Windows Server 2019 OpenSSH SFTP Server Won't Authenticate Users Anymore (Connection Reset)COPSSH RSA only authentication connection problemsftp vs ftps, securing SSH and virtual users vsftpdCreating multiple SFTP users for one accountDifferent “RequiredAuthentications2” for sshd and sftp subsystempermission denied using a public key with Copssh on a windows 2003 serverpermission denied on authorized_keyssshd_config how to allow one user to have full unrestricted sftp and allow sshConnection closed by remote host Couldn't read packet: Connection reset by peerEnable password login for SFTP while keeping authentication by SSH keysCannot upload files with scp, but with pscp it works

How to cope with regret and shame about not fully utilizing opportunities during PhD?

How can dragons propel their breath attacks to a long distance

What does i386 mean on macOS Mojave?

Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet?

Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering

How to minimise the cost of guessing a number in a high/low guess game?

What's the difference between a Bunsen burner and a gas stove?

When a land becomes a creature, is it untapped?

How to slow yourself down (for playing nice with others)

A curve pass via points at TiKz

What are the implications of the new alleged key recovery attack preprint on SIMON?

What is Plautus’s pun about frustum and frustrum?

Word for being out at night during curfew

Who was this character from the Tomb of Annihilation adventure before they became a monster?

How does Howard Stark know this?

On studying Computer Science vs. Software Engineering to become a proficient coder

Why can't RGB or bicolour LEDs produce a decent yellow?

Why was Thor doubtful about his worthiness to Mjolnir?

Why in a Ethernet LAN, a packet sniffer can obtain all packets sent over the LAN?

Smallest Guaranteed hash collision cycle length

How many are the non-negative integer solutions of 𝑥 + 𝑦 + 𝑤 + 𝑧 = 16 where x < y?

How could a Lich maintain the appearance of being alive without magic?

How to select certain lines (n, n+4, n+8, n+12...) from the file?

Can I use my laptop, which says 100-240V, in the USA?

Windows Server 2019 OpenSSH SFTP Server Won't Authenticate Users Anymore (Connection Reset)

COPSSH RSA only authentication connection problemsftp vs ftps, securing SSH and virtual users vsftpdCreating multiple SFTP users for one accountDifferent “RequiredAuthentications2” for sshd and sftp subsystempermission denied using a public key with Copssh on a windows 2003 serverpermission denied on authorized_keyssshd_config how to allow one user to have full unrestricted sftp and allow sshConnection closed by remote host Couldn't read packet: Connection reset by peerEnable password login for SFTP while keeping authentication by SSH keysCannot upload files with scp, but with pscp it works

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

I am running Microsoft Windows Server 2019 Datacenter Version 10.0.17763 Build 17763 on Azure and I had SFTP working just fine until EITHER a recent update and reboot on Windows OR an SFTP username (the "vendor1" user) password change on ActiveDirectory clobbered this working install of OpenSSH.

Now when attempting to SFTP from a client machine, all I get is,

Connection reset by xxx.xxx.xxx.xxx port 22

Connection closed

What could be wrong? Has anyone else experienced this and solved it?

Here's my sshd_config file, which was working:

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner F:SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

# override default of no subsystems
Subsystem sftp sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#DenyGroups companyvendors companyauditors
#AllowGroups companyadministrators

Match Group vendors
 ChrootDirectory F:Vendors
 #ChrootDirectory F:Vendors%u
 #ChrootDirectory %h
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

# no default banner path
#Banner F:VendorsSFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

Using the -v (verbose) option in my SFTP command (sftp -v vendor1@its.my.ip.addr) yields:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_rsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_dsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ed25519
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
vendor1@its.my.ip.addrr's password:
debug1: Authentication succeeded (password).
Authenticated to its.my.ip.addrr ([its.my.ip.addrr]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Connection reset by its.my.ip.addrr port 22
Connection closed

That user "mylocalusername" is my local client PC Windows login name.

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

How about looking in the server logs? Is your firewall filtering / blocking the port 22 requests?

– Lenniey
May 2 at 8:46

In PowerShell, I ran: Get-NetFirewallRule -Name ssh Here are the results: Name : OpenSSH-Server-In-TCP DisplayName : OpenSSH SSH Server (sshd) Description : Inbound rule for OpenSSH SSH Server (sshd) DisplayGroup : OpenSSH Server Group : OpenSSH Server Enabled : True Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False

– ShieldOfSalvation
May 2 at 8:50

Basically, the firewall seems fine. Uncommenting the log lines in the sshd_config file fields nothing in the C:ProgramDatasshlogs folder. Checking the Event Viewer now....

