Token issues while trying to use OpenSSH #1703
Comments
|
sshd_config file params are as below - This is the sshd server system-wide configuration file. Seesshd_config(5) for more information.The strategy used for options in the default sshd_config shipped withOpenSSH is to specify options with their default value wherepossible, but leave them commented. Uncommented options override thedefault value.#Port 22 #HostKey PROGRAMDATA/ssh/ssh_host_rsa_key Ciphers and keying#RekeyLimit default none Logging#SyslogFacility AUTH SyslogFacility AUTH Authentication:#LoginGraceTime 2m PubkeyAuthentication no The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2but this is overridden so installations will only check .ssh/authorized_keysAuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts#HostbasedAuthentication no Change to yes if you don't trust ~/.ssh/known_hosts forHostbasedAuthentication#IgnoreUserKnownHosts no Don't read the user's ~/.rhosts and ~/.shosts files#IgnoreRhosts yes To disable tunneled clear text passwords, change to no here!PasswordAuthentication yes #AllowAgentForwarding yes no default banner path#Banner none override default of no subsystemsSubsystem sftp sftp-server.exe Example of overriding settings on a per-user basis#Match User anoncvs AllowTcpForwarding noPermitTTY noForceCommand cvs serverMatch Group administrators AllowUsers firmwide* |
|
I've verified the domain, username and password and everything looks right |
|
Hint: when quoting a config file in a github issue, best start and end it with |
|
@dhavsh - Looking at the sshd.log file, debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'firmwide\mssqlserver' Status: 0xC000006D SubStatus 0. It's possible that the user is AAD user. fyi, windows operating system doesn't support us to create the token for the AAD user. Refer to |
Troubleshooting steps
https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps
Terminal issue? please go through wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
"OpenSSH for Windows" version
7.7.2.2
Server OperatingSystem
Windows Server 2019 Standard
Client OperatingSystem
Windows Server 2019 Standard
Both the SSH services are running as Local System
Server side –
C:\windows\system32>sshd.exe -dd
debug2: load_server_config: filename PROGRAMDATA\ssh/sshd_config
debug2: load_server_config: done config len = 358
debug2: parse_server_config: config PROGRAMDATA\ssh/sshd_config len 358
debug1: sshd version OpenSSH_for_Windows_7.7, LibreSSL 2.6.5
debug1: private host key #0: ssh-rsa SHA256:rKS5HEnnPI82JO+DKEd/r7aqhyNd/qe+vOljGmPU2QU
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:CBWi2wPHeUjW0cJbAU3VKd0re1w/1wue+tGS7v/tcKA
debug1: private host key #2: ssh-ed25519 SHA256:Wvl/8w1wvDfi6POi6Yzm0zVNao3QMC+FXXBDuWhIQa4
debug1: rexec_argv[0]='sshd.exe'
debug1: rexec_argv[1]='-dd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 50980 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug2: fd 5 setting O_NONBLOCK
debug2: Network child is on pid 1184
debug2: parse_server_config: config PROGRAMDATA\ssh/sshd_config len 358
debug1: sshd version OpenSSH_for_Windows_7.7, LibreSSL 2.6.5
debug2: fd 5 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug2: monitor_read: 6 used once, disabling now
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user mssqlserver service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug2: parse_server_config: config reprocess config len 358
debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'firmwide\mssqlserver' Status: 0xC000006D SubStatus 0.
debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'firmwide\mssqlserver' Status: 0xC000006D SubStatus 0.
get_user_token - unable to generate token on 2nd attempt for user firmwide\mssqlserver
ga_init, unable to resolve user firmwide\mssqlserver
debug1: do_cleanup
debug1: Killing privsep child 1184
C:\windows\system32>whoami
nt authority\system
Client Side
C:\windows\system32>ssh -vvv mssqlserver@127.0.0.1
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\mssqlserver/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:22 as 'mssqlserver'
debug3: hostkeys_foreach: reading file "C:\Users\mssqlserver/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\Users\mssqlserver/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 127.0.0.1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CBWi2wPHeUjW0cJbAU3VKd0re1w/1wue+tGS7v/tcKA
debug3: hostkeys_foreach: reading file "C:\Users\mssqlserver/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\Users\mssqlserver/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 127.0.0.1
debug3: Failed to open file:C:/Users/mssqlserver/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in C:\Users\mssqlserver/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ssh_host_ed25519_key (0000029C6E0838D0), agent
debug2: key: C:\Windows\System32\OpenSSH\ssh_key2 (0000029C6E083C50), agent
debug2: key: C:\Users\mssqlserver/.ssh/id_rsa (0000000000000000)
debug2: key: C:\Users\mssqlserver/.ssh/id_dsa (0000000000000000)
debug2: key: C:\Users\mssqlserver/.ssh/id_ecdsa (0000000000000000)
debug2: key: C:\Users\mssqlserver/.ssh/id_ed25519 (0000000000000000)
debug2: key: C:\Users\mssqlserver/.ssh/id_xmss (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: recv - from CB ERROR:10054, io:0000029C6E0BFD30
Connection reset by 127.0.0.1 port 22
The text was updated successfully, but these errors were encountered: