug1: Killing privsep child 648
5644 2022-01-20 10:08:15.575 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:08:15.575 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:08:15.591 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:08:15.591 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:08:15.591 debug3: send_rexec_state: done
4712 2022-01-20 10:08:15.606 debug1: inetd sockets after dupping: 4, 4
4712 2022-01-20 10:08:15.606 Connection from 10.x.x.82 port 60636 on 10.x.x.34 port 22
4712 2022-01-20 10:08:15.606 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
4712 2022-01-20 10:08:15.638 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
4712 2022-01-20 10:08:15.638 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
4712 2022-01-20 10:08:15.638 debug2: fd 4 setting O_NONBLOCK
4712 2022-01-20 10:08:15.653 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
4712 2022-01-20 10:08:15.653 debug2: Network child is on pid 4820
4712 2022-01-20 10:08:15.653 debug3: send_rexec_state: entering fd = 6 config len 1500
4712 2022-01-20 10:08:15.653 debug3: ssh_msg_send: type 0
4712 2022-01-20 10:08:15.653 debug3: send_rexec_state: done
4712 2022-01-20 10:08:15.653 debug3: ssh_msg_send: type 0
4712 2022-01-20 10:08:15.653 debug3: ssh_msg_send: type 0
4712 2022-01-20 10:08:15.653 debug3: preauth child monitor started
4712 2022-01-20 10:08:15.669 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
4712 2022-01-20 10:08:15.669 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
4712 2022-01-20 10:08:15.669 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4712 2022-01-20 10:08:15.669 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4712 2022-01-20 10:08:15.669 debug3: send packet: type 20 [preauth]
4712 2022-01-20 10:08:15.669 debug1: SSH2_MSG_KEXINIT sent [preauth]
4712 2022-01-20 10:08:15.908 debug3: receive packet: type 20 [preauth]
4712 2022-01-20 10:08:15.908 debug1: SSH2_MSG_KEXINIT received [preauth]
4712 2022-01-20 10:08:15.908 debug2: local server KEXINIT proposal [preauth]
4712 2022-01-20 10:08:15.908 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
4712 2022-01-20 10:08:15.908 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4712 2022-01-20 10:08:15.908 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4712 2022-01-20 10:08:15.908 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
4712 2022-01-20 10:08:15.908 debug2: compression ctos: none,[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: compression stoc: none,[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: languages ctos: [preauth]
4712 2022-01-20 10:08:15.908 debug2: languages stoc: [preauth]
4712 2022-01-20 10:08:15.908 debug2: first_kex_follows 0 [preauth]
4712 2022-01-20 10:08:15.908 debug2: reserved 0 [preauth]
4712 2022-01-20 10:08:15.908 debug2: peer client KEXINIT proposal [preauth]
4712 2022-01-20 10:08:15.908 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
4712 2022-01-20 10:08:15.908 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
4712 2022-01-20 10:08:15.908 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
4712 2022-01-20 10:08:15.908 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4712 2022-01-20 10:08:15.908 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4712 2022-01-20 10:08:15.908 debug2: compression ctos: none,[email protected],zlib [preauth]
4712 2022-01-20 10:08:15.908 debug2: compression stoc: none,[email protected],zlib [preauth]
4712 2022-01-20 10:08:15.908 debug2: languages ctos: [preauth]
4712 2022-01-20 10:08:15.908 debug2: languages stoc: [preauth]
4712 2022-01-20 10:08:15.908 debug2: first_kex_follows 0 [preauth]
4712 2022-01-20 10:08:15.908 debug2: reserved 0 [preauth]
4712 2022-01-20 10:08:15.908 debug1: kex: algorithm: curve25519-sha256 [preauth]
4712 2022-01-20 10:08:15.908 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
4712 2022-01-20 10:08:15.908 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
4712 2022-01-20 10:08:15.908 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
4712 2022-01-20 10:08:15.908 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4712 2022-01-20 10:08:15.924 debug3: receive packet: type 30 [preauth]
4712 2022-01-20 10:08:15.924 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_sshkey_sign: entering [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_request_send: entering, type 6 [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_request_receive: entering [preauth]
4712 2022-01-20 10:08:15.924 debug3: mm_request_receive: entering
4712 2022-01-20 10:08:15.924 debug3: monitor_read: checking request 6
4712 2022-01-20 10:08:15.924 debug3: mm_answer_sign: entering
4712 2022-01-20 10:08:15.924 debug3: mm_answer_sign: KEX signature 0000018323400100(100)
4712 2022-01-20 10:08:15.924 debug3: mm_request_send: entering, type 7
4712 2022-01-20 10:08:15.924 debug2: monitor_read: 6 used once, disabling now
4712 2022-01-20 10:08:15.924 debug3: send packet: type 31 [preauth]
4712 2022-01-20 10:08:15.924 debug3: send packet: type 21 [preauth]
4712 2022-01-20 10:08:15.924 debug2: set_newkeys: mode 1 [preauth]
4712 2022-01-20 10:08:15.924 debug1: rekey out after 134217728 blocks [preauth]
4712 2022-01-20 10:08:15.924 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4712 2022-01-20 10:08:15.924 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4712 2022-01-20 10:08:15.924 debug3: send packet: type 7 [preauth]
4712 2022-01-20 10:08:15.924 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4712 2022-01-20 10:08:15.987 debug3: receive packet: type 21 [preauth]
4712 2022-01-20 10:08:15.987 debug1: SSH2_MSG_NEWKEYS received [preauth]
4712 2022-01-20 10:08:15.987 debug2: set_newkeys: mode 0 [preauth]
4712 2022-01-20 10:08:15.987 debug1: rekey in after 134217728 blocks [preauth]
4712 2022-01-20 10:08:15.987 debug1: KEX done [preauth]
4712 2022-01-20 10:08:16.021 debug3: receive packet: type 5 [preauth]
4712 2022-01-20 10:08:16.021 debug3: send packet: type 6 [preauth]
4712 2022-01-20 10:08:16.084 debug3: receive packet: type 50 [preauth]
4712 2022-01-20 10:08:16.084 debug1: userauth-request for user username service ssh-connection method none [preauth]
4712 2022-01-20 10:08:16.084 debug1: attempt 0 failures 0 [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_getpwnamallow: entering [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_request_send: entering, type 8 [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_request_receive: entering [preauth]
4712 2022-01-20 10:08:16.084 debug3: mm_request_receive: entering
4712 2022-01-20 10:08:16.084 debug3: monitor_read: checking request 8
4712 2022-01-20 10:08:16.084 debug3: mm_answer_pwnamallow: entering
4712 2022-01-20 10:08:16.084 debug2: parse_server_config_depth: config reprocess config len 1500
4712 2022-01-20 10:08:16.084 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
4712 2022-01-20 10:08:16.099 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4712 2022-01-20 10:08:16.099 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
4712 2022-01-20 10:08:16.099 debug3: get_user_token - unable to generate token for user domain\\username
4712 2022-01-20 10:08:16.099 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
4712 2022-01-20 10:08:16.099 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\username' Status: 0xC000006E SubStatus -1073741710.