– ShieldOfSalvation
May 2 at 8:52

In the Event Viewer's Application and Services Log, inside OpenSSH | Operational, I see sshd: Accepted password for vendor1 from its.my.ip.addr port 11678 ssh2....not sure why the port is different but it looks like it's recognizing me.

– ShieldOfSalvation
May 2 at 9:01

It's the source port of the connection, it won't be 22. Are outbound connections from sshd allowed in your firewall? You only listed inbound. Check the clients verbose message as well, e. g.: ssh -v user@host

– Lenniey
May 2 at 9:07

|
show 6 more comments

Now when attempting to SFTP from a client machine, all I get is,

Connection reset by xxx.xxx.xxx.xxx port 22

Connection closed

What could be wrong? Has anyone else experienced this and solved it?

Here's my sshd_config file, which was working:

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner F:SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

# override default of no subsystems
Subsystem sftp sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#DenyGroups companyvendors companyauditors
#AllowGroups companyadministrators

Match Group vendors
 ChrootDirectory F:Vendors
 #ChrootDirectory F:Vendors%u
 #ChrootDirectory %h
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

# no default banner path
#Banner F:VendorsSFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

Using the -v (verbose) option in my SFTP command (sftp -v vendor1@its.my.ip.addr) yields:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_rsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_dsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ed25519
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
vendor1@its.my.ip.addrr's password:
debug1: Authentication succeeded (password).
Authenticated to its.my.ip.addrr ([its.my.ip.addrr]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Connection reset by its.my.ip.addrr port 22
Connection closed

That user "mylocalusername" is my local client PC Windows login name.

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

How about looking in the server logs? Is your firewall filtering / blocking the port 22 requests?

– Lenniey
May 2 at 8:46

In PowerShell, I ran: Get-NetFirewallRule -Name ssh Here are the results: Name : OpenSSH-Server-In-TCP DisplayName : OpenSSH SSH Server (sshd) Description : Inbound rule for OpenSSH SSH Server (sshd) DisplayGroup : OpenSSH Server Group : OpenSSH Server Enabled : True Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False

– ShieldOfSalvation
May 2 at 8:50

Basically, the firewall seems fine. Uncommenting the log lines in the sshd_config file fields nothing in the C:ProgramDatasshlogs folder. Checking the Event Viewer now....

– ShieldOfSalvation
May 2 at 8:52

In the Event Viewer's Application and Services Log, inside OpenSSH | Operational, I see sshd: Accepted password for vendor1 from its.my.ip.addr port 11678 ssh2....not sure why the port is different but it looks like it's recognizing me.

– ShieldOfSalvation
May 2 at 9:01

It's the source port of the connection, it won't be 22. Are outbound connections from sshd allowed in your firewall? You only listed inbound. Check the clients verbose message as well, e. g.: ssh -v user@host

– Lenniey
May 2 at 9:07

|
show 6 more comments

Now when attempting to SFTP from a client machine, all I get is,

Connection reset by xxx.xxx.xxx.xxx port 22

Connection closed

What could be wrong? Has anyone else experienced this and solved it?

Here's my sshd_config file, which was working:

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner F:SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

# override default of no subsystems
Subsystem sftp sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#DenyGroups companyvendors companyauditors
#AllowGroups companyadministrators

Match Group vendors
 ChrootDirectory F:Vendors
 #ChrootDirectory F:Vendors%u
 #ChrootDirectory %h
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

# no default banner path
#Banner F:VendorsSFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

Using the -v (verbose) option in my SFTP command (sftp -v vendor1@its.my.ip.addr) yields:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_rsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_dsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ed25519
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
vendor1@its.my.ip.addrr's password:
debug1: Authentication succeeded (password).
Authenticated to its.my.ip.addrr ([its.my.ip.addrr]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Connection reset by its.my.ip.addrr port 22
Connection closed

That user "mylocalusername" is my local client PC Windows login name.

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

Now when attempting to SFTP from a client machine, all I get is,

Connection reset by xxx.xxx.xxx.xxx port 22

Connection closed

What could be wrong? Has anyone else experienced this and solved it?

