I have a Windows 10 Home Edition box with a GPU to share via SSH (more specifically sharing go/igo/baduk/weiqi AI engines) , both client program and server program are working fine, the only thing is I don't know is how to restrict the max logins or SSH sessions per user. If one person connects to the server in multiple sessions, the server can be overwhelmed.

I see in Linux there's a MaxLogins option is the limits.conf file, but not sure about OpenSSH in Windows 10. Alternatively, maybe restricting the user to log in multiple times is also an option, but still I am not sure how to do this. I am willing to upgrade the Home Edition to Pro Edition, if it solves my problem.

There are 3 server machine, one is server2019, others are server2012, the machine in server2019 can't be connected by win_scp, and sftp in the powershell self remind : Connection reset by 127.0.0.1 port 22; And ssh in verbose mode remind that 'debug1: SSH2_MSG_SERVICE_ACCEPT received
Connection reset by 127.0.0.1 port 22' terminated in there, other two machine will perform next line like: 'debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey'
I am so confused for the problems, please check the question and explain the confusion, thank you!
please contact us by e-mail: [email protected]

When running ssh-keygen.exe from Windows Powershell ISE it shows the line
Generating public/private rsa key pair,
but doesn't continue or ask for input where to save the file.
Running it as normal user and in a session as 'Administrator' in powershell doesn't make a difference. Using win2016.
When i run the command from cmd.exe it works fine.

Just curious....

There is a bug in this fork's version of ssh-keyscan where there is always an unnecessary delay of at least timeout seconds before it actually starts processing and printing the results. This behavior is not present in the unix versions of the tool, nor is it present in the MinGW's Windows build of this tool.

The bug is present in both OpenSSH_for_Windows_8.1p1 as well as the latest pre-release OpenSSH_for_Windows_8.6p1 installed through Chocolatey.

Steps to reproduce:

The default timeout is 5 seconds, but you can provide a custom timeout with the -T argument:

With the default timeout:

PS > Measure-Command { ssh-keyscan github.com | Out-Default }
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 5
Milliseconds      : 741
Ticks             : 57419208
TotalDays         : 6.64574166666667E-05
TotalHours        : 0.001594978
TotalMinutes      : 0.09569868
TotalSeconds      : 5.7419208
TotalMilliseconds : 5741.9208

With a 1 second timeout:

PS > Measure-Command { ssh-keyscan -T 1 github.com | Out-Default } 
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 1
Milliseconds      : 722
Ticks             : 17229522
TotalDays         : 1.99415763888889E-05
TotalHours        : 0.000478597833333333
TotalMinutes      : 0.02871587
TotalSeconds      : 1.7229522
TotalMilliseconds : 1722.9522

With a 10 second timeout:

PS C:\Users\Jeffrey> Measure-Command { ssh-keyscan -T 10 github.com | Out-Default }      
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
# github.com:22 SSH-2.0-babeld-e37038b1
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 10
Milliseconds      : 727
Ticks             : 107271945
TotalDays         : 0.00012415734375
TotalHours        : 0.00297977625
TotalMinutes      : 0.178786575
TotalSeconds      : 10.7271945
TotalMilliseconds : 10727.1945

As you can see, it takes roughly 700ms to execute the key scanning activities, but there is an additional delay directly influenced by the timeout value.

Cause:

After doing some investigations, I found the exact location in the ssh-keyscan source code where the delay takes place:

The select() is macro'd to w32_select():

The culprit is found in this snippet from w32_select(), where an async I/O is started on the selected fds and the relevant events are tracked:

Then later, a blocking wait is called which wakes either on any event, or when the timeout is reached:

However, for this particular call to w32_select(), there were no events tracked and num_events remains 0. Therefore, all wait_for_any_event() can do is wait for the timeout.

Workaround

As I showed earlier with the steps to reproduce, we can provide a lower timeout value to lower the amount of useless waiting. One second is the lowest value we can give to ssh-keyscan. So even though we shaved off 4 seconds of useless waiting, there is still a full second of waiting which should just not be there.

Even if ssh-keyscan would accept sub-second timeout values, this would not be desirable since it limits the amount of jitter that is tolerated within a network before the actual timeout is triggered at other places in the code.

Bugfix patch

I have prepared a bugfix patch which just checks the I/O fds periodically when there are no events to track. This worked really well to get rid of the useless waiting, and doesn't influence other users of this method.

diff --git a/contrib/win32/win32compat/w32fd.c b/contrib/win32/win32compat/w32fd.c
index 01f59016..8457a4fa 100644
--- a/contrib/win32/win32compat/w32fd.c
+++ b/contrib/win32/win32compat/w32fd.c
@@ -835,7 +835,12 @@ w32_select(int fds, w32_fd_set* readfds, w32_fd_set* writefds, w32_fd_set* excep
                                        debug4("select - timing out");
                                        break;
                                }
-                               time_rem = timeout_ms - (ticks_spent & 0xffffffff);
+
+                               /* just periodically check the fds when there are no events to listen for */
+                               if (num_events == 0)
+                                       time_rem = 10;
+                               else
+                                       time_rem = timeout_ms - (ticks_spent & 0xffffffff);
                        }
                        else
                                time_rem = INFINITE;

If this fix is considered acceptable I can raise a PR with this patch. However, I am not convinced that this would be a very structural solution to this problem. Ideally there would be I/O events to wait for by wait_for_any_event(), but I do not know how to achieve this.

