Running bash from ssh (using built-in SSH Server Broker/Proxy) causes error 0x8007048f #777

sebmaynard opened this Issue Aug 5, 2016 · 11 comments


None yet

10 participants

sebmaynard commented Aug 5, 2016 edited
  • A brief description
    • I've got the Anniversary update.
    • I've installed Windows Subsystem for Linux, and installed bash (by running bash from a command line)
    • After a couple of reboots, I noticed 2 new services for "Windows SSH Server": "SSH Server Proxy" and "SSH Server Broker" which get started on boot.
    • I ssh to localhost which gives me a command prompt (as in cmd.exe)
    • From there, I run bash, which gives me a (slightly garbled) WSL BashOnWindows prompt.
    • If I ssh into localhost again (again using the native ssh server) I can start the garbled bash again and it doesn't give an error; it just doesn't work very well as it seems to be ignoring all of the shell escape codes.
    • If I then try and run bash again (from a normal cmd) I get error 0x8007048f and it refuses to start again that way until I reboot
  • Expected results
    • Bash runs as normal, and doesn't prevent future bashes from running outside of the native ssh session
  • Actual results (with terminal output if applicable)
    • The bash running inside the ssh session continues to work
    • No other bash will run (i.e. from a normal command prompt, or from powershell)
  • Your Windows build number
    • 14393.10
  • Steps / commands required to reproduce the error
    • Install the Anniversary update, enable linux subsystem, install bash
    • Reboot a few times
    • SSH into localhost
    • Run bash from connected ssh session
  • Strace of the failing command
    • n/a
  • Required packages and commands to install
    • n/a

The ssh server you're seeing is actually a minimal ssh server used for device discovery (when developer mode is turned on) and should really be avoided since it lacks many of the features one might otherwise expect of a full ssh server.

ducalpha commented Aug 5, 2016 edited

I tried to turn on ssh from Bash on Windows but got an error on privilege separation as follows:

$ sudo /usr/sbin/sshd
Missing privilege separation directory: /var/run/sshd

I don't want to disable privilege separation of SSH server (by editing /etc/ssh/sshd_config). Is there any better way?

(There is an article on this at

fpqc commented Aug 5, 2016 edited

@ducalpha you have to turn off privilege separation in /etc/sshd.conf or whatever the configuration file is. It makes use of the chroot syscall, which is not yet implemented.


Closing this issue for now since, as mentioned above, this SSH server is only a minimal SSH server used for device discovery scenarios and it doesn't support all the high-fidelity SSH features one would expect or rely upon.

If you want to run an OpenSSH Server on Windows, know that the real OpenSSH is currently being ported to support Windows as we type:

And if you can always run sshd from Bash, but obviously, only when you've got a bash shell running.

@bitcrazed bitcrazed closed this Aug 11, 2016

I think this should be debugged. Reopening.

@benhillis benhillis reopened this Aug 11, 2016
Efreak commented Aug 12, 2016 edited

On the latest preview version (build 14901.1000) of Windows 10, the error code is different, I've got Error: 0x80070020. Not sure if it makes a difference, but this post helped me figure out the issue.

Edit: I also had to allow connections to my specified port in windows firewall.

gertcuykens commented Oct 17, 2016 edited

I got Error: 0x80070005

The minimal broker / proxy sshd server should be upgraded to a real one. So in summary we have 3 sshd servers now.

  1. bash
  2. powershell
  3. broker/proxy

Only the broker / proxy is the way forward if you ask me. It is currently the only solution that resembles the low level control and performance you expect from a sshd server.

I assume the broker / proxy is out of the linux bash scope and need to be addressed by a complete other internal team from Microsoft?

I suggest the following when decision is made to keep the broker / proxy server minimal permanently then please use another default port for it and reserve the 22 port for a real sshd server.

What to avoid at all cost is that developers are developing a powershell or bash sshd solutions that can run as services in windows and all effort lost when the broker / proxy from microsoft has been upgraded making a bash sshd solution useless both on security and performance because the former its baked into the windows kernel.

So please be clear on the decision and keep us updated, thanks.

fpqc commented Oct 17, 2016

@gertcuykens Yeah, connecting to an ssh server is so much simpler than Enter-PSSession or WMI. I hope they add it as a Nano server role.

yurymik commented Jan 15, 2017

I get 0x8007048f or 0x80070020 when try to ssh to the localhost and run bash there. Here are ETL files for 0x8007048f case:

kvz commented Feb 8, 2017 edited

And if you can always run sshd from Bash, but obviously, only when you've got a bash shell running.

I'd like to do this as a workaround, are there any tutorials for it? The obvious sudo apt-get install ssh && sudo /etc/init.d/ssh restart is not working for me. sudo netstat -tupan reports no open port. I changed the port to 223 as to not conflict with anything that might already be running on 22 but to no avail. No syslog or auth.log ormessages log so i'm a bit lost

My usecase is just that I want to control a remote windows machine via a local (OSX) terminal. I'd be cool to first use powershell and then boot bash, etc, but none of the approaches so far seem straightforward?

aseering commented Feb 9, 2017

For what it's worth, there's a thread discussing how to do this, here:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment