1

I'm trying to connect to a Windows Server 2019 via SSH for me to deploy my web app with GitLab CI/CD pipeline, so I installed OpenSSH server on it, and everything works fine if I logon using password authentication.

However, if I start the service through Start-service sshd from Powershell or using GUI like services.msc, I am not able to connect, the connection closed with debug3: recv - from CB ERROR:10054, io:000001AE1C4C53E0 message

Here's last few lines of output on ssh client while connecting with -vvv option:

Authenticated to x.x.x.x ([x.x.x.x]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:950 to 65001
debug3: recv - from CB ERROR:10054, io:000001AE1C4C53E0
debug3: send packet: type 1
debug3: send - WSASend() ERROR:10054, io:000001AE1C4C53E0
client_loop: send disconnect: Connection reset
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 950

On the server side, there's also some errors logged:

debug1: monitor_read_log: child log fd closed
13012 2023-01-12 13:47:15.466 error: lookup_principal_name: User principal name lookup failed for user 'domain\\user' (explicit: 5, implicit: 5)
13012 2023-01-12 13:47:15.467 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\user' Status: 0xC0000062 SubStatus 0.
13012 2023-01-12 13:47:15.467 debug3: get_user_token - unable to generate token for user domain\\user
13012 2023-01-12 13:47:15.474 error: lookup_principal_name: User principal name lookup failed for user 'domain\\user' (explicit: 5, implicit: 5)
13012 2023-01-12 13:47:15.474 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\\user' Status: 0xC0000062 SubStatus 0.
13012 2023-01-12 13:47:15.474 error: get_user_token - unable to generate token on 2nd attempt for user domain\\user
13012 2023-01-12 13:47:15.474 error: unable to get security token for user domain\\user
13012 2023-01-12 13:47:15.474 fatal: fork of unprivileged child failed
13012 2023-01-12 13:47:15.474 debug1: do_cleanup

I once thought this is caused by insufficient privilege of sshd user, so I tried adding sshd to Adminstrators, but didn't help...

How I add sshd user to Administrator group

But if I start the service manually with by running C:\Windows\System32\OpenSSH\sshd.exe, everything works fine...

Any ideas for this?

YuWea
  • 11
  • 2
  • `lookup_principal_name: User principal name lookup failed for user 'domain\\user' (explicit: 5, implicit: 5)`. That's your error right there. I know it's possible to use AD for this but not sure how it's configured for your system. I can't think of another reason to query for userPrincipalName. https://www.saotn.org/retrieve-ssh-public-key-from-active-directory-for-ssh-authentication/ – Greg Askew Jan 12 '23 at 07:19
  • sshd service user does not need to be in the Administrators group, but the service runs under system account – Nikita Kipriyanov Jan 12 '23 at 08:05
  • @GregAskew After some try, I figured out that if I can login using public key auth with an local acoount but not an AD account, but still no idea why this happens. – YuWea Jan 13 '23 at 03:51

0 Answers0