.

Obviously many of the code changes would be relevant to be placed upstream - is there any plan to do send PRs?
Even more obviously this repo tends to get outdated, what are the plans on pulling OpenSSH 8,1-8,4 here?

I thought to find the information in one of the repo's README or the Wiki - but had no luck with this.

How to run the SSH/SFTP server without installing the service, only running it via the command line

"OpenSSH for Windows" version
7.6.0.0

Server OperatingSystem
Windows 10 Pro

@joeyaiello - I figured out what I was trying to express on the PS call this last week.

This old repo is doing binary builds and packages of BETA versions of openssh: https://github.com/PowerShell/Win32-OpenSSH - it was the original source of the chocolatey package.

The readme there now points to this repo I am doing this issue from, but this repo only releases source code: https://github.com/PowerShell/openssh-portable/releases/tag/v8.1.0.0

So the problem is that there appears to be no way to get:

1. microsoft compiled binaries
2. for production releases
3. to service downlevel clients

Consequently the Chocolatey package (and anyone else?) is stuck at the last beta.

Unless there is somewhere else entirely to get them?

Here is my prior attempt to get this resolved: PowerShell/Win32-OpenSSH#1578

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest version
• Search the existing issues.

Steps to reproduce

see PowerShell/Win32-OpenSSH#1322

Expected behavior

see https://github.com/PowerShell/Win32-OpenSSH/issues/1322

Actual behavior

see https://github.com/PowerShell/Win32-OpenSSH/issues/1322

Error details

see https://github.com/PowerShell/Win32-OpenSSH/issues/1322

Environment data

see https://github.com/PowerShell/Win32-OpenSSH/issues/1322

Version

9.2.0.0

Visuals

PowerShell/Win32-OpenSSH#1322 (comment)

OS: Windows 10 2004 (latest version, all updates)
openssh version: 8.1.0.0

If the computer name is the same as user name openssh gives invalid login, in logs show as unrecognized user!
After changed computer name, login goes well!
This is particular case, will be nice to be able to have that option.

When using X11 forwarding ctrl+c will close the SSH connection instead of just stopping a running program such as 'ping'. When not using X11 forwarding or if X11 forwarding is not correctly established this behavior is not seen.

Environment

Platform = Win32NT
Version = 10.0.19041.0
Version String = Microsoft Windows NT 10.0.19041.0
Windows Terminal Version = 1.0.1811.0
SSH Version = OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

Steps To Reproduce

1. Install/Run X11 Server (VcXsrv/X410/Xming)
2. Start CMD/Powershell/pwsh (behavior is the same in all 3).
3. Set "DISPLAY" environmental variable
4. SSH with X11 forwarding ssh -Y user@linuxserver (adding '-t' won't change behavior)
5. Verify Forwarding is correctly established (run 'xclock' or something)
6. Run ping 8.8.8.8
7. use 'ctrl+c' to stop ping

Expected Behavior

The 'ping' program should get killed and the terminal should return to the remote shell prompt.

Actual Behavior

The SSH session gets immediately closed.

ssh -t -Y -vvv cstation

SSH Establishing Connection Output:
debug.txt

As I understand, I need 8.2 or later to support FIDO2? How does one update/upgrade? Do I use this repo? If so, can it be compiled in Linux and installed in Windows 11? How? Sorry for all the Qs?

I'm not interested in maintaining compatibility as previously mentioned and needed for cmd.exe and PowerShell. I want to be able to turn off the login clear screen for when using WSL bash as the default shell (eg, these instructions) on ssh'ing into a system. How do I do this?

Not having to remember saved connections in .ssh\config would be awesome!

Please provide Completion through Register-ArgumentCompleter

Register-ArgumentCompleter is implemented for example in winget

Hello Devs,

It would be nice to have pagent support in the ssh client (I'm aware of the windows ssh agent developed in this project).
My feeling is that this has wide adoption and integration with multiple 3rd party clients. In my case all keys are loaded when keepass database is unlocked and keepass emulates the pagent.
Thus avoiding the pitfall of having passwordless ssh keys but with added convince of not unlocking every key by itself.

Either having the ssh client check the pagent or having the windows ssh agent proxy (mirror) the content of the pagent seem like acceptable solutions.

Thanks for considering,
Have a nice day.

Hello,
are there any plans to upgrade the Windows SSH to OpenSSH 8.4/8.4p1 (Upstream V_8_4_P1)?
That would be nice for users of Windows Server 2016.
Thanks.