4712 2022-01-20 10:08:16.099 error: get_user_token - unable to generate token on 2nd attempt for user domain\\username
4712 2022-01-20 10:08:16.099 fatal: ga_init, unable to resolve user domain\\username
4712 2022-01-20 10:08:16.099 debug1: do_cleanup
4712 2022-01-20 10:08:16.099 debug1: Killing privsep child 4820
5644 2022-01-20 10:08:26.428 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:08:26.428 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:08:26.444 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:08:26.444 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:08:26.444 debug3: send_rexec_state: done
608 2022-01-20 10:08:26.459 debug1: inetd sockets after dupping: 4, 4
608 2022-01-20 10:08:26.459 Connection from 10.x.x.82 port 60640 on 10.x.x.34 port 22
608 2022-01-20 10:08:26.459 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
608 2022-01-20 10:08:26.459 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
608 2022-01-20 10:08:26.459 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
608 2022-01-20 10:08:26.459 debug2: fd 4 setting O_NONBLOCK
608 2022-01-20 10:08:26.491 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
608 2022-01-20 10:08:26.491 debug2: Network child is on pid 5956
608 2022-01-20 10:08:26.491 debug3: send_rexec_state: entering fd = 6 config len 1500
608 2022-01-20 10:08:26.491 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:26.491 debug3: send_rexec_state: done
608 2022-01-20 10:08:26.491 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:26.491 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:26.491 debug3: preauth child monitor started
608 2022-01-20 10:08:26.506 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
608 2022-01-20 10:08:26.506 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
608 2022-01-20 10:08:26.506 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
608 2022-01-20 10:08:26.506 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
608 2022-01-20 10:08:26.506 debug3: send packet: type 20 [preauth]
608 2022-01-20 10:08:26.506 debug1: SSH2_MSG_KEXINIT sent [preauth]
608 2022-01-20 10:08:26.506 debug3: receive packet: type 20 [preauth]
608 2022-01-20 10:08:26.506 debug1: SSH2_MSG_KEXINIT received [preauth]
608 2022-01-20 10:08:26.506 debug2: local server KEXINIT proposal [preauth]
608 2022-01-20 10:08:26.506 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
608 2022-01-20 10:08:26.506 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
608 2022-01-20 10:08:26.506 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
608 2022-01-20 10:08:26.506 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
608 2022-01-20 10:08:26.506 debug2: compression ctos: none,[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: compression stoc: none,[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: languages ctos: [preauth]
608 2022-01-20 10:08:26.506 debug2: languages stoc: [preauth]
608 2022-01-20 10:08:26.506 debug2: first_kex_follows 0 [preauth]
608 2022-01-20 10:08:26.506 debug2: reserved 0 [preauth]
608 2022-01-20 10:08:26.506 debug2: peer client KEXINIT proposal [preauth]
608 2022-01-20 10:08:26.506 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
608 2022-01-20 10:08:26.506 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
608 2022-01-20 10:08:26.506 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
608 2022-01-20 10:08:26.506 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
608 2022-01-20 10:08:26.506 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
608 2022-01-20 10:08:26.506 debug2: compression ctos: none,[email protected],zlib [preauth]
608 2022-01-20 10:08:26.506 debug2: compression stoc: none,[email protected],zlib [preauth]
608 2022-01-20 10:08:26.506 debug2: languages ctos: [preauth]
608 2022-01-20 10:08:26.506 debug2: languages stoc: [preauth]
608 2022-01-20 10:08:26.506 debug2: first_kex_follows 0 [preauth]
608 2022-01-20 10:08:26.506 debug2: reserved 0 [preauth]
608 2022-01-20 10:08:26.506 debug1: kex: algorithm: curve25519-sha256 [preauth]
608 2022-01-20 10:08:26.506 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
608 2022-01-20 10:08:26.506 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
608 2022-01-20 10:08:26.506 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
608 2022-01-20 10:08:26.506 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
608 2022-01-20 10:08:26.569 debug3: receive packet: type 30 [preauth]
608 2022-01-20 10:08:26.569 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_sshkey_sign: entering [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_request_send: entering, type 6 [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_request_receive_expect: entering, type 7 [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:26.569 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.569 debug3: monitor_read: checking request 6
608 2022-01-20 10:08:26.569 debug3: mm_answer_sign: entering
608 2022-01-20 10:08:26.569 debug3: mm_answer_sign: KEX signature 000002BCFF9210C0(99)
608 2022-01-20 10:08:26.569 debug3: mm_request_send: entering, type 7
608 2022-01-20 10:08:26.569 debug2: monitor_read: 6 used once, disabling now
608 2022-01-20 10:08:26.569 debug3: send packet: type 31 [preauth]
608 2022-01-20 10:08:26.569 debug3: send packet: type 21 [preauth]
608 2022-01-20 10:08:26.569 debug2: set_newkeys: mode 1 [preauth]
608 2022-01-20 10:08:26.569 debug1: rekey out after 134217728 blocks [preauth]
608 2022-01-20 10:08:26.569 debug1: SSH2_MSG_NEWKEYS sent [preauth]
608 2022-01-20 10:08:26.569 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
608 2022-01-20 10:08:26.569 debug3: send packet: type 7 [preauth]
608 2022-01-20 10:08:26.569 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
608 2022-01-20 10:08:26.631 debug3: receive packet: type 21 [preauth]
608 2022-01-20 10:08:26.631 debug1: SSH2_MSG_NEWKEYS received [preauth]
608 2022-01-20 10:08:26.631 debug2: set_newkeys: mode 0 [preauth]
608 2022-01-20 10:08:26.631 debug1: rekey in after 134217728 blocks [preauth]
608 2022-01-20 10:08:26.631 debug1: KEX done [preauth]
608 2022-01-20 10:08:26.662 debug3: receive packet: type 5 [preauth]
608 2022-01-20 10:08:26.662 debug3: send packet: type 6 [preauth]
608 2022-01-20 10:08:26.678 debug3: receive packet: type 50 [preauth]
608 2022-01-20 10:08:26.678 debug1: userauth-request for user username service ssh-connection method none [preauth]
608 2022-01-20 10:08:26.678 debug1: attempt 0 failures 0 [preauth]
608 2022-01-20 10:08:26.678 debug3: mm_getpwnamallow: entering [preauth]
608 2022-01-20 10:08:26.678 debug3: mm_request_send: entering, type 8 [preauth]
608 2022-01-20 10:08:26.678 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.678 debug3: monitor_read: checking request 8
608 2022-01-20 10:08:26.678 debug3: mm_answer_pwnamallow: entering
608 2022-01-20 10:08:26.678 debug2: parse_server_config_depth: config reprocess config len 1500
608 2022-01-20 10:08:26.678 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
608 2022-01-20 10:08:26.694 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
608 2022-01-20 10:08:26.694 debug3: LsaLogonUser Succeeded (Impersonation: 0)
608 2022-01-20 10:08:26.694 debug1: user domain\\username matched group list administrators at line 109
608 2022-01-20 10:08:26.694 debug3: match found
608 2022-01-20 10:08:26.694 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
608 2022-01-20 10:08:26.694 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
608 2022-01-20 10:08:26.694 debug3: LsaLogonUser Succeeded (Impersonation: 0)
608 2022-01-20 10:08:26.694 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
608 2022-01-20 10:08:26.694 debug3: mm_request_send: entering, type 9
608 2022-01-20 10:08:26.694 debug2: monitor_read: 8 used once, disabling now
608 2022-01-20 10:08:26.694 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_receive_expect: entering, type 9 [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:26.694 debug2: input_userauth_request: setting up authctxt for username [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_inform_authserv: entering [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_send: entering, type 4 [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_auth2_read_banner: entering [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_send: entering, type 10 [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_receive_expect: entering, type 11 [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:26.694 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.694 debug3: monitor_read: checking request 4
608 2022-01-20 10:08:26.694 debug3: mm_answer_authserv: service=ssh-connection, style=
608 2022-01-20 10:08:26.694 debug2: monitor_read: 4 used once, disabling now
608 2022-01-20 10:08:26.694 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.694 debug3: monitor_read: checking request 10
608 2022-01-20 10:08:26.694 debug3: mm_request_send: entering, type 11
608 2022-01-20 10:08:26.694 debug2: monitor_read: 10 used once, disabling now
608 2022-01-20 10:08:26.694 debug3: send packet: type 53 [preauth]
608 2022-01-20 10:08:26.694 debug1: userauth_send_banner: sent [preauth]
608 2022-01-20 10:08:26.694 debug2: input_userauth_request: try method none [preauth]
608 2022-01-20 10:08:26.694 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
608 2022-01-20 10:08:26.694 debug3: ensure_minimum_time_since: elapsed 15.620ms, delaying 4.770ms (requested 5.098ms) [preauth]
608 2022-01-20 10:08:26.709 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
608 2022-01-20 10:08:26.709 debug3: send packet: type 51 [preauth]
608 2022-01-20 10:08:26.773 debug3: receive packet: type 50 [preauth]
608 2022-01-20 10:08:26.773 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
608 2022-01-20 10:08:26.773 debug1: attempt 1 failures 0 [preauth]
608 2022-01-20 10:08:26.773 debug2: input_userauth_request: try method publickey [preauth]
608 2022-01-20 10:08:26.773 debug2: userauth_pubkey: valid user username querying public key ssh-ed25519 <pubkey> [preauth]
608 2022-01-20 10:08:26.773 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:<pubkey> [preauth]
608 2022-01-20 10:08:26.773 debug3: mm_key_allowed: entering [preauth]
608 2022-01-20 10:08:26.773 debug3: mm_request_send: entering, type 22 [preauth]
608 2022-01-20 10:08:26.773 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.773 debug3: monitor_read: checking request 22
608 2022-01-20 10:08:26.773 debug3: mm_answer_keyallowed: entering
608 2022-01-20 10:08:26.773 debug3: mm_answer_keyallowed: key_from_blob: 000002BCFF8CD0A0
608 2022-01-20 10:08:26.773 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
608 2022-01-20 10:08:26.773 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
608 2022-01-20 10:08:26.773 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
608 2022-01-20 10:08:26.773 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
608 2022-01-20 10:08:26.773 debug1: starting subprocess using posix_spawnp
608 2022-01-20 10:08:26.773 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
608 2022-01-20 10:08:26.773 debug3: subprocess: AuthorizedKeysCommand pid 4800
608 2022-01-20 10:08:26.882 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
608 2022-01-20 10:08:26.882 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
608 2022-01-20 10:08:26.882 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
608 2022-01-20 10:08:26.898 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
608 2022-01-20 10:08:26.898 debug3: mm_request_send: entering, type 23
608 2022-01-20 10:08:26.898 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
608 2022-01-20 10:08:26.898 debug3: mm_request_receive_expect: entering, type 23 [preauth]
608 2022-01-20 10:08:26.898 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:26.898 debug3: send packet: type 60 [preauth]
608 2022-01-20 10:08:26.898 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
608 2022-01-20 10:08:26.898 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
608 2022-01-20 10:08:26.898 debug3: ensure_minimum_time_since: elapsed 124.934ms, delaying 38.187ms (requested 5.098ms) [preauth]
608 2022-01-20 10:08:26.945 Postponed publickey for username from 10.x.x.82 port 60640 ssh2 [preauth]
608 2022-01-20 10:08:26.945 debug3: receive packet: type 50 [preauth]
608 2022-01-20 10:08:26.945 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
608 2022-01-20 10:08:26.945 debug1: attempt 2 failures 0 [preauth]
608 2022-01-20 10:08:26.945 debug2: input_userauth_request: try method publickey [preauth]
608 2022-01-20 10:08:26.945 debug2: userauth_pubkey: valid user username attempting public key ssh-ed25519 <pubkey> [preauth]
608 2022-01-20 10:08:26.945 debug3: userauth_pubkey: have ssh-ed25519 signature for ED25519 SHA256:<pubkey> [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_key_allowed: entering [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_request_send: entering, type 22 [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_request_receive_expect: entering, type 23 [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:26.945 debug3: mm_request_receive: entering
608 2022-01-20 10:08:26.945 debug3: monitor_read: checking request 22
608 2022-01-20 10:08:26.945 debug3: mm_answer_keyallowed: entering
608 2022-01-20 10:08:26.945 debug3: mm_answer_keyallowed: key_from_blob: 000002BCFF8CD0A0
608 2022-01-20 10:08:26.945 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
608 2022-01-20 10:08:26.945 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
608 2022-01-20 10:08:26.945 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
608 2022-01-20 10:08:26.945 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
608 2022-01-20 10:08:26.945 debug1: starting subprocess using posix_spawnp
608 2022-01-20 10:08:26.945 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
608 2022-01-20 10:08:26.945 debug3: subprocess: AuthorizedKeysCommand pid 5532
608 2022-01-20 10:08:27.023 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
608 2022-01-20 10:08:27.023 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
608 2022-01-20 10:08:27.023 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
608 2022-01-20 10:08:27.023 debug3: mm_answer_keyallowed: publickey authentication: ED25519 key is allowed
608 2022-01-20 10:08:27.023 debug3: mm_request_send: entering, type 23
608 2022-01-20 10:08:27.023 debug3: mm_sshkey_verify: entering [preauth]
608 2022-01-20 10:08:27.023 debug3: mm_request_send: entering, type 24 [preauth]
608 2022-01-20 10:08:27.023 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
608 2022-01-20 10:08:27.023 debug3: mm_request_receive_expect: entering, type 25 [preauth]
608 2022-01-20 10:08:27.023 debug3: mm_request_receive: entering [preauth]
608 2022-01-20 10:08:27.023 debug3: mm_request_receive: entering
608 2022-01-20 10:08:27.023 debug3: monitor_read: checking request 24
608 2022-01-20 10:08:27.023 debug3: mm_answer_keyverify: publickey 000002BCFF8CD0A0 signature verified
608 2022-01-20 10:08:27.023 debug1: auth_activate_options: setting new authentication options
608 2022-01-20 10:08:27.023 debug3: mm_request_send: entering, type 25
608 2022-01-20 10:08:27.023 Accepted publickey for username from 10.x.x.82 port 60640 ssh2: ED25519 SHA256:<pubkey>
608 2022-01-20 10:08:27.023 debug1: monitor_child_preauth: user username authenticated by privileged process
608 2022-01-20 10:08:27.023 debug3: mm_get_keystate: Waiting for new keys
608 2022-01-20 10:08:27.023 debug3: mm_request_receive_expect: entering, type 26
608 2022-01-20 10:08:27.023 debug3: mm_request_receive: entering
608 2022-01-20 10:08:27.039 debug3: mm_get_keystate: GOT new keys
608 2022-01-20 10:08:27.039 debug1: auth_activate_options: setting new authentication options [preauth]
608 2022-01-20 10:08:27.039 debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
608 2022-01-20 10:08:27.039 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
608 2022-01-20 10:08:27.039 debug3: ensure_minimum_time_since: elapsed 78.098ms, delaying 3.463ms (requested 5.098ms) [preauth]
608 2022-01-20 10:08:27.039 debug3: send packet: type 52 [preauth]
608 2022-01-20 10:08:27.039 debug3: mm_request_send: entering, type 26 [preauth]
608 2022-01-20 10:08:27.039 debug3: mm_send_keystate: Finished sending state [preauth]
608 2022-01-20 10:08:27.039 debug1: monitor_read_log: child log fd closed
608 2022-01-20 10:08:27.039 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
608 2022-01-20 10:08:27.039 debug3: LsaLogonUser Succeeded (Impersonation: 1)
608 2022-01-20 10:08:27.054 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -z as user
608 2022-01-20 10:08:27.054 User child is on pid 5628
608 2022-01-20 10:08:27.054 debug3: send_rexec_state: entering fd = 5 config len 1500
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:27.054 debug3: send_rexec_state: done
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
608 2022-01-20 10:08:27.054 debug3: ssh_msg_send: type 0
5628 2022-01-20 10:08:27.070 debug3: recv_idexch_state: entering fd = 3
5628 2022-01-20 10:08:27.070 debug3: ssh_msg_recv entering
5628 2022-01-20 10:08:27.070 debug3: recv_idexch_state: done
5628 2022-01-20 10:08:27.070 debug2: fd 4 setting O_NONBLOCK
5628 2022-01-20 10:08:27.070 debug3: recv_autxctx_state: entering fd = 3
5628 2022-01-20 10:08:27.070 debug3: ssh_msg_recv entering
5628 2022-01-20 10:08:27.070 debug3: recv_autxctx_state: done
5628 2022-01-20 10:08:27.070 debug2: parse_server_config_depth: config reprocess config len 1500
5628 2022-01-20 10:08:27.070 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
5628 2022-01-20 10:08:27.070 debug3: get_user_token - i am running as domain\\username, returning process token
5628 2022-01-20 10:08:27.070 debug1: user domain\\username matched group list administrators at line 109
5628 2022-01-20 10:08:27.070 debug3: match found
5628 2022-01-20 10:08:27.070 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
5628 2022-01-20 10:08:27.070 debug3: get_user_token - i am running as domain\\username, returning process token
5628 2022-01-20 10:08:27.070 debug3: monitor_recv_keystate: entering
5628 2022-01-20 10:08:27.070 debug3: ssh_msg_recv entering
5628 2022-01-20 10:08:27.070 debug3: monitor_recv_keystate: done
5628 2022-01-20 10:08:27.070 debug3: monitor_apply_keystate: packet_set_state
5628 2022-01-20 10:08:27.070 debug2: set_newkeys: mode 0
5628 2022-01-20 10:08:27.070 debug1: rekey in after 134217728 blocks
5628 2022-01-20 10:08:27.070 debug2: set_newkeys: mode 1
5628 2022-01-20 10:08:27.070 debug1: rekey out after 134217728 blocks
5628 2022-01-20 10:08:27.070 debug1: ssh_packet_set_postauth: called
5628 2022-01-20 10:08:27.070 debug3: ssh_packet_set_state: done
5628 2022-01-20 10:08:27.070 debug3: monitor_recv_authopt: entering
5628 2022-01-20 10:08:27.070 debug3: ssh_msg_recv entering
5628 2022-01-20 10:08:27.070 debug3: monitor_recv_authopt: done
5628 2022-01-20 10:08:27.070 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:+TmwBO/kipGLNVWphM+9qFCXNg68ihfAEJ9uFZ94zvM
5628 2022-01-20 10:08:27.070 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:ejFES9PWNwoEhN7TfeO8vlasi/D7t5difu1qMLGipGU
5628 2022-01-20 10:08:27.070 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:YKiccWtwQr58hLkEvjDmX91kpaNlcJXO1Tpitc2v2mc
5628 2022-01-20 10:08:27.070 debug3: notify_hostkeys: sent 3 hostkeys
5628 2022-01-20 10:08:27.070 debug3: send packet: type 80
5628 2022-01-20 10:08:27.070 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
5628 2022-01-20 10:08:27.070 debug1: Entering interactive session for SSH2.
5628 2022-01-20 10:08:27.070 debug2: fd 7 setting O_NONBLOCK
5628 2022-01-20 10:08:27.070 debug2: fd 8 setting O_NONBLOCK
5628 2022-01-20 10:08:27.070 debug1: server_init_dispatch
5628 2022-01-20 10:08:27.070 debug3: receive packet: type 90
5628 2022-01-20 10:08:27.070 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
5628 2022-01-20 10:08:27.070 debug1: input_session_request
5628 2022-01-20 10:08:27.070 debug1: channel 0: new [server-session]
5628 2022-01-20 10:08:27.070 debug2: session_new: allocate (allocated 0 max 10)
5628 2022-01-20 10:08:27.070 debug3: session_unused: session id 0 unused
5628 2022-01-20 10:08:27.070 debug1: session_new: session 0
5628 2022-01-20 10:08:27.070 debug1: session_open: channel 0
5628 2022-01-20 10:08:27.070 debug1: session_open: session 0: link with channel 0
5628 2022-01-20 10:08:27.070 debug1: server_input_channel_open: confirm session
5628 2022-01-20 10:08:27.070 debug3: send packet: type 91
5628 2022-01-20 10:08:27.070 debug3: receive packet: type 80
5628 2022-01-20 10:08:27.070 debug1: server_input_global_request: rtype [email protected] want_reply 0
5628 2022-01-20 10:08:27.242 debug3: receive packet: type 98
5628 2022-01-20 10:08:27.242 debug1: server_input_channel_req: channel 0 request pty-req reply 1
5628 2022-01-20 10:08:27.242 debug1: session_by_channel: session 0 channel 0
5628 2022-01-20 10:08:27.242 debug1: session_input_channel_req: session 0 req pty-req
5628 2022-01-20 10:08:27.242 debug1: Allocating pty.
5628 2022-01-20 10:08:27.242 debug3: fd 9 is not O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug3: fd 10 is not O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug1: session_pty_req: session 0 alloc windows-pty
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
5628 2022-01-20 10:08:27.242 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
5628 2022-01-20 10:08:27.242 debug3: send packet: type 99
5628 2022-01-20 10:08:27.242 debug3: receive packet: type 98
5628 2022-01-20 10:08:27.242 debug1: server_input_channel_req: channel 0 request env reply 0
5628 2022-01-20 10:08:27.242 debug1: session_by_channel: session 0 channel 0
5628 2022-01-20 10:08:27.242 debug1: session_input_channel_req: session 0 req env
5628 2022-01-20 10:08:27.242 debug2: Ignoring env request LANG: disallowed name
5628 2022-01-20 10:08:27.242 debug3: receive packet: type 98
5628 2022-01-20 10:08:27.242 debug1: server_input_channel_req: channel 0 request shell reply 1
5628 2022-01-20 10:08:27.242 debug1: session_by_channel: session 0 channel 0
5628 2022-01-20 10:08:27.242 debug1: session_input_channel_req: session 0 req shell
5628 2022-01-20 10:08:27.242 Starting session: shell on windows-pty for domain\\username from 10.x.x.82 port 60640 id 0
5628 2022-01-20 10:08:27.242 debug2: fd 11 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug2: fd 12 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug2: fd 13 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug2: fd 14 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug2: fd 15 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug2: fd 16 setting O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug3: shell: "c:\\windows\\system32\\cmd.exe"
5628 2022-01-20 10:08:27.242 debug3: shell_option: /c
5628 2022-01-20 10:08:27.242 debug3: couldn't find CreatePseudoConsole() in kernel32.dll dll
5628 2022-01-20 10:08:27.242 debug3: This windows OS doesn't support conpty
5628 2022-01-20 10:08:27.242 debug3: pty commandline: "C:\\Program Files\\OpenSSH-Win64\\ssh-shellhost.exe" ---pty "c:\\windows\\system32\\cmd.exe"
5628 2022-01-20 10:08:27.242 debug2: fd 4 setting TCP_NODELAY
5628 2022-01-20 10:08:27.242 debug2: channel 0: rfd 13 isatty
5628 2022-01-20 10:08:27.242 debug3: fd 13 is O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug3: fd 12 is O_NONBLOCK
5628 2022-01-20 10:08:27.242 debug3: send packet: type 99
5628 2022-01-20 10:08:40.041 debug2: channel 0: read<=0 rfd 13 len 0
5628 2022-01-20 10:08:40.041 debug2: channel 0: read failed
5628 2022-01-20 10:08:40.041 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 13 efd -1 [closed])
5628 2022-01-20 10:08:40.041 debug2: channel 0: input open -> drain
5628 2022-01-20 10:08:40.041 debug2: channel 0: ibuf empty
5628 2022-01-20 10:08:40.041 debug2: channel 0: send eof
5628 2022-01-20 10:08:40.041 debug3: send packet: type 96
5628 2022-01-20 10:08:40.041 debug2: channel 0: input drain -> closed
5628 2022-01-20 10:08:40.041 debug1: Received SIGCHLD.
5628 2022-01-20 10:08:40.041 debug1: session_by_pid: pid 1500
5628 2022-01-20 10:08:40.041 debug1: session_exit_message: session 0 channel 0 pid 1500
5628 2022-01-20 10:08:40.041 debug2: channel 0: request exit-status confirm 0
5628 2022-01-20 10:08:40.041 debug3: send packet: type 98
5628 2022-01-20 10:08:40.041 debug1: session_exit_message: release channel 0
5628 2022-01-20 10:08:40.041 debug2: channel 0: write failed
5628 2022-01-20 10:08:40.041 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 12 efd -1 [closed])
5628 2022-01-20 10:08:40.041 debug2: channel 0: send eow
5628 2022-01-20 10:08:40.041 debug3: send packet: type 98
5628 2022-01-20 10:08:40.041 debug2: channel 0: output open -> closed
5628 2022-01-20 10:08:40.041 debug2: channel 0: send close
5628 2022-01-20 10:08:40.041 debug3: send packet: type 97
5628 2022-01-20 10:08:40.041 debug3: channel 0: will not send data after close
5628 2022-01-20 10:08:40.041 debug2: notify_done: reading
5628 2022-01-20 10:08:40.041 debug3: channel 0: will not send data after close
5628 2022-01-20 10:08:40.088 debug3: receive packet: type 97
5628 2022-01-20 10:08:40.088 debug2: channel 0: rcvd close
5628 2022-01-20 10:08:40.088 debug3: channel 0: will not send data after close
5628 2022-01-20 10:08:40.088 debug2: channel 0: is dead
5628 2022-01-20 10:08:40.088 debug2: channel 0: gc: notify user
5628 2022-01-20 10:08:40.088 debug1: session_by_channel: session 0 channel 0
5628 2022-01-20 10:08:40.088 debug1: session_close_by_channel: channel 0 child 0
5628 2022-01-20 10:08:40.088 Close session: user domain\\username from 10.x.x.82 port 60640 id 0
5628 2022-01-20 10:08:40.088 debug3: session_unused: session id 0 unused
5628 2022-01-20 10:08:40.088 debug2: channel 0: gc: user detached
5628 2022-01-20 10:08:40.088 debug2: channel 0: is dead
5628 2022-01-20 10:08:40.088 debug2: channel 0: garbage collecting
5628 2022-01-20 10:08:40.088 debug1: channel 0: free: server-session, nchannels 1
5628 2022-01-20 10:08:40.088 debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1)\r\n
5628 2022-01-20 10:08:40.088 debug3: receive packet: type 1
5628 2022-01-20 10:08:40.088 Received disconnect from 10.x.x.82 port 60640:11: disconnected by user
5628 2022-01-20 10:08:40.088 Disconnected from 10.x.x.82 port 60640
5628 2022-01-20 10:08:40.088 debug1: do_cleanup
608 2022-01-20 10:08:40.103 debug3: mm_request_receive: entering
608 2022-01-20 10:08:40.103 debug1: do_cleanup
5644 2022-01-20 10:08:40.816 debug3: fd 5 is not O_NONBLOCK
5644 2022-01-20 10:08:40.816 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R as subprocess
5644 2022-01-20 10:08:40.816 debug3: send_rexec_state: entering fd = 8 config len 1500
5644 2022-01-20 10:08:40.816 debug3: ssh_msg_send: type 0
5644 2022-01-20 10:08:40.816 debug3: send_rexec_state: done
3736 2022-01-20 10:08:40.847 debug1: inetd sockets after dupping: 4, 4
3736 2022-01-20 10:08:40.847 Connection from 10.x.x.82 port 60644 on 10.x.x.34 port 22
3736 2022-01-20 10:08:40.847 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
3736 2022-01-20 10:08:40.847 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
3736 2022-01-20 10:08:40.847 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
3736 2022-01-20 10:08:40.847 debug2: fd 4 setting O_NONBLOCK
3736 2022-01-20 10:08:40.879 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y as user
3736 2022-01-20 10:08:40.879 debug2: Network child is on pid 5836
3736 2022-01-20 10:08:40.879 debug3: send_rexec_state: entering fd = 6 config len 1500
3736 2022-01-20 10:08:40.879 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:40.879 debug3: send_rexec_state: done
3736 2022-01-20 10:08:40.879 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:40.879 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:40.879 debug3: preauth child monitor started
3736 2022-01-20 10:08:40.894 debug3: append_hostkey_type: rsa-sha2-512 key not permitted by HostkeyAlgorithms [preauth]
3736 2022-01-20 10:08:40.894 debug3: append_hostkey_type: rsa-sha2-256 key not permitted by HostkeyAlgorithms [preauth]
3736 2022-01-20 10:08:40.894 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
3736 2022-01-20 10:08:40.894 debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3736 2022-01-20 10:08:40.894 debug3: send packet: type 20 [preauth]
3736 2022-01-20 10:08:40.894 debug1: SSH2_MSG_KEXINIT sent [preauth]
3736 2022-01-20 10:08:40.894 debug3: receive packet: type 20 [preauth]
3736 2022-01-20 10:08:40.894 debug1: SSH2_MSG_KEXINIT received [preauth]
3736 2022-01-20 10:08:40.894 debug2: local server KEXINIT proposal [preauth]
3736 2022-01-20 10:08:40.894 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
3736 2022-01-20 10:08:40.894 debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3736 2022-01-20 10:08:40.894 debug2: ciphers ctos: [email protected],[email protected],[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: ciphers stoc: [email protected],[email protected],[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
3736 2022-01-20 10:08:40.894 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
3736 2022-01-20 10:08:40.894 debug2: compression ctos: none,[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: compression stoc: none,[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: languages ctos: [preauth]
3736 2022-01-20 10:08:40.894 debug2: languages stoc: [preauth]
3736 2022-01-20 10:08:40.894 debug2: first_kex_follows 0 [preauth]
3736 2022-01-20 10:08:40.894 debug2: reserved 0 [preauth]
3736 2022-01-20 10:08:40.894 debug2: peer client KEXINIT proposal [preauth]
3736 2022-01-20 10:08:40.894 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c [preauth]
3736 2022-01-20 10:08:40.894 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
3736 2022-01-20 10:08:40.894 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3736 2022-01-20 10:08:40.894 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3736 2022-01-20 10:08:40.894 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3736 2022-01-20 10:08:40.894 debug2: compression ctos: none,[email protected],zlib [preauth]
3736 2022-01-20 10:08:40.894 debug2: compression stoc: none,[email protected],zlib [preauth]
3736 2022-01-20 10:08:40.894 debug2: languages ctos: [preauth]
3736 2022-01-20 10:08:40.894 debug2: languages stoc: [preauth]
3736 2022-01-20 10:08:40.894 debug2: first_kex_follows 0 [preauth]
3736 2022-01-20 10:08:40.894 debug2: reserved 0 [preauth]
3736 2022-01-20 10:08:40.894 debug1: kex: algorithm: curve25519-sha256 [preauth]
3736 2022-01-20 10:08:40.894 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
3736 2022-01-20 10:08:40.894 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
3736 2022-01-20 10:08:40.894 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
3736 2022-01-20 10:08:40.894 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3736 2022-01-20 10:08:40.974 debug3: receive packet: type 30 [preauth]
3736 2022-01-20 10:08:40.974 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_sshkey_sign: entering [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_request_send: entering, type 6 [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_request_receive_expect: entering, type 7 [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:40.974 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:40.974 debug3: monitor_read: checking request 6
3736 2022-01-20 10:08:40.974 debug3: mm_answer_sign: entering
3736 2022-01-20 10:08:40.990 debug3: mm_answer_sign: KEX signature 000001957331D570(99)
3736 2022-01-20 10:08:40.990 debug3: mm_request_send: entering, type 7
3736 2022-01-20 10:08:40.990 debug2: monitor_read: 6 used once, disabling now
3736 2022-01-20 10:08:40.990 debug3: send packet: type 31 [preauth]
3736 2022-01-20 10:08:40.990 debug3: send packet: type 21 [preauth]
3736 2022-01-20 10:08:40.990 debug2: set_newkeys: mode 1 [preauth]
3736 2022-01-20 10:08:40.990 debug1: rekey out after 134217728 blocks [preauth]
3736 2022-01-20 10:08:40.990 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3736 2022-01-20 10:08:40.990 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
3736 2022-01-20 10:08:40.990 debug3: send packet: type 7 [preauth]
3736 2022-01-20 10:08:40.990 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3736 2022-01-20 10:08:41.054 debug3: receive packet: type 21 [preauth]
3736 2022-01-20 10:08:41.054 debug1: SSH2_MSG_NEWKEYS received [preauth]
3736 2022-01-20 10:08:41.054 debug2: set_newkeys: mode 0 [preauth]
3736 2022-01-20 10:08:41.054 debug1: rekey in after 134217728 blocks [preauth]
3736 2022-01-20 10:08:41.054 debug1: KEX done [preauth]
3736 2022-01-20 10:08:41.087 debug3: receive packet: type 5 [preauth]
3736 2022-01-20 10:08:41.087 debug3: send packet: type 6 [preauth]
3736 2022-01-20 10:08:41.103 debug3: receive packet: type 50 [preauth]
3736 2022-01-20 10:08:41.103 debug1: userauth-request for user username service ssh-connection method none [preauth]
3736 2022-01-20 10:08:41.103 debug1: attempt 0 failures 0 [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_getpwnamallow: entering [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_request_send: entering, type 8 [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_request_receive_expect: entering, type 9 [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:41.103 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.103 debug3: monitor_read: checking request 8
3736 2022-01-20 10:08:41.103 debug3: mm_answer_pwnamallow: entering
3736 2022-01-20 10:08:41.103 debug2: parse_server_config_depth: config reprocess config len 1500
3736 2022-01-20 10:08:41.103 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
3736 2022-01-20 10:08:41.118 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
3736 2022-01-20 10:08:41.118 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3736 2022-01-20 10:08:41.118 debug1: user domain\\username matched group list administrators at line 109
3736 2022-01-20 10:08:41.118 debug3: match found
3736 2022-01-20 10:08:41.118 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3736 2022-01-20 10:08:41.118 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
3736 2022-01-20 10:08:41.118 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3736 2022-01-20 10:08:41.118 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3736 2022-01-20 10:08:41.118 debug3: mm_request_send: entering, type 9
3736 2022-01-20 10:08:41.118 debug2: monitor_read: 8 used once, disabling now
3736 2022-01-20 10:08:41.118 debug2: input_userauth_request: setting up authctxt for username [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_inform_authserv: entering [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_request_send: entering, type 4 [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_auth2_read_banner: entering [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_request_send: entering, type 10 [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_request_receive_expect: entering, type 11 [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:41.118 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.118 debug3: monitor_read: checking request 4
3736 2022-01-20 10:08:41.118 debug3: mm_answer_authserv: service=ssh-connection, style=
3736 2022-01-20 10:08:41.118 debug2: monitor_read: 4 used once, disabling now
3736 2022-01-20 10:08:41.118 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.118 debug3: monitor_read: checking request 10
3736 2022-01-20 10:08:41.118 debug3: mm_request_send: entering, type 11
3736 2022-01-20 10:08:41.118 debug2: monitor_read: 10 used once, disabling now
3736 2022-01-20 10:08:41.118 debug3: send packet: type 53 [preauth]
3736 2022-01-20 10:08:41.118 debug1: userauth_send_banner: sent [preauth]
3736 2022-01-20 10:08:41.118 debug2: input_userauth_request: try method none [preauth]
3736 2022-01-20 10:08:41.118 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3736 2022-01-20 10:08:41.118 debug3: ensure_minimum_time_since: elapsed 15.044ms, delaying 5.346ms (requested 5.098ms) [preauth]
3736 2022-01-20 10:08:41.134 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
3736 2022-01-20 10:08:41.134 debug3: send packet: type 51 [preauth]
3736 2022-01-20 10:08:41.197 debug3: receive packet: type 50 [preauth]
3736 2022-01-20 10:08:41.197 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
3736 2022-01-20 10:08:41.197 debug1: attempt 1 failures 0 [preauth]
3736 2022-01-20 10:08:41.197 debug2: input_userauth_request: try method publickey [preauth]
3736 2022-01-20 10:08:41.197 debug2: userauth_pubkey: valid user username querying public key ssh-ed25519 <pubkey> [preauth]
3736 2022-01-20 10:08:41.197 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:<pubkey> [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_key_allowed: entering [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_request_send: entering, type 22 [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:41.197 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.197 debug3: monitor_read: checking request 22
3736 2022-01-20 10:08:41.197 debug3: mm_answer_keyallowed: entering
3736 2022-01-20 10:08:41.197 debug3: mm_answer_keyallowed: key_from_blob: 00000195733872C0
3736 2022-01-20 10:08:41.197 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3736 2022-01-20 10:08:41.197 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
3736 2022-01-20 10:08:41.197 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
3736 2022-01-20 10:08:41.197 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
3736 2022-01-20 10:08:41.197 debug1: starting subprocess using posix_spawnp
3736 2022-01-20 10:08:41.197 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
3736 2022-01-20 10:08:41.197 debug3: subprocess: AuthorizedKeysCommand pid 5800
3736 2022-01-20 10:08:41.275 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
3736 2022-01-20 10:08:41.275 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
3736 2022-01-20 10:08:41.275 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
3736 2022-01-20 10:08:41.275 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
3736 2022-01-20 10:08:41.275 debug3: mm_request_send: entering, type 23
3736 2022-01-20 10:08:41.275 debug3: send packet: type 60 [preauth]
3736 2022-01-20 10:08:41.275 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
3736 2022-01-20 10:08:41.275 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3736 2022-01-20 10:08:41.275 debug3: ensure_minimum_time_since: elapsed 78.093ms, delaying 3.468ms (requested 5.098ms) [preauth]
3736 2022-01-20 10:08:41.290 Postponed publickey for username from 10.x.x.82 port 60644 ssh2 [preauth]
3736 2022-01-20 10:08:41.290 debug3: receive packet: type 50 [preauth]
3736 2022-01-20 10:08:41.290 debug1: userauth-request for user username service ssh-connection method publickey [preauth]
3736 2022-01-20 10:08:41.290 debug1: attempt 2 failures 0 [preauth]
3736 2022-01-20 10:08:41.290 debug2: input_userauth_request: try method publickey [preauth]
3736 2022-01-20 10:08:41.290 debug2: userauth_pubkey: valid user username attempting public key ssh-ed25519 <pubkey> [preauth]
3736 2022-01-20 10:08:41.290 debug3: userauth_pubkey: have ssh-ed25519 signature for ED25519 SHA256:<pubkey> [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_key_allowed: entering [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_request_send: entering, type 22 [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:41.290 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.290 debug3: monitor_read: checking request 22
3736 2022-01-20 10:08:41.290 debug3: mm_answer_keyallowed: entering
3736 2022-01-20 10:08:41.290 debug3: mm_answer_keyallowed: key_from_blob: 0000019573386660
3736 2022-01-20 10:08:41.290 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3736 2022-01-20 10:08:41.290 debug3: Failed to open file:C:/ProgramData/ssh/administrators_authorized_keys error:2
3736 2022-01-20 10:08:41.290 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
3736 2022-01-20 10:08:41.290 debug3: subprocess: AuthorizedKeysCommand command "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd domain\\username" running as system (flags 0x6)
3736 2022-01-20 10:08:41.290 debug1: starting subprocess using posix_spawnp
3736 2022-01-20 10:08:41.290 debug3: spawning "C:\\ProgramData\\ssh\\adauthorizedkeys.cmd" domain\\username as subprocess
3736 2022-01-20 10:08:41.290 debug3: subprocess: AuthorizedKeysCommand pid 4496
3736 2022-01-20 10:08:41.368 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: matching key found: ED25519 SHA256:<pubkey>
3736 2022-01-20 10:08:41.368 debug1: C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
3736 2022-01-20 10:08:41.368 Accepted key ED25519 SHA256:<pubkey> found at C:\\ProgramData\\ssh\\adauthorizedkeys.cmd:1
3736 2022-01-20 10:08:41.384 debug3: mm_answer_keyallowed: publickey authentication: ED25519 key is allowed
3736 2022-01-20 10:08:41.384 debug3: mm_request_send: entering, type 23
3736 2022-01-20 10:08:41.384 debug3: mm_sshkey_verify: entering [preauth]
3736 2022-01-20 10:08:41.384 debug3: mm_request_send: entering, type 24 [preauth]
3736 2022-01-20 10:08:41.384 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
3736 2022-01-20 10:08:41.384 debug3: mm_request_receive_expect: entering, type 25 [preauth]
3736 2022-01-20 10:08:41.384 debug3: mm_request_receive: entering [preauth]
3736 2022-01-20 10:08:41.384 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.384 debug3: monitor_read: checking request 24
3736 2022-01-20 10:08:41.384 debug3: mm_answer_keyverify: publickey 0000019573386660 signature verified
3736 2022-01-20 10:08:41.384 debug1: auth_activate_options: setting new authentication options
3736 2022-01-20 10:08:41.384 debug3: mm_request_send: entering, type 25
3736 2022-01-20 10:08:41.384 Accepted publickey for username from 10.x.x.82 port 60644 ssh2: ED25519 SHA256:<pubkey>
3736 2022-01-20 10:08:41.384 debug1: monitor_child_preauth: user username authenticated by privileged process
3736 2022-01-20 10:08:41.384 debug3: mm_get_keystate: Waiting for new keys
3736 2022-01-20 10:08:41.384 debug3: mm_request_receive_expect: entering, type 26
3736 2022-01-20 10:08:41.384 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:41.462 debug3: mm_get_keystate: GOT new keys
3736 2022-01-20 10:08:41.462 debug1: auth_activate_options: setting new authentication options [preauth]
3736 2022-01-20 10:08:41.462 debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
3736 2022-01-20 10:08:41.462 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3736 2022-01-20 10:08:41.462 debug3: ensure_minimum_time_since: elapsed 93.723ms, delaying 69.399ms (requested 5.098ms) [preauth]
3736 2022-01-20 10:08:41.462 debug3: send packet: type 52 [preauth]
3736 2022-01-20 10:08:41.462 debug3: mm_request_send: entering, type 26 [preauth]
3736 2022-01-20 10:08:41.462 debug3: mm_send_keystate: Finished sending state [preauth]
3736 2022-01-20 10:08:41.462 debug1: monitor_read_log: child log fd closed
3736 2022-01-20 10:08:41.462 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\\username'=>'[email protected]'
3736 2022-01-20 10:08:41.462 debug3: LsaLogonUser Succeeded (Impersonation: 1)
3736 2022-01-20 10:08:41.478 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -z as user
3736 2022-01-20 10:08:41.478 User child is on pid 5272
3736 2022-01-20 10:08:41.478 debug3: send_rexec_state: entering fd = 5 config len 1500
3736 2022-01-20 10:08:41.478 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:41.493 debug3: send_rexec_state: done
3736 2022-01-20 10:08:41.493 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:41.493 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:41.493 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:41.493 debug3: ssh_msg_send: type 0
3736 2022-01-20 10:08:41.493 debug3: ssh_msg_send: type 0
5272 2022-01-20 10:08:41.493 debug3: recv_idexch_state: entering fd = 3
5272 2022-01-20 10:08:41.493 debug3: ssh_msg_recv entering
5272 2022-01-20 10:08:41.493 debug3: recv_idexch_state: done
5272 2022-01-20 10:08:41.493 debug2: fd 4 setting O_NONBLOCK
5272 2022-01-20 10:08:41.493 debug3: recv_autxctx_state: entering fd = 3
5272 2022-01-20 10:08:41.493 debug3: ssh_msg_recv entering
5272 2022-01-20 10:08:41.493 debug3: recv_autxctx_state: done
5272 2022-01-20 10:08:41.493 debug2: parse_server_config_depth: config reprocess config len 1500
5272 2022-01-20 10:08:41.493 debug3: checking match for 'Group administrators' user domain\\username host 10.x.x.82 addr 10.x.x.82 laddr 10.x.x.34 lport 22
5272 2022-01-20 10:08:41.493 debug3: get_user_token - i am running as domain\\username, returning process token
5272 2022-01-20 10:08:41.493 debug1: user domain\\username matched group list administrators at line 109
5272 2022-01-20 10:08:41.493 debug3: match found
5272 2022-01-20 10:08:41.493 debug3: reprocess config:110 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
5272 2022-01-20 10:08:41.493 debug3: get_user_token - i am running as domain\\username, returning process token
5272 2022-01-20 10:08:41.493 debug3: monitor_recv_keystate: entering
5272 2022-01-20 10:08:41.493 debug3: ssh_msg_recv entering
5272 2022-01-20 10:08:41.493 debug3: monitor_recv_keystate: done
5272 2022-01-20 10:08:41.493 debug3: monitor_apply_keystate: packet_set_state
5272 2022-01-20 10:08:41.493 debug2: set_newkeys: mode 0
5272 2022-01-20 10:08:41.493 debug1: rekey in after 134217728 blocks
5272 2022-01-20 10:08:41.493 debug2: set_newkeys: mode 1
5272 2022-01-20 10:08:41.493 debug1: rekey out after 134217728 blocks
5272 2022-01-20 10:08:41.493 debug1: ssh_packet_set_postauth: called
5272 2022-01-20 10:08:41.493 debug3: ssh_packet_set_state: done
5272 2022-01-20 10:08:41.493 debug3: monitor_recv_authopt: entering
5272 2022-01-20 10:08:41.493 debug3: ssh_msg_recv entering
5272 2022-01-20 10:08:41.493 debug3: monitor_recv_authopt: done
5272 2022-01-20 10:08:41.493 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:+TmwBO/kipGLNVWphM+9qFCXNg68ihfAEJ9uFZ94zvM
5272 2022-01-20 10:08:41.493 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:ejFES9PWNwoEhN7TfeO8vlasi/D7t5difu1qMLGipGU
5272 2022-01-20 10:08:41.493 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:YKiccWtwQr58hLkEvjDmX91kpaNlcJXO1Tpitc2v2mc
5272 2022-01-20 10:08:41.493 debug3: notify_hostkeys: sent 3 hostkeys
5272 2022-01-20 10:08:41.493 debug3: send packet: type 80
5272 2022-01-20 10:08:41.493 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
5272 2022-01-20 10:08:41.493 debug1: Entering interactive session for SSH2.
