OpenSSH not accepting my login password

windows-10 ssh openssh

25,034

Solution 1

I haven't set up any password for the SSH server yet. What is the default password for the server?

There isn't one.

Whenever I am trying to login into the server, I am asked for a password. I have only configured a single password for my Windows 10 PC, and that is the password of my Microsoft account. But, the server denies access with that password.

You are attempting to connect with the incorrect username. You should be using ssh Machine_Name\Username@localhost to connect to the server.

Why do I need to give the \USER part?

You have to explicitly indicate which username you want to use in order to connect to the OpenSSH Server. You also indicated you used the syntax, ssh <my_name>@localhost, which indicates the username was the name of your machine instead of your actual username.

Since <my_name> isn't an actual username on the machine, the password authentication was failing, you actually have to use Username and explicitly indicate it's on the machine Machine_Name\Username.

The output of [System.Security.Principal.WindowsIdentity]::GetCurrent().Name will indicate what should be used.

Solution 2

Another reason why it may not accept a valid username and password is if the configured shell is wrong.

You can check which it is with

reg query HKLM\SOFTWARE\OpenSSH /v DefaultShell

To set it to Powershell, if you have it in the default directory:

reg add HKLM\SOFTWARE\OpenSSH /v DefaultShell /d C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

25,034

Puspam

Updated on September 18, 2022

Comments

Puspam over 1 year

I have successfully set up OpenSSH server and client running through the Windows 10 optional features section.
Whenever I am trying to login into the server, I am asked for a password. I have only configured a single password for my Windows 10 PC, and that is the password of my Microsoft account. But, the server denies access with that password. I haven't set up any password for the SSH server yet.
What is the default password for the server?

Here are the contents of the sshd_config file in %PROGRAMDATA%\ssh\ folder :

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem   sftp    sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

This is the output of Get-NetFirewallRule -Name *ssh* :

Name                  : OpenSSH-Server-In-TCP
DisplayName           : OpenSSH SSH Server (sshd)
Description           : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup          : OpenSSH Server
Group                 : OpenSSH Server
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Name                  : SshProxy-Service
DisplayName           : SshProxy-Service-Private
Description           : SSH Server Proxy Service
DisplayGroup          : Ssh Server
Group                 : Ssh Server
Enabled               : True
Profile               : Private
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Name                  : SshProxy-Service-Domain
DisplayName           : SshProxy-Service-Domain
Description           : SSH Server Proxy Service
DisplayGroup          : Ssh Server
Group                 : Ssh Server
Enabled               : True
Profile               : Domain
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Output of [System.Security.Principal.WindowsIdentity]::GetCurrent().Name :

<my_name>\USER

Ramhound over 4 years

There isn't a default password. You can only access the machine using an account that exists on the machine with OpenSSH Server installed on it.
JW0914 over 2 years

SSHing via a password isn't that secure - generate a PKI key pair via ssh-keygen, encrypt the private key with a passphrase, add it to your user's ~\.ssh\authorized_keys, and use it to login.
Admin almost 2 years

Hey, is your issue solved?