× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



PS C:\WINDOWS\system32> Stop-Service sshd
PS C:\WINDOWS\system32> Repair-AuthorizedKeyPermission C:\Users\rob\.ssh\authorized_keys
[*] C:\Users\rob\.ssh\authorized_keys

'NT SERVICE\sshd' needs Read access to 'C:\Users\rob\.ssh\authorized_keys'.
Shall I make the above change?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
'NT SERVICE\sshd' now has Read access to 'C:\Users\rob\.ssh\authorized_keys'.
Repaired permissions

PS C:\WINDOWS\system32> Start-Service sshd
PS C:\WINDOWS\system32> Get-Service sshd

Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server


I modified C:\ProgramData\ssh\sshd_config
# Logging
#SyslogFacility AUTH
SyslogFacility LOCAL0
#LogLevel INFO
LogLevel DEBUG

Then
PS C:\WINDOWS\system32> Stop-Service sshd
PS C:\WINDOWS\system32> Start-Service sshd
PS C:\WINDOWS\system32> Get-Service sshd

Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server


When reading the data below, is it possible that it doesn't even try my key but looks for some key based on my Windows access instead?
debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory


Now, in C:\ProgramData\ssh\logs\sshd.log I see
1320 2020-01-14 11:20:33.213 debug1: Bind to port 22 on ::.
1320 2020-01-14 11:20:33.213 Server listening on :: port 22.
1320 2020-01-14 11:20:33.213 debug1: Bind to port 22 on 0.0.0.0.
1320 2020-01-14 11:20:33.213 Server listening on 0.0.0.0 port 22.
16412 2020-01-14 11:20:50.537 debug1: inetd sockets after dupping: 3, 3
16412 2020-01-14 11:20:50.537 Connection from 10.10.6.128 port 24865 on 10.10.9.30 port 22
16412 2020-01-14 11:20:50.537 debug1: Client protocol version 2.0; client software version OpenSSH_8.0
16412 2020-01-14 11:20:50.537 debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
16412 2020-01-14 11:20:50.537 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
16412 2020-01-14 11:20:50.653 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
16412 2020-01-14 11:20:50.653 debug1: SSH2_MSG_KEXINIT sent [preauth]
16412 2020-01-14 11:20:50.653 debug1: SSH2_MSG_KEXINIT received [preauth]
16412 2020-01-14 11:20:50.653 debug1: kex: algorithm: curve25519-sha256 [preauth]
16412 2020-01-14 11:20:50.653 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
16412 2020-01-14 11:20:50.653 debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none [preauth]
16412 2020-01-14 11:20:50.653 debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none [preauth]
16412 2020-01-14 11:20:50.653 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
16412 2020-01-14 11:20:50.679 debug1: rekey after 134217728 blocks [preauth]
16412 2020-01-14 11:20:50.679 debug1: SSH2_MSG_NEWKEYS sent [preauth]
16412 2020-01-14 11:20:50.679 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
16412 2020-01-14 11:20:50.701 debug1: SSH2_MSG_NEWKEYS received [preauth]
16412 2020-01-14 11:20:50.701 debug1: rekey after 134217728 blocks [preauth]
16412 2020-01-14 11:20:50.701 debug1: KEX done [preauth]
16412 2020-01-14 11:20:50.742 debug1: userauth-request for user rob service ssh-connection method none [preauth]
16412 2020-01-14 11:20:50.742 debug1: attempt 0 failures 0 [preauth]
16412 2020-01-14 11:20:50.785 debug1: user l matched group list administrators at line 86
16412 2020-01-14 11:20:50.787 debug1: userauth-request for user rob service ssh-connection method publickey [preauth]
16412 2020-01-14 11:20:50.787 debug1: attempt 1 failures 0 [preauth]
16412 2020-01-14 11:20:50.787 debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:2qf7C4xsg7iyCSOe447JsaHoRAkS88FCSwcxBAJ6W1Y [preauth]
16412 2020-01-14 11:20:50.787 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
16412 2020-01-14 11:20:50.788 debug1: Could not open authorized keys '__PROGRAMDATA__/ssh/administrators_authorized_keys': No such file or directory
16412 2020-01-14 11:20:50.788 Failed publickey for rob from 10.10.6.128 port 24865 ssh2: RSA SHA256:2qf7C4xsg7iyCSOe447JsaHoRAkS88FCSwcxBAJ6W1Y
16412 2020-01-14 11:20:50.789 debug1: userauth-request for user rob service ssh-connection method keyboard-interactive [preauth]
16412 2020-01-14 11:20:50.789 debug1: attempt 2 failures 1 [preauth]
16412 2020-01-14 11:20:50.789 debug1: keyboard-interactive devs [preauth]
16412 2020-01-14 11:20:50.789 debug1: auth2_challenge: user=rob devs= [preauth]
16412 2020-01-14 11:20:50.789 debug1: kbdint_alloc: devices '' [preauth]
16412 2020-01-14 11:20:58.947 debug1: userauth-request for user rob service ssh-connection method password [preauth]
16412 2020-01-14 11:20:58.947 debug1: attempt 3 failures 2 [preauth]
16412 2020-01-14 11:20:58.996 Accepted password for rob from 10.10.6.128 port 24865 ssh2
16412 2020-01-14 11:20:58.996 debug1: monitor_child_preauth: rob has been authenticated by privileged process
16412 2020-01-14 11:20:59.006 debug1: monitor_read_log: child log fd closed
16412 2020-01-14 11:20:59.100 User child is on pid 25392
25392 2020-01-14 11:20:59.140 debug1: user dekko-1\\rob matched group list administrators at line 86
25392 2020-01-14 11:20:59.142 debug1: rekey after 134217728 blocks
25392 2020-01-14 11:20:59.142 debug1: rekey after 134217728 blocks
25392 2020-01-14 11:20:59.142 debug1: ssh_packet_set_postauth: called
25392 2020-01-14 11:20:59.147 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
25392 2020-01-14 11:20:59.147 debug1: Entering interactive session for SSH2.
25392 2020-01-14 11:20:59.147 debug1: server_init_dispatch
25392 2020-01-14 11:20:59.147 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
25392 2020-01-14 11:20:59.147 debug1: input_session_request
25392 2020-01-14 11:20:59.147 debug1: channel 0: new [server-session]
25392 2020-01-14 11:20:59.147 debug1: session_new: session 0
25392 2020-01-14 11:20:59.147 debug1: session_open: channel 0
25392 2020-01-14 11:20:59.147 debug1: session_open: session 0: link with channel 0
25392 2020-01-14 11:20:59.147 debug1: server_input_channel_open: confirm session
25392 2020-01-14 11:20:59.147 debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx want_reply 0
25392 2020-01-14 11:20:59.148 debug1: server_input_channel_req: channel 0 request pty-req reply 1
25392 2020-01-14 11:20:59.148 debug1: session_by_channel: session 0 channel 0
25392 2020-01-14 11:20:59.148 debug1: session_input_channel_req: session 0 req pty-req
25392 2020-01-14 11:20:59.148 debug1: Allocating pty.
25392 2020-01-14 11:20:59.148 debug1: session_pty_req: session 0 alloc windows-pty
25392 2020-01-14 11:20:59.148 debug1: server_input_channel_req: channel 0 request shell reply 1
25392 2020-01-14 11:20:59.148 debug1: session_by_channel: session 0 channel 0
25392 2020-01-14 11:20:59.148 debug1: session_input_channel_req: session 0 req shell
25392 2020-01-14 11:20:59.148 Starting session: shell on windows-pty for dekko-1\\rob from 10.10.6.128 port 24865 id 0
25392 2020-01-14 11:20:59.148 debug1: Executing command: "c:\\windows\\system32\\cmd.exe" with pty
25392 2020-01-14 11:21:03.530 Received disconnect from 10.10.6.128 port 24865:11: disconnected by user
25392 2020-01-14 11:21:03.530 Disconnected from 10.10.6.128 port 24865
25392 2020-01-14 11:21:03.530 debug1: do_cleanup
16412 2020-01-14 11:21:03.540 debug1: do_cleanup

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.