5272 2022-01-20 10:08:41.493 debug2: fd 7 setting O_NONBLOCK
5272 2022-01-20 10:08:41.493 debug2: fd 8 setting O_NONBLOCK
5272 2022-01-20 10:08:41.493 debug1: server_init_dispatch
5272 2022-01-20 10:08:41.493 debug3: receive packet: type 90
5272 2022-01-20 10:08:41.493 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
5272 2022-01-20 10:08:41.493 debug1: input_session_request
5272 2022-01-20 10:08:41.493 debug1: channel 0: new [server-session]
5272 2022-01-20 10:08:41.493 debug2: session_new: allocate (allocated 0 max 10)
5272 2022-01-20 10:08:41.493 debug3: session_unused: session id 0 unused
5272 2022-01-20 10:08:41.493 debug1: session_new: session 0
5272 2022-01-20 10:08:41.493 debug1: session_open: channel 0
5272 2022-01-20 10:08:41.493 debug1: session_open: session 0: link with channel 0
5272 2022-01-20 10:08:41.493 debug1: server_input_channel_open: confirm session
5272 2022-01-20 10:08:41.493 debug3: send packet: type 91
5272 2022-01-20 10:08:41.493 debug3: receive packet: type 80
5272 2022-01-20 10:08:41.493 debug1: server_input_global_request: rtype [email protected] want_reply 0
5272 2022-01-20 10:08:41.650 debug3: receive packet: type 98
5272 2022-01-20 10:08:41.650 debug1: server_input_channel_req: channel 0 request pty-req reply 1
5272 2022-01-20 10:08:41.650 debug1: session_by_channel: session 0 channel 0
5272 2022-01-20 10:08:41.650 debug1: session_input_channel_req: session 0 req pty-req
5272 2022-01-20 10:08:41.650 debug1: Allocating pty.
5272 2022-01-20 10:08:41.650 debug3: fd 9 is not O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug3: fd 10 is not O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug1: session_pty_req: session 0 alloc windows-pty
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
5272 2022-01-20 10:08:41.650 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
5272 2022-01-20 10:08:41.650 debug3: send packet: type 99
5272 2022-01-20 10:08:41.650 debug3: receive packet: type 98
5272 2022-01-20 10:08:41.650 debug1: server_input_channel_req: channel 0 request env reply 0
5272 2022-01-20 10:08:41.650 debug1: session_by_channel: session 0 channel 0
5272 2022-01-20 10:08:41.650 debug1: session_input_channel_req: session 0 req env
5272 2022-01-20 10:08:41.650 debug2: Ignoring env request LANG: disallowed name
5272 2022-01-20 10:08:41.650 debug3: receive packet: type 98
5272 2022-01-20 10:08:41.650 debug1: server_input_channel_req: channel 0 request shell reply 1
5272 2022-01-20 10:08:41.650 debug1: session_by_channel: session 0 channel 0
5272 2022-01-20 10:08:41.650 debug1: session_input_channel_req: session 0 req shell
5272 2022-01-20 10:08:41.650 Starting session: shell on windows-pty for domain\\username from 10.x.x.82 port 60644 id 0
5272 2022-01-20 10:08:41.650 debug2: fd 11 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug2: fd 12 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug2: fd 13 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug2: fd 14 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug2: fd 15 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug2: fd 16 setting O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug3: shell: "c:\\windows\\system32\\cmd.exe"
5272 2022-01-20 10:08:41.650 debug3: shell_option: /c
5272 2022-01-20 10:08:41.650 debug3: couldn't find CreatePseudoConsole() in kernel32.dll dll
5272 2022-01-20 10:08:41.650 debug3: This windows OS doesn't support conpty
5272 2022-01-20 10:08:41.650 debug3: pty commandline: "C:\\Program Files\\OpenSSH-Win64\\ssh-shellhost.exe" ---pty "c:\\windows\\system32\\cmd.exe"
5272 2022-01-20 10:08:41.650 debug2: fd 4 setting TCP_NODELAY
5272 2022-01-20 10:08:41.650 debug2: channel 0: rfd 13 isatty
5272 2022-01-20 10:08:41.650 debug3: fd 13 is O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug3: fd 12 is O_NONBLOCK
5272 2022-01-20 10:08:41.650 debug3: send packet: type 99
5272 2022-01-20 10:08:47.688 debug2: channel 0: read<=0 rfd 13 len 0
5272 2022-01-20 10:08:47.688 debug2: channel 0: read failed
5272 2022-01-20 10:08:47.688 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 13 efd -1 [closed])
5272 2022-01-20 10:08:47.688 debug2: channel 0: input open -> drain
5272 2022-01-20 10:08:47.688 debug2: channel 0: ibuf empty
5272 2022-01-20 10:08:47.688 debug2: channel 0: send eof
5272 2022-01-20 10:08:47.688 debug3: send packet: type 96
5272 2022-01-20 10:08:47.688 debug2: channel 0: input drain -> closed
5272 2022-01-20 10:08:47.688 debug1: Received SIGCHLD.
5272 2022-01-20 10:08:47.688 debug1: session_by_pid: pid 5044
5272 2022-01-20 10:08:47.688 debug1: session_exit_message: session 0 channel 0 pid 5044
5272 2022-01-20 10:08:47.688 debug2: channel 0: request exit-status confirm 0
5272 2022-01-20 10:08:47.688 debug3: send packet: type 98
5272 2022-01-20 10:08:47.688 debug1: session_exit_message: release channel 0
5272 2022-01-20 10:08:47.688 debug2: channel 0: write failed
5272 2022-01-20 10:08:47.688 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 12 efd -1 [closed])
5272 2022-01-20 10:08:47.688 debug2: channel 0: send eow
5272 2022-01-20 10:08:47.688 debug3: send packet: type 98
5272 2022-01-20 10:08:47.688 debug2: channel 0: output open -> closed
5272 2022-01-20 10:08:47.688 debug2: channel 0: send close
5272 2022-01-20 10:08:47.688 debug3: send packet: type 97
5272 2022-01-20 10:08:47.688 debug3: channel 0: will not send data after close
5272 2022-01-20 10:08:47.688 debug2: notify_done: reading
5272 2022-01-20 10:08:47.688 debug3: channel 0: will not send data after close
5272 2022-01-20 10:08:47.750 debug3: receive packet: type 97
5272 2022-01-20 10:08:47.750 debug2: channel 0: rcvd close
5272 2022-01-20 10:08:47.750 debug3: channel 0: will not send data after close
5272 2022-01-20 10:08:47.750 debug2: channel 0: is dead
5272 2022-01-20 10:08:47.750 debug2: channel 0: gc: notify user
5272 2022-01-20 10:08:47.750 debug1: session_by_channel: session 0 channel 0
5272 2022-01-20 10:08:47.750 debug1: session_close_by_channel: channel 0 child 0
5272 2022-01-20 10:08:47.750 Close session: user domain\\username from 10.x.x.82 port 60644 id 0
5272 2022-01-20 10:08:47.750 debug3: session_unused: session id 0 unused
5272 2022-01-20 10:08:47.750 debug2: channel 0: gc: user detached
5272 2022-01-20 10:08:47.750 debug2: channel 0: is dead
5272 2022-01-20 10:08:47.750 debug2: channel 0: garbage collecting
5272 2022-01-20 10:08:47.750 debug1: channel 0: free: server-session, nchannels 1
5272 2022-01-20 10:08:47.750 debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1)\r\n
5272 2022-01-20 10:08:47.750 debug3: receive packet: type 1
5272 2022-01-20 10:08:47.750 Received disconnect from 10.x.x.82 port 60644:11: disconnected by user
5272 2022-01-20 10:08:47.750 Disconnected from 10.x.x.82 port 60644
5272 2022-01-20 10:08:47.750 debug1: do_cleanup
3736 2022-01-20 10:08:47.750 debug3: mm_request_receive: entering
3736 2022-01-20 10:08:47.750 debug1: do_cleanup
Expected output
Actual output