Hello,

Using OpenSSH for Windows, if I remote into a server and try to edit a test file such as by typing

nano readme.txt

I can edit it fine, but the cursor position is not visible when I move with the arrow keys.

The same command using Windows PowerShell works fine, showing the cursor position.

"Nessage": "Auto-indryk"

Originally posted by @mijiang168 in Tampermonkey/tampermonkey-i18n#212 (comment)

Setting in ~/.ssh/config

ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p

Leads to the errors when attempting to connect to any server:

getsockname failed: Bad file descriptor
channel_send_open: channel 0: unexpected internal error

My machine has multiple network interfaces (more than one address), and I'm trying to bind an ssh session to a specific interface.

According to the ssh man page linked to from the wiki, I should be able to use -B bind_interface or -b bind_address to achieve this, but neither option seems to work.

Get-NetIpAddress shows the following:

IPAddress         : 192.168.1.65
InterfaceIndex    : 10
InterfaceAlias    : Ethernet 3
AddressFamily     : IPv4
...

I tried using -B first, to bind to the interface by name, but it seems like that option is not implemented:

> ssh -B 'Ethernet 3' [email protected]
BindInterface not supported on this platform.
ssh_create_socket: getnameinfo failed: An address incompatible with the requested protocol was used.
ssh: connect to host host.com port 22: failure

I then tried to use the -b option to bind to the interface by IP address, but it always comes back with Invalid argument:

> ssh -b '192.168.1.65' [email protected]
ssh: connect to host foo.com port 22: Invalid argument

The fact that -B is not supported is understandable (though unfortunate), but I think the fact that -b always comes back with Invalid argument is a bug (shouldn't -b work like this?).

My OpenSSH version is as follows:

> ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

My Windows 10 Firewall is setup to prevent any outgoing port 80 traffic. Since I did that I am seeing messages like "sshd: error: connect to 208.95.112.1 port 80 failed: Permission denied" for OpenSSH->Admin in my Windows Event Viewer.

Why is openssh trying to connect to this IP address several times each minute? Can I disable that if it isn't needed?

It seems the include order does not work anymore correctly i.e. the wrong signal.h gets included.

Markus

Not really an issue so much as a question that I can't find the answer to after combing the internet.

Where do I create the windows equivalent of /etc/ssh/sshrc ?

Right now, I am getting by with the ForceCommand directive in the sshd_config in PROGRAMDATA/ssh/administrators_authorized_keys but that feels hack-y.

Thanks in advance.

Is OpenSSH an SSH client like puTTY? And is it installed by default on windows? Can it substitute another SSH client like puTTY and have the same/similar features? And does it work in the same way as other puTTY/ssh clients?

The wiki of this project is editable by anyone (logged into Github). This might not be the best idea since editing it is very easy and does not require any review process like a PR. Most projects disable this.

Having the actual wiki (https://github.com/PowerShell/Win32-OpenSSH/wiki) community editable might make more sense since sadly it's impossible to send PRs for it.

I have a character encoding-related bug in the SSH(OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5) that ships with the latest Windows 10(Version 10.0.19042.868).
To fix this problem, I built https://github.com/PowerShell/openssh-portable/tree/v7.7.1.0 and the problem does not occur.

Which version is bundled with the product, Windows 10?

I tried the following installing by running the following:

apt-get update
apt-get install -y autoconf
apt-get install -y libz-dev
apt-get install -y libssl-dev
./configure
make

The console output I got is:

