Password authentication is not working in ssh on windows
6,171
Solution 1
Default shell location was incorrect and I found this in server debug logs mentioned in question i-e
User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
execute following command to set default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Solution 2
The reason why you cannot login:
debug1: user domain\\aawais matched group list administrators at line 84
User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
Sshd checks validity of user before asking for password.
Author by
Awais Ahmed
Updated on September 18, 2022Comments
-
Awais Ahmed over 1 year
I tried to install windows OpenSSH Server feature also tried to manually install OpenSSH in C:/Program Files/OpenSSH but for both when i try to connect it ask for password I enter correct but it says Permission denied always. It was working fine but after some time started to face this issue. I tried to manually run the sshd server with -d option and it gives the following logs
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2 debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: algorithm: curve25519-sha256 [preauth] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth] debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug1: rekey out after 134217728 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: Sending SSH2_MSG_EXT_INFO [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: rekey in after 134217728 blocks [preauth] debug1: KEX done [preauth] debug1: userauth-request for user aawais@domain service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: user domain\\aawais matched group list administrators at line 84 User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist debug1: userauth-request for user aawais@domain service ssh-connection method keyboard-interactive [preauth] debug1: attempt 1 failures 0 [preauth] debug1: keyboard-interactive devs [preauth] debug1: auth2_challenge: user=aawais@domain devs= [preauth] debug1: kbdint_alloc: devices '' [preauth] debug1: userauth-request for user aawais@domain service ssh-connection method password [preauth] debug1: attempt 2 failures 1 [preauth] debug1: Windows authentication failed for user: NOUSER domain: . error: 1326
and following is my sshd_config file
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging SyslogFacility AUTH LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes MaxAuthTries 600 #MaxSessions 10 PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes #PermitEmptyPasswords no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
What might be the cause of this problem?
-
Ramhound almost 4 yearsSo how does the user solve their problem?
-
Awais Ahmed almost 4 years@Yuri Thanks for the answer. This was the main problem.
-
DocWeird almost 4 yearsTo help others, you should select this as the correct answer because it actually tells how to fix it - or @Yuri Ginsburg should alternatively edit the fix into his answer.
-
mivk over 3 yearsOr the shorter
reg add
command:reg add HKLM\SOFTWARE\OpenSSH /v DefaultShell /d C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe