Win32-OpenSSH
Win32-OpenSSH copied to clipboard
PowerShell
Unable to ssh localhost with neither key auth or password, after installing MSI (8.9p1)
Prerequisites
- [X] Write a descriptive title.
- [X] Make sure you are able to repro it on the latest version
- [X] Search the existing issues.
Steps to reproduce
- Uninstall all SSH client and server from Windows optional feature and make sure Windows is ssh free.
- Install 8.9p1 via MSI
- Follow https://github.com/PowerShell/Win32-OpenSSH/wiki/Setup-public-key-based-authentication-for-windows to setup key authentication.
- The
C:\ProgramData\ssh\sshd_configends up to be:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp sftp-server.exe
- Ensure the %USERPROFILE%/.ssh/id_rsa* key pair works on Linux
- Come back to Windows and run
ssh localhost
Expected behavior
I am able to login via either key auth or password
Actual behavior
> ssh -v localhost
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
debug1: Reading configuration data C:\\Users\\xiaoh/.ssh/config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\xiaoh/.ssh/id_rsa type 0
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.9
debug1: compat_banner: match: OpenSSH_for_Windows_8.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'xiaoh'
debug1: load_hostkeys: fopen C:\\Users\\xiaoh/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: [email protected]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: [email protected]
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kpFRs8uB+NFx5GwM9eGeUfUpKaF6yw8Jy7EHpWo9IgQ
debug1: load_hostkeys: fopen C:\\Users\\xiaoh/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\xiaoh/.ssh/known_hosts:65
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: agent returned 3 keys
debug1: Will attempt key: C:\\Users\\xiaoh/.ssh/id_rsa RSA SHA256:lSF63iovTwXnmu5+RlaqRTP9kKRbQUmTW4NspIc2u/o agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\xiaoh/.ssh/id_rsa RSA SHA256:lSF63iovTwXnmu5+RlaqRTP9kKRbQUmTW4NspIc2u/o agent
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
xiaoh@localhost's password:
Received disconnect from ::1 port 22:2: Too many authentication failures
Disconnected from ::1 port 22
Error details
No response
Environment data
Name Value
---- -----
PSVersion 5.1.19041.1682
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.1682
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version
8.9p1
Visuals
No response
Update 1
added following line to sshd_config
MaxAuthTries 99
Now when ssh localhost:
> ssh localhost
xiaoh@localhost's password:
Permission denied, please try again.
xiaoh@localhost's password:
Permission denied, please try again.
xiaoh@localhost's password:
xiaoh@localhost: Permission denied (publickey,password,keyboard-interactive).
I am very sure the password is correct.
If password authentication does not pass, the default-shell may not be working.
check path
https://docs.microsoft.com/ja-jp/windows-server/administration/openssh/openssh_server_configuration
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
If you are an ADD user, publickey authentication will not go through.
c:/programdata/ssh/sshd_config
PasswordAuthentication yes
PermitEmptyPasswords yes
If you are an ADD user and want to do publickey authentication, try the following steps.
c:/programdata/ssh/sshd_config
PasswordAuthentication no
PermitEmptyPasswords yes
AuthorizedKeysFile .ssh/authorized_keys
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
c:users/xxx/.ssh/authorized_keys
ssh-rsa AAAAB/GO0K8+js= [email protected]
@maertendMSFT - Thanks for the steps, which I am sure they work.
However it turned out that it was a bad mistake I did, that I forgot to run busybox --install after installing a new version of busybox-w32. Because of this, the DefaultShell I specified earlier does not exist:
I wouldn't be looking at this regkey if you didn't mention it. Thanks again for the info!
I figure it'd be nice that at the login prompt it gives some error about the missing DefaultShell instead of asking for password repeatly, which is obviously misleading.