# make
(cd openbsd-compat && make)
make[1]: Entering directory '/workspace/go/src/github.com/PowerShell/openssh-portable/openbsd-compat'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/workspace/go/src/github.com/PowerShell/openssh-portable/openbsd-compat'
cc -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshd.c -o sshd.o
sshd.c: In function 'recv_idexch_state':
sshd.c:530:9: warning: unused variable 'lenp' [-Wunused-variable]
  size_t lenp;
         ^
sshd.c:529:16: warning: unused variable 'valp' [-Wunused-variable]
  const u_char *valp;
                ^
sshd.c:527:9: warning: unused variable 'tmp' [-Wunused-variable]
  size_t tmp;
         ^
sshd.c:526:10: warning: unused variable 'cp' [-Wunused-variable]
  u_char *cp, ver;
          ^
sshd.c: In function 'send_hostkeys_state':
sshd.c:565:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  for (i = 0; i < options.num_host_key_files; i++) {
                ^
sshd.c:578:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  for (i = 0; i < options.num_host_key_files; i++) {
                ^
sshd.c: In function 'recv_hostkeys_state':
sshd.c:626:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  for (int i = 0; i < num_host_key_files; i++) {
                    ^
sshd.c:638:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  for (int i = 0; i < num_host_key_files; i++) {
                    ^
sshd.c:603:10: warning: unused variable 'cp' [-Wunused-variable]
  u_char *cp, ver;
          ^
sshd.c: In function 'recv_autxctx_state':
sshd.c:687:39: warning: passing argument 2 of 'sshbuf_get_string_direct' from incompatible pointer type [-Wincompatible-pointer-types]
  if ((r = sshbuf_get_string_direct(m, &user, &user_len)) != 0)
                                       ^
In file included from sshd.c:94:0:
sshbuf.h:216:5: note: expected 'const u_char ** {aka const unsigned char **}' but argument is of type 'u_char ** {aka unsigned char **}'
 int sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp,
     ^
sshd.c:673:10: warning: unused variable 'cp' [-Wunused-variable]
  u_char *cp, ver, *user;
          ^
sshd.c: At top level:
sshd.c:1225:1: error: static declaration of 'send_rexec_state' follows non-static declaration
 send_rexec_state(int fd, struct sshbuf *conf)
 ^
sshd.c:489:1: note: previous declaration of 'send_rexec_state' was here
 send_rexec_state(int, struct sshbuf *);
 ^
sshd.c:1256:1: error: static declaration of 'recv_rexec_state' follows non-static declaration
 recv_rexec_state(int fd, struct sshbuf *conf)
 ^
sshd.c:496:1: note: previous declaration of 'recv_rexec_state' was here
 recv_rexec_state(int, struct sshbuf *);
 ^
sshd.c:490:13: warning: 'send_config_state' defined but not used [-Wunused-function]
 static void send_config_state(int fd, struct sshbuf *conf)
             ^
sshd.c:504:1: warning: 'send_idexch_state' defined but not used [-Wunused-function]
 send_idexch_state(struct ssh *ssh, int fd)
 ^
sshd.c:554:1: warning: 'send_hostkeys_state' defined but not used [-Wunused-function]
 send_hostkeys_state(int fd)
 ^
sshd.c:653:1: warning: 'send_autxctx_state' defined but not used [-Wunused-function]
 send_autxctx_state(Authctxt *auth, int fd)
 ^
sshd.c:670:1: warning: 'recv_autxctx_state' defined but not used [-Wunused-function]
 recv_autxctx_state(Authctxt *auth, int fd)
 ^
sshd.c:696:1: warning: 'privsep_child_cmdline' defined but not used [-Wunused-function]
 privsep_child_cmdline(int authenticated)
 ^
Makefile:166: recipe for target 'sshd.o' failed
make: *** [sshd.o] Error 1

Could I get some guidance on what needs to be configured/changed to properly make?

$ ssh -V
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.2

ssh-keygen -t ed25519-sk works perfectly, but when I try to use resident keys (generation works), it fails to import.

$ ssh-add -D
All identities removed.
$ ssh-add -K
Cannot download keys without provider
$ ssh-keygen -K
Enter PIN for authenticator:
You may need to touch your authenticator to authorize key download.
Unable to load resident keys: invalid format

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest version
• Search the existing issues.

Steps to reproduce

penssh-portable-9.2.2.0

Expected behavior

Microsoft Windows [Version 10.0.18363.2274]
Virsual Studio 2022

Actual behavior

Microsoft Windows [Version 10.0.18363.2274]
Virsual Studio 2022

Error details

2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\direct.h(117,10): warning C4030: first formal parameter list longer than the second list
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(452,14): warning C4028: formal parameter 2 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,1): error C2143: syntax error: missing ')' before '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,1): error C2059: syntax error: ')'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,14): error C2143: syntax error: missing ')' before ';'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,14): error C2091: function returns function
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(493,30): error C2373: 'w32_isatty': redefinition; different type modifiers
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\inc\unistd.h(33,5): message : see declaration of 'w32_isatty'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(509,14): warning C4028: formal parameter 2 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2143: syntax error: missing ')' before '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: ')'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2143: syntax error: missing ')' before 'type'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2091: function returns function
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(518,30): error C2373: 'w32_open': redefinition; different type modifiers
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\inc\fcntl.h(21,5): message : see declaration of 'w32_open'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2085: '_OpenFlag': not in formal parameter list
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: '...'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(529,14): warning C4028: formal parameter 3 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(564,14): warning C4028: formal parameter 3 different from declaration
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(565,40): warning C4028: formal parameter 2 different from declaration
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(763,6): warning C4996: 'w32_rmdir': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _rmdir. See online help for details.
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(875,1): warning C4029: declared formal parameter list different from definition
2>signal_sigalrm.c

Environment data

Microsoft Windows [Version 10.0.18363.2274]
Virsual Studio 2022

Version

openssh-portable-9.2.2.0

Visuals

2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\direct.h(117,10): warning C4030: first formal parameter list longer than the second list
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(452,14): warning C4028: formal parameter 2 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,1): error C2143: syntax error: missing ')' before '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,1): error C2059: syntax error: ')'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,14): error C2143: syntax error: missing ')' before ';'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(495,14): error C2091: function returns function
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(493,30): error C2373: 'w32_isatty': redefinition; different type modifiers
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\inc\unistd.h(33,5): message : see declaration of 'w32_isatty'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(509,14): warning C4028: formal parameter 2 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2143: syntax error: missing ')' before '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: ')'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: '('
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2143: syntax error: missing ')' before 'type'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2091: function returns function
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(518,30): error C2373: 'w32_open': redefinition; different type modifiers
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\inc\fcntl.h(21,5): message : see declaration of 'w32_open'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2085: '_OpenFlag': not in formal parameter list
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(521,1): error C2059: syntax error: '...'
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(529,14): warning C4028: formal parameter 3 different from declaration
2>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt\corecrt_io.h(564,14): warning C4028: formal parameter 3 different from declaration
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(565,40): warning C4028: formal parameter 2 different from declaration
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(763,6): warning C4996: 'w32_rmdir': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _rmdir. See online help for details.
2>E:\code\openssh-portable-9.2.2.0\contrib\win32\win32compat\misc.c(875,1): warning C4029: declared formal parameter list different from definition
2>signal_sigalrm.c

I have installed the OpenSSH server feature on a Windows server 2019 machine and configured to work with a local user group, not allow tty access and close the users into a specific folder space.

I'm currently experiencing that 2/3 times I try to access the host using WinSCP the sign in fails. Often I get prompted for the password by the client even if it has not changed, sometimes the sign in process hangs completely and a couple of times the session has escaped the chrootdirectory.

What is going wrong here?

When the authentication fails I see this in the logs (lada is the name of the user, sshclients is the local windows group):

17836 2020-08-17 16:15:27.109 debug2: parse_server_config: config reprocess config len 533
17836 2020-08-17 16:15:27.109 debug3: checking match for 'Group administrators' user lada host XXXXXXXX addr XXXXXXXX laddr YYYYYYYY lport 22
17836 2020-08-17 16:15:27.109 debug3: **LsaLogonUser Succeeded (Impersonation: 0)**
17836 2020-08-17 16:15:27.109 debug1: user  does not match group list administrators at line 87
17836 2020-08-17 16:15:27.109 debug3: match not found
17836 2020-08-17 16:15:27.109 debug3: checking match for 'Group sshclients' user  host XXXXXXXX addr XXXXXXXXX laddr YYYYYYYY lport 22
17836 2020-08-17 16:15:27.109 debug3: **get_passwd: Invalid account type: 3.**
17836 2020-08-17 16:15:27.109 debug1: Can't match group at line 91 because user  does not exist
17836 2020-08-17 16:15:27.109 debug3: match not found

The expected behavior would be as follows:

15376 2020-08-17 16:43:28.473 debug3: checking match for 'Group administrators' user lada host XXXXXXXXX addr 172.20.19.67 laddr YYYYYYYY lport 22
15376 2020-08-17 16:43:28.489 debug3: **LsaLogonUser Succeeded (Impersonation: 0)**
15376 2020-08-17 16:43:28.489 debug1: user lada does not match group list administrators at line 87
15376 2020-08-17 16:43:28.489 debug3: match not found
15376 2020-08-17 16:43:28.489 debug3: checking match for 'Group sshclients' user lada host XXXXXXXX addr XXXXXXXX laddr YYYYYYYYY lport 22
15376 2020-08-17 16:43:28.489 debug3: **LsaLogonUser Succeeded (Impersonation: 0)**
15376 2020-08-17 16:43:28.489 debug1: user lada matched group list sshclients at line 91
15376 2020-08-17 16:43:28.489 debug3: match found
15376 2020-08-17 16:43:28.489 debug3: reprocess config:92 setting ChrootDirectory D:\\Lada
15376 2020-08-17 16:43:28.489 debug3: LsaLogonUser Succeeded (Impersonation: 0)

Looks to me the user details get lost on the way.

The configuration looks like this:

PermitEmptyPasswords no
PermitTTY no
PermitTunnel no 
AllowAgentForwarding no 
AllowTcpForwarding no
X11Forwarding no 

ForceCommand internal-sftp 
Subsystem  sftp   sftp-server.exe -d "D:\Lada\" 

AllowGroups sshclients Administrators

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#Match User lada
Match Group sshclients
ChrootDirectory D:\Lada

You can find the full logs and configs here.

Hi.

I'm attempting to back up a windows virtual machine (VM) using sshfs on a Linux MInt 19.2 system.

However, even with a simple 'find' I get lots of:

$ find . -print > /dev/null
below cmd output started 2020 Thu Jul 23 02:06:49 PM PDT
find: './C:/Documents and Settings/Dan Stromberg/AppData/Local/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Microsoft/Windows Sidebar': Bad message
find: './C:/Documents and Settings/Dan Stromberg/AppData/Local/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Microsoft/WindowsApps': Bad message
find: './C:/Documents and Settings/Default User/AppData/Local/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Application Data/Microsoft/Windows Sidebar': Bad message

I'm assuming that's because there's a recursive junction.

Is there a good reason for Windows 10's sftp-server not to treat junctions as symlinks? It sure seems simpler for interop to just map junctions to symlinks.

Thanks!

Version:

PS D:\tmp\02 ak2\02 基础资料\ESB+mq文档\东方通> ssh -V
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

Env:

> dir env:

Name                           Value
----                           -----
APPDATA                        C:\Users\sam\AppData\Roaming
CATALINA_HOME                  D:\opt\apache-tomcat-9.0.36
ChocolateyInstall              C:\ProgramData\chocolatey
ChocolateyLastPathUpdate       132349467787860467
CommonProgramFiles             C:\Program Files\Common Files
CommonProgramFiles(x86)        C:\Program Files (x86)\Common Files
CommonProgramW6432             C:\Program Files\Common Files
COMPUTERNAME                   LAPTOP-BI9BL106
DriverData                     C:\Windows\System32\Drivers\DriverData
FFMPEG_HOME                    D:\opt\ffmpeg
GOPATH                         C:\Users\sam\go
HOMEDRIVE                      C:
HOMEPATH                       \Users\sam
IntelliJ IDEA Community Edi... C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2020.1.1\bin;
JAVA_HOME                      C:\Program Files\Java\jdk-11.0.6
LOCALAPPDATA                   C:\Users\sam\AppData\Local
LOGONSERVER                    \\LAPTOP-BI9BL106
MVN_HOME                       D:\opt\apache-maven-3.6.3
NUMBER_OF_PROCESSORS           8
OneDrive                       C:\Users\sam\OneDrive
OS                             Windows_NT
Path                           C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System...
PATHEXT                        .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
PROCESSOR_ARCHITECTURE         AMD64
PROCESSOR_IDENTIFIER           Intel64 Family 6 Model 126 Stepping 5, GenuineIntel
PROCESSOR_LEVEL                6
PROCESSOR_REVISION             7e05
ProgramData                    C:\ProgramData
ProgramFiles                   C:\Program Files
ProgramFiles(x86)              C:\Program Files (x86)
ProgramW6432                   C:\Program Files
PSModulePath                   C:\Users\sam\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsof...
PUBLIC                         C:\Users\Public
SystemDrive                    C:
SystemRoot                     C:\WINDOWS
TEMP                           C:\Users\sam\AppData\Local\Temp
TMP                            C:\Users\sam\AppData\Local\Temp
USERDOMAIN                     LAPTOP-BI9BL106
USERDOMAIN_ROAMINGPROFILE      LAPTOP-BI9BL106
USERNAME                       sam
USERPROFILE                    C:\Users\sam
VBOX_MSI_INSTALL_PATH          C:\Program Files\Oracle\VirtualBox\
windir                         C:\WINDOWS
WSLENV                         WT_SESSION::WT_PROFILE_ID
WT_PROFILE_ID                  {61c54bbd-c2c6-5271-96e7-009a87ff44bf}
WT_SESSION                     0f7913f7-8ac2-41d8-9aaf-050afd2a37a6

How to reproduce

• cd into a directory which name contains chinese character and space, such as D:\tmp\02 ak2\02 基础资料\ESB+mq文档\东方通
• scp a local file in the directory to a remote host, I'm sure the local file exists in the directory
• scp fails with error message ./esb.txt: No such file or directory

openssh client log:

PS D:\tmp\02 ak2\02 基础资料\ESB+mq文档\东方通> scp -v .\esb.txt [email protected]:.
Executing: program ssh.exe host 192.168.20.168, user root, command scp -v -t .
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\sam/.ssh/config
debug1: C:\\Users\\sam/.ssh/config line 1: Applying options for *
debug1: C:\\Users\\sam/.ssh/config line 5: Applying options for 192.168.20.*
debug1: Connecting to 192.168.20.168 [192.168.20.168] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\sam/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\sam/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\sam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.20.168:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:u5UhnkvCIXluTRb26+THyaF7DTRG6dX4HKCnVH3j/qs
debug1: Host '192.168.20.168' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\sam/.ssh/known_hosts:17
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:Xy7mUCzws8mYzfnkp61rbvtTkrgBE/G2BKHMQ+79zs0 C:\\Users\\sam/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.20.168 ([192.168.20.168]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending command: scp -v -t .
./esb.txt: No such file or directory
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2656, received 2700 bytes, in 0.3 seconds
Bytes per second: sent 10180.6, received 10349.3
PS D:\tmp\02 ak2\02 基础资料\ESB+mq文档\东方通> debug1: Exit status 0

I updated uglifycss to 0.0.28 on an engine which does not support ES6, would be good to add that dependency to packages.json.

See https://docs.npmjs.com/files/package.json#engines

Originally posted by @schmunk42 in fmarcia/uglifycss#59

When running:
ssh-keygen -t rsa -b 2048 -f 'key_name' -q -N ''
I receive the error:
option requires an argument -- N
This same command works in bash. Expected result is a key pair with no passphrase.

From cmd.exe I start pwsh

Microsoft Windows [Version 10.0.18363.900]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\gregg>pwsh
PowerShell 7.0.1
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/powershell
Type 'help' to get help.

Loading personal and system profiles took 620ms.
❯ (New-Object Security.Principal.WindowsPrincipal(
>>   [Security.Principal.WindowsIdentity]::GetCurrent())
>> ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
False

From cmd.exe I ssh to localhost

Microsoft Windows [Version 10.0.18363.900]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\gregg>ssh localhost
gregg@localhost's password:
PowerShell 7.0.1
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/powershell
Type 'help' to get help.

Loading personal and system profiles took 620ms.
❯ (New-Object Security.Principal.WindowsPrincipal(
>>   [Security.Principal.WindowsIdentity]::GetCurrent())
>> ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
True

For some magic reason when I ssh to pwsh I get admin but when I open locally I don't.

Is there a way to get those to situations to be the same as they would on MacOS or Linux? Even my user account has admin rights I'd like not to automagically get those rights just by using ssh.

Is agent forwarding supported when connecting from a windows client to a windows host machine ?

I tried all of the things below, but had no luck and stumbled across this comment PowerShell/Win32-OpenSSH#1136 (comment) which says Agent forwarding is not supported on the server yet, but you should be able to use the client to forward agent to a non-Windows target.

Was following these instructions from github : https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding

1. used keygen to generate public/private keys and added public to github.com
2. ssh-add "location of private key". Can see them on client machine through ssh-add -l
3. Test using agent

PS C:\Users\monil> ssh -T git@github.com
Hi monil-patel! You've successfully authenticated, but GitHub does not provide shell access.

4. Specified ForwardAgent in the ssh config

Host my-pc
  HostName host...
  User username
  IdentityFile C:\Users\user\.ssh\id_rsa
  ForwardAgent yes

5. ssh to my-pc, and run ssh -T [email protected] again

expected

# ssh session
PS C:\Users\monil> ssh -T [email protected]
Hi monil-patel! You've successfully authenticated, but GitHub does not provide shell access.

received

# ssh session
[email protected]: Permission denied (publickey).

Cant list any keys under the ssh session

# ssh session
C:\Users\monil>ssh-add -l
Error connecting to agent: No such file or directory

for example, someone's username is "用户" and thus his user folder is “C:\Users\用户”， and he might run ssh.exe on his cmd or powershell to remote: user@remote. basic usage like ssh user@remote works, yet one cant use "-i" option to use a identity file, with error like "cannot create directory C:\Users\\312\21\234\132\423/.ssh" (here the \xxxx nums are just to show the case). and with config files and valid identity key files you are still prompted to input password for the site.
and ssh-keygen cant just save key to home folder.ssh.

Hello,

how do I update OpenSSH to the newest version on Windows 10? Am I supposed to just overwrite the files in C:\Windows\System32\OpenSSH ? Or if I extract it somewhere else how do I tell Windows or the Windows Services to use the new files instead of the old ones?

Summary of the new feature / enhancement

In a corporate environment mutual authentication via Kerberos is a key feature to reduce the effort for user and key management.

There is PowerShell/Win32-OpenSSH#15 but it is unclear whether it is going to happen and whether it is still tracked in the other repo.

Proposed technical implementation details (optional)

No response

Summary of the new feature / enhancement

Hi,

Just bringing attention that OpenSSH is currently 2 versions ahead. Including in the releases are security fixes, bugfixes, and enhancements including switching scp to sftp protocol: https://www.openssh.com/releasenotes.html . Due to the quantity in the release notes I think it would be beneficial to the community to bring the fork up to v9.1 as well.

Note: LibreSSL is also behind

MSYS starts its shell with "msys2_shell.cmd -mingw64". I was not able to get Windows/OpenSSH (as a server) to simply login to the same environment. I tried various registry changes, which did change the loigin shell, but never managed to enter the same environment as by the aforementioned command successfully.

OpenSSH was installed via the "Windows optional feature" thing. I'm not sure if it maps to the work in this repository, but information about this is scarce and the GUI is spartan.

I think logging in to msys is a common use case, and there should be first class support for it. My problem is that it does not even seem to work with registry hacking.

I need a Linux server to SSH into a Windows Server 2016 server with PowerShell 7 installed using key authentication. I only want the Linux server to be able to run one PowerShell script with multiple parameters passed with the SSH session.

From the Linux server I want to run something like this.

ssh user@winserver Value1 Value2

On the Windows server want something like this to run.

./demoscript.ps1 " Value1" " Value2"

I have had some luck adding the command= to the 'authorized_keys' of the user. But I have not been able to pass the parameters.

Some examples of what I have tried.

command="C:\Program Files\PowerShell\7\pwsh.exe -File C:\scripts\demoscript.ps1 %SSH_ORIGINAL_COMMAND%"ssh-rsa

command=".\demoscript.ps1 %SSH_ORIGINAL_COMMAND%"ssh-rsa

Is using the 'authorized_keys' the best way or should I be using the sshd_config file. How should I format the ForceCommand or command setting?

Here is what I have found for linux.
RESTRICT SSH LOGINS TO A SINGLE COMMAND
https://research.kudelskisecurity.com/2013/05/14/restrict-ssh-logins-to-a-single-command/

The repo has releases and tags for 7.7.0.0, 7.7.1.0, 7.7.2.0 and then 7.9.0.0, but the binaries Windows has are of different versions:

git log -S finds "7,7,2,0" and "7.7.2.0" but not "7,7,2,1" (or "7,7,2,3") nor "7.7.2.1" (or "7.7.2.3"), so while I have the public symbols from the symbol server, I don't have the exact sources of that version. What do you propose?

OS: Microsoft Windows [Version 10.0.19041.508]
PS version: 7.0.3

With no $USERHOME/.ssh/config file present, ssh works fine.

With a user-created config file, when attempting to ssh to a local network host, Windows throws the error "Bad owner or permissions on C:\Users\Falco/.ssh/config".

However, if I pass the config file location via the -F flag, ssh works fine and uses the parameters within the config file, which indicates this cannot actually be a permissions issue on the $USERHOME/.ssh folder or the config file within.

Example:

PS C:\Users\Falco> ssh graylog.lab
Bad owner or permissions on C:\\Users\\Falco/.ssh/config

PS C:\Users\Falco> ssh graylog.lab -F C:\Users\Falco\.ssh\config
Last login: Wed Sep  9 10:11:02 2020 from falco.home
[mithos@graylog ~]$

I have a feeling it has something to do with the strange config file path it generates by default when no -F flag is present. I've seen other threads with this similar issue, including the bugfix #418 where the PC name and user name being the same caused a conflict. This is my case (PC name and User name are both "Falco"), however I've done a fresh install of Powershell since this bugfix was released so I assume my build has the fix. Sorry, but I can't figure out how to tell what version a pull request was merged into so I can't say for sure. All I know is that #418 was merged 12/16/19 and I did a complete Windows 10 wipe & reinstall back in June 2020.

Another thing to note - I don't use the "Falco" local account to login anymore, I use my Microsoft account. These are somehow tied together though, because in the permissions system the user FALCO/Falco resolves to my MS Account email address. Not sure if that's relevant or not, but it's a factor no one else has mentioned thus far.

Hello,

Hit a very strange issue today while working on a newly installed Debian 10 VM running in a VMware environment.

If I paste anything into the CLI via the OpenSSH connection, the Debian VM hardlocks, and must be rebooted.

I use Windows OpenSSH across multiple platforms, including Ubuntu and Junos, and don't see this issue anywhere else.

The issue is mostly consistent, but has shown variation;
Typically, the very moment I paste text into the Debian CLI, the system hardlocks immediately, and we must reboot the VM.

Sometimes, a few characters of the paste will show up in the terminal before the VM hard locks.

I have been able to paste exactly 1 time successfully, out of many(dozen or more) tests. It is easily replicated.

Was running 7.7p1, but upgraded to 8.0p1 via chocolately, and still have the issue.

Was on----
PS C:\WINDOWS\system32> ssh -V
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
PS C:\WINDOWS\system32>
Now on----
PS C:\Users\clara> ssh -V
OpenSSH_for_Windows_8.0p1, LibreSSL 2.6.5
PS C:\Users\clara>

I can copy/paste just fine from the WSL(Ubuntu) OpenSSH client, without any issues.

Unfortunately, the hardlock does not generate any events in event viewer(that I can find), and no logs appear on the Debian VM... It immediately hardlocks.

The issue seems isolated to when I use OpenSSH for Win64 only...

WinVer~
Version 2004(OS Build 19041.508)

Let me know if I need to provide any further information, thanks :)

The changes since the last "beta" v8.1.0.0...latestw_all seem relevant enough to publish a new version and as OpenSSH (likely based on work done here) is now provided for newer Windows versions from the windows features it seems that "beta" can be dropped.

"OpenSSH for Windows" version
7.7.2.3

Server OperatingSystem
Windows 10 Pro

Client OperatingSystem
Windows 10 Pro

What is failing
When I'm logged in the server (no matter the client, I even tried using the same computer as server and client) and try to open a graphical program, it will not open it.

For instance, if I open a local (no SSH) PowerShell and try the following commands, all of them will work and open the respective programs:

• explorer
• mspaint
• notepad

But, if I login in the same computer through SSH, and try the same programs, they will not open, except for the explorer that will actually work and open its respective window.

I even tried other programs like Firefox using their fullpath:

• "C:\Program Files\Mozilla Firefox\firefox.exe"
• Start-Process spotify

All of them will open in a local PowerShell, but will not open acessing the PowerShell through SSH. I also tried cmd as the prompt for the SSH session, but it had the same behavior as the PowerShell.

Expected output
The program and its respective window to open in the server.

Actual output
The program is not started and no window is opened in the server.

The OpenSSH server that comes with with Windows 10 v20H2 is rather outdated: OpenSSH_for_Windows_7.7p1.

The latest release from the present openssh-portable repo is also rather old, v8.1.0.0 from 18 Dec 2019.

In contrast, Git for Windows also comes with OpenSSH, and it's pretty recent: OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020.

What version should we choose? Is the current fork still actively maintained?