Here's my sshd_config file, which was working:

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner F:SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

# override default of no subsystems
Subsystem sftp sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#DenyGroups companyvendors companyauditors
#AllowGroups companyadministrators

Match Group vendors
 ChrootDirectory F:Vendors
 #ChrootDirectory F:Vendors%u
 #ChrootDirectory %h
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

# no default banner path
#Banner F:VendorsSFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

Using the -v (verbose) option in my SFTP command (sftp -v vendor1@its.my.ip.addr) yields:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_rsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_dsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_ed25519
debug1: Trying private key: C:\Users\mylocalusername/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
vendor1@its.my.ip.addrr's password:
debug1: Authentication succeeded (password).
Authenticated to its.my.ip.addrr ([its.my.ip.addrr]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Connection reset by its.my.ip.addrr port 22
Connection closed

That user "mylocalusername" is my local client PC Windows login name.

windows sftp

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

edited May 2 at 9:26

asked May 2 at 8:35

ShieldOfSalvation

1248

asked May 2 at 8:35

ShieldOfSalvation

1248

asked May 2 at 8:35

ShieldOfSalvation

1248

How about looking in the server logs? Is your firewall filtering / blocking the port 22 requests?

– Lenniey
May 2 at 8:46

In PowerShell, I ran: Get-NetFirewallRule -Name ssh Here are the results: Name : OpenSSH-Server-In-TCP DisplayName : OpenSSH SSH Server (sshd) Description : Inbound rule for OpenSSH SSH Server (sshd) DisplayGroup : OpenSSH Server Group : OpenSSH Server Enabled : True Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False

– ShieldOfSalvation
May 2 at 8:50

Basically, the firewall seems fine. Uncommenting the log lines in the sshd_config file fields nothing in the C:ProgramDatasshlogs folder. Checking the Event Viewer now....

– ShieldOfSalvation
May 2 at 8:52

In the Event Viewer's Application and Services Log, inside OpenSSH | Operational, I see sshd: Accepted password for vendor1 from its.my.ip.addr port 11678 ssh2....not sure why the port is different but it looks like it's recognizing me.

– ShieldOfSalvation
May 2 at 9:01

It's the source port of the connection, it won't be 22. Are outbound connections from sshd allowed in your firewall? You only listed inbound. Check the clients verbose message as well, e. g.: ssh -v user@host

– Lenniey
May 2 at 9:07

|
show 6 more comments

How about looking in the server logs? Is your firewall filtering / blocking the port 22 requests?

– Lenniey
May 2 at 8:46

In PowerShell, I ran: Get-NetFirewallRule -Name ssh Here are the results: Name : OpenSSH-Server-In-TCP DisplayName : OpenSSH SSH Server (sshd) Description : Inbound rule for OpenSSH SSH Server (sshd) DisplayGroup : OpenSSH Server Group : OpenSSH Server Enabled : True Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False

– ShieldOfSalvation
May 2 at 8:50

Basically, the firewall seems fine. Uncommenting the log lines in the sshd_config file fields nothing in the C:ProgramDatasshlogs folder. Checking the Event Viewer now....

– ShieldOfSalvation
May 2 at 8:52

In the Event Viewer's Application and Services Log, inside OpenSSH | Operational, I see sshd: Accepted password for vendor1 from its.my.ip.addr port 11678 ssh2....not sure why the port is different but it looks like it's recognizing me.

– ShieldOfSalvation
May 2 at 9:01

It's the source port of the connection, it won't be 22. Are outbound connections from sshd allowed in your firewall? You only listed inbound. Check the clients verbose message as well, e. g.: ssh -v user@host

– Lenniey
May 2 at 9:07

How about looking in the server logs? Is your firewall filtering / blocking the port 22 requests?

– Lenniey
May 2 at 8:46

In PowerShell, I ran: Get-NetFirewallRule -Name ssh Here are the results: Name : OpenSSH-Server-In-TCP DisplayName : OpenSSH SSH Server (sshd) Description : Inbound rule for OpenSSH SSH Server (sshd) DisplayGroup : OpenSSH Server Group : OpenSSH Server Enabled : True Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False

– ShieldOfSalvation
May 2 at 8:50

Basically, the firewall seems fine. Uncommenting the log lines in the sshd_config file fields nothing in the C:ProgramDatasshlogs folder. Checking the Event Viewer now....

– ShieldOfSalvation
May 2 at 8:52

In the Event Viewer's Application and Services Log, inside OpenSSH | Operational, I see sshd: Accepted password for vendor1 from its.my.ip.addr port 11678 ssh2....not sure why the port is different but it looks like it's recognizing me.

– ShieldOfSalvation
May 2 at 9:01

It's the source port of the connection, it won't be 22. Are outbound connections from sshd allowed in your firewall? You only listed inbound. Check the clients verbose message as well, e. g.: ssh -v user@host

– Lenniey
May 2 at 9:07

|
show 6 more comments

0

active

oldest

votes

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965530%2fwindows-server-2019-openssh-sftp-server-wont-authenticate-users-anymore-connec%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Otdfbt

0

Your Answer

Post as a guest

0

0

Post as a guest

Popular posts from this blog

0

Your Answer

Sign up or log in

Post as a guest

Post as a guest

0

0

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog