Public Key Auth Fails Multiple Ways - Windows to Windows and Linux to Windows

[pldmgg]

"OpenSSH for Windows" version

PS C:\Users\testadmin> (Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion
7.6.0.0

Server OperatingSystem

PS C:\Users\testadmin> (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName
Windows Server 2012 R2 Standard

Client OperatingSystem
Tried from both Windows and CentOS client.

Windows Client Info:

PS C:\Users\testadmin> (Get-Item (Get-Command ssh).Source).VersionInfo.FileVersion
0.0.17.0

PS C:\Users\testadmin> (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName
Windows Server 2016 Standard

CentOS 7 Client Info:

[pdadmin@CentOS7-WS .ssh]$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

[pdadmin@CentOS7-WS .ssh]$ hostnamectl
   Static hostname: CentOS7-WS.localdomain
         Icon name: computer-vm
           Chassis: vm
        Machine ID: bb2908789ce14d32bd72cf3d318b79e0
           Boot ID: 055cf37059c5444e8973eb7f37f53282
    Virtualization: microsoft
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-514.16.1.el7.x86_64
      Architecture: x86-64

What is failing
Public key authentication.

Key Creation
Key pairs created and tested with the below command on both Windows and CentOS (with blank password):

ssh-keygen -t rsa -b 2048 -f "<outfilepath>" -q -C "ToWin12WSA"

Please note, the keys are not a problem...I tested between Linux hosts and they work fine.

Windows 2012 SSHD Server File Permissions:

PS C:\Users\testadmin> Install-Module NTFSSecurity
PS C:\Users\testadmin> Import-Module NTFSSecurity
PS C:\Users\testadmin> Get-NTFSAccess C:\Users\testadmin\.ssh


    Path: C:\Users\testadmin\.ssh (Inheritance disabled)


Account                             Access Rights            Applies to                Type                     IsInherited             InheritedFrom
-------                             -------------            ----------                ----                     -----------             -------------
NT AUTHORITY\SYSTEM                 FullControl              ThisFolderSubfoldersAn... Allow                    False
TEST2\testadmin                     FullControl              ThisFolderSubfoldersAn... Allow                    False
NT SERVICE\sshd                     Read, Synch...           ThisFolderSubfoldersAn... Allow                    False

IMPORTANT NOTE: I also tried with NT SERVICE\sshd only having Read access on C:\Users\testadmin\.ssh (as opposed to Read, Synchronize illustrated above). Result was the same.

PS C:\Users\testadmin> Get-NTFSAccess C:\Users\testadmin\.ssh\authorized_keys


    Path: C:\Users\testadmin\.ssh\authorized_keys (Inheritance disabled)


Account                             Access Rights            Applies to                Type                     IsInherited             InheritedFrom
-------                             -------------            ----------                ----                     -----------             -------------
NT AUTHORITY\SYSTEM                 FullControl              ThisFolderOnly            Allow                    False
TEST2\testadmin                     FullControl              ThisFolderOnly            Allow                    False
NT SERVICE\sshd                     Read, Synchronize        ThisFolderOnly            Allow                    False

IMPORTANT NOTE: I also tried with NT SERVICE\sshd only having Read access on C:\Users\testadmin\.ssh\authorized_keys (as opposed to Read, Synchronize illustrated above). Result was the same.

Scenario 1: CentOS7 Client to Windows 2012 R2 SSHD Server

SSHD Log

9004 2018-03-23 18:02:57.426 debug1: Bind to port 22 on ::.
9004 2018-03-23 18:02:57.426 Server listening on :: port 22.
9004 2018-03-23 18:02:57.426 debug1: Bind to port 22 on 0.0.0.0.
9004 2018-03-23 18:02:57.426 Server listening on 0.0.0.0 port 22.
8972 2018-03-23 18:03:16.011 rexec line 36: Deprecated option RSAAuthentication
8972 2018-03-23 18:03:16.024 debug1: inetd sockets after dupping: 3, 3
8972 2018-03-23 18:03:16.024 Connection from 192.168.2.34 port 42196 on 192.168.2.145 port 22
8972 2018-03-23 18:03:16.024 debug1: Client protocol version 2.0; client software version OpenSSH_7.4
8972 2018-03-23 18:03:16.024 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
8972 2018-03-23 18:03:16.024 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
8972 2018-03-23 18:03:16.079 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
8972 2018-03-23 18:03:16.079 debug1: SSH2_MSG_KEXINIT sent [preauth]
8972 2018-03-23 18:03:16.079 debug1: SSH2_MSG_KEXINIT received [preauth]
8972 2018-03-23 18:03:16.079 debug1: kex: algorithm: curve25519-sha256 [preauth]
8972 2018-03-23 18:03:16.079 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
8972 2018-03-23 18:03:16.079 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
8972 2018-03-23 18:03:16.079 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
8972 2018-03-23 18:03:16.079 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
8972 2018-03-23 18:03:16.096 debug1: rekey after 134217728 blocks [preauth]
8972 2018-03-23 18:03:16.096 debug1: SSH2_MSG_NEWKEYS sent [preauth]
8972 2018-03-23 18:03:16.096 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
8972 2018-03-23 18:03:16.102 debug1: SSH2_MSG_NEWKEYS received [preauth]
8972 2018-03-23 18:03:16.102 debug1: rekey after 134217728 blocks [preauth]
8972 2018-03-23 18:03:16.102 debug1: KEX done [preauth]
8972 2018-03-23 18:03:16.157 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method none [preauth]
8972 2018-03-23 18:03:16.157 debug1: attempt 0 failures 0 [preauth]
8972 2018-03-23 18:03:16.157 reprocess config line 36: Deprecated option RSAAuthentication
8972 2018-03-23 18:03:16.205 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8972 2018-03-23 18:03:16.205 debug1: attempt 1 failures 0 [preauth]
8972 2018-03-23 18:03:16.205 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8972 2018-03-23 18:03:16.206 Authentication refused.
8972 2018-03-23 18:03:16.206 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method keyboard-interactive [preauth]
8972 2018-03-23 18:03:16.206 debug1: attempt 2 failures 1 [preauth]
8972 2018-03-23 18:03:16.206 debug1: keyboard-interactive devs  [preauth]
8972 2018-03-23 18:03:16.206 debug1: auth2_challenge: user=testadmin@test2.lab devs= [preauth]
8972 2018-03-23 18:03:16.206 debug1: kbdint_alloc: devices '' [preauth]
8972 2018-03-23 18:03:18.444 Connection closed by authenticating user testadmin@test2.lab 192.168.2.34 port 42196 [preauth]
8972 2018-03-23 18:03:18.444 debug1: do_cleanup [preauth]
8972 2018-03-23 18:03:18.445 debug1: do_cleanup

CentOS 7 SSH Client -vvv Output:

[pdadmin@CentOS7-WS .ssh]$ ssh -i ToWin12WSA -l testadmin@test2.lab win12ws.test2.lab -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "win12ws.test2.lab" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to win12ws.test2.lab [192.168.2.145] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ToWin12WSA type -1
debug1: key_load_public: No such file or directory
debug1: identity file ToWin12WSA-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.6
debug1: match: OpenSSH_for_Windows_7.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to win12ws.test2.lab:22 as 'testadmin@test2.lab'
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DLeuZlbOpTmtzxPzJM3LaoMLbN+kGWOTj5OGIgIvuqc
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 192.168.2.145
debug1: Host 'win12ws.test2.lab' is known and matches the ECDSA host key.
debug1: Found key in /home/pdadmin/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ToWin12WSA ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ToWin12WSA
debug3: sign_and_send_pubkey: RSA SHA256:XD8GhEBcMtgA7zxwzfJFvzXNKERxXkphKAerTOgFenU
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
testadmin@test2.lab@win12ws.test2.lab's password:

[pdadmin@CentOS7-WS .ssh]$

NOTE: I should NOT be prompted for a password (but at least it falls back to password...using the password does indeed work). The corresponding public key exists in the file C:\Users\testadmin\.ssh\authorized_keys on the Windows 2012 R2 SSHD host.

Scenario 2: Windows 2016 Client to Windows 2012 R2 SSHD Server

SSHD Log:

9080 2018-03-23 18:47:58.054 debug1: Bind to port 22 on ::.
9080 2018-03-23 18:47:58.054 Server listening on :: port 22.
9080 2018-03-23 18:47:58.054 debug1: Bind to port 22 on 0.0.0.0.
9080 2018-03-23 18:47:58.054 Server listening on 0.0.0.0 port 22.
8360 2018-03-23 18:48:22.366 rexec line 36: Deprecated option RSAAuthentication
8360 2018-03-23 18:48:22.379 debug1: inetd sockets after dupping: 3, 3
8360 2018-03-23 18:48:22.379 Connection from 192.168.2.41 port 60997 on 192.168.2.145 port 22
8360 2018-03-23 18:48:22.379 debug1: Client protocol version 2.0; client software version OpenSSH_7.5
8360 2018-03-23 18:48:22.379 debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
8360 2018-03-23 18:48:22.379 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
8360 2018-03-23 18:48:22.431 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
8360 2018-03-23 18:48:22.431 debug1: SSH2_MSG_KEXINIT sent [preauth]
8360 2018-03-23 18:48:22.432 debug1: SSH2_MSG_KEXINIT received [preauth]
8360 2018-03-23 18:48:22.432 debug1: kex: algorithm: curve25519-sha256 [preauth]
8360 2018-03-23 18:48:22.432 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
8360 2018-03-23 18:48:22.432 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
8360 2018-03-23 18:48:22.432 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
8360 2018-03-23 18:48:22.432 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
8360 2018-03-23 18:48:22.480 debug1: rekey after 134217728 blocks [preauth]
8360 2018-03-23 18:48:22.480 debug1: SSH2_MSG_NEWKEYS sent [preauth]
8360 2018-03-23 18:48:22.480 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
8360 2018-03-23 18:48:22.519 debug1: SSH2_MSG_NEWKEYS received [preauth]
8360 2018-03-23 18:48:22.519 debug1: rekey after 134217728 blocks [preauth]
8360 2018-03-23 18:48:22.519 debug1: KEX done [preauth]
8360 2018-03-23 18:48:22.613 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method none [preauth]
8360 2018-03-23 18:48:22.613 debug1: attempt 0 failures 0 [preauth]
8360 2018-03-23 18:48:22.613 reprocess config line 36: Deprecated option RSAAuthentication
8360 2018-03-23 18:48:22.666 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.666 debug1: attempt 1 failures 0 [preauth]
8360 2018-03-23 18:48:22.666 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:2pfzX7/MtZJ7U04xwc0/oj6tAvGAvV5k+nIZa/Fz2X8 [preauth]
8360 2018-03-23 18:48:22.667 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.667 Authentication refused.
8360 2018-03-23 18:48:22.672 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.672 debug1: attempt 2 failures 1 [preauth]
8360 2018-03-23 18:48:22.672 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:3NGk5gW2iwZwtTS+o+pq2g8duOyPgFdN/DYpiokDEf8 [preauth]
8360 2018-03-23 18:48:22.672 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.672 Authentication refused.
8360 2018-03-23 18:48:22.676 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.676 debug1: attempt 3 failures 2 [preauth]
8360 2018-03-23 18:48:22.676 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for ED25519 SHA256:CEeq6vQkmtPkhC+XnTxJALXwEgxxqiXo2AlQZNLN0Bw [preauth]
8360 2018-03-23 18:48:22.676 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.677 Authentication refused.
8360 2018-03-23 18:48:22.680 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.680 debug1: attempt 4 failures 3 [preauth]
8360 2018-03-23 18:48:22.681 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for ECDSA SHA256:fAyj/bqzXRCVy1yqur9yjGMAmtbpRI5X7e0Dc3gghII [preauth]
8360 2018-03-23 18:48:22.682 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.683 Authentication refused.
8360 2018-03-23 18:48:22.712 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.712 debug1: attempt 5 failures 4 [preauth]
8360 2018-03-23 18:48:22.712 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:haggROxR7R+khv49Sp4SNjySSlkXqUXF4O//Tt2q7F0 [preauth]
8360 2018-03-23 18:48:22.713 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.713 Authentication refused.
8360 2018-03-23 18:48:22.715 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
8360 2018-03-23 18:48:22.715 debug1: attempt 6 failures 5 [preauth]
8360 2018-03-23 18:48:22.715 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Kaa/bNgkrJaTycklnzv77Uah4o8jojRWaQSBkNA5soE [preauth]
8360 2018-03-23 18:48:22.716 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
8360 2018-03-23 18:48:22.716 Authentication refused.
8360 2018-03-23 18:48:22.716 error: maximum authentication attempts exceeded for testadmin@test2.lab from 192.168.2.41 port 60997 ssh2 [preauth]
8360 2018-03-23 18:48:22.716 Disconnecting authenticating user testadmin@test2.lab 192.168.2.41 port 60997: Too many authentication failures [preauth]
8360 2018-03-23 18:48:22.716 debug1: do_cleanup [preauth]
8360 2018-03-23 18:48:22.717 debug1: do_cleanup

Windows 2016 SSH Client -vvv Output:

PS C:\Users\testadmin> ssh -i "$HOME\.ssh\ToWin12WSA" -l testadmin@test2.lab win12ws.test2.lab -vvv
OpenSSH_7.5p1, LibreSSL 2.5.3
debug3: Failed to open file:C:\\Users\\testadmin/.ssh/config error:2
debug3: Failed to open file:./ssh_config error:2
debug2: resolving "win12ws.test2.lab" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to win12ws.test2.lab [192.168.2.145] port 22.
debug3: socket:384, socktype:1, io:000002BBAEADFB50, fd:3
debug1: Connection established.
debug1: identity file C:\\Users\\testadmin\\.ssh\\ToWin12WSA type 0
debug3: Failed to open file:C:\\Users\\testadmin\\.ssh\\ToWin12WSA-cert error:2
debug3: Failed to open file:C:\\Users\\testadmin\\.ssh\\ToWin12WSA-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\testadmin\\.ssh\\ToWin12WSA-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.6
debug1: match: OpenSSH_for_Windows_7.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to win12ws.test2.lab:22 as 'testadmin@test2.lab'
debug3: hostkeys_foreach: reading file "C:\\Users\\testadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\testadmin/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: Failed to open file:C:\\Users\\testadmin/.ssh/known_hosts2 error:2
debug3: Failed to open file:./ssh_known_hosts error:2
debug3: Failed to open file:./ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DLeuZlbOpTmtzxPzJM3LaoMLbN+kGWOTj5OGIgIvuqc
debug3: hostkeys_foreach: reading file "C:\\Users\\testadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\testadmin/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: Failed to open file:C:\\Users\\testadmin/.ssh/known_hosts2 error:2
debug3: Failed to open file:./ssh_known_hosts error:2
debug3: Failed to open file:./ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\\Users\\testadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\testadmin/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from 192.168.2.145
debug3: Failed to open file:C:\\Users\\testadmin/.ssh/known_hosts2 error:2
debug3: Failed to open file:./ssh_known_hosts error:2
debug3: Failed to open file:./ssh_known_hosts2 error:2
debug1: Host 'win12ws.test2.lab' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\testadmin/.ssh/known_hosts:4
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: socket:0, socktype:1, io:000002BBAEB2D2F0, fd:4
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key (000002BBAEAFB240), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key (000002BBAEAFB510), agent
debug1: Skipping ssh-dss key C:\\Program Files\\OpenSSH-Win64\\ssh_host_dsa_key - not in PubkeyAcceptedKeyTypes
debug1: Skipping ssh-dss key C:\\Program Files\\OpenSSH-Win64\\ssh_host_dsa_key - not in PubkeyAcceptedKeyTypes
debug1: Skipping ssh-dss key C:\\Program Files\\OpenSSH-Win64\\ssh_host_dsa_key - not in PubkeyAcceptedKeyTypes
debug2: key: testadmin@TEST2@Win16Chef (000002BBAEAFB100), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key (000002BBAEAFB290), agent
debug2: key: C:\\Users\\testadmin\\.ssh\\testadmin-to-Debian8Jessie (000002BBAEAFB2E0), agent
debug1: Skipping ssh-dss key C:\\Program Files\\OpenSSH-Win64\\ssh_host_dsa_key - not in PubkeyAcceptedKeyTypes
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key (000002BBAEAFB0B0), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key (000002BBAEAFB560), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key (000002BBAEAFB5B0), agent
debug1: Skipping ssh-dss key C:\\Program Files\\OpenSSH-Win64\\ssh_host_dsa_key - not in PubkeyAcceptedKeyTypes
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key (000002BBAEB623C0), agent
debug2: key: testadmin@TEST2@Win16Chef (000002BBAEB61510), agent
debug2: key: C:\\Users\\testadmin\\.ssh\\ToWin12WS (000002BBAEB62230), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key (000002BBAEB618D0), agent
debug2: key: testadmin@TEST2@Win16Chef (000002BBAEB61DD0), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key (000002BBAEB621E0), agent
debug2: key: testadmin@TEST2@Win16Chef (000002BBAEB620A0), agent
debug2: key: C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key (000002BBAEB62280), agent
debug2: key: testadmin@TEST2@Win16Chef (000002BBAEB61830), agent
debug2: key: C:\\Users\\testadmin\\.ssh\\testadmin-ssh-from-Win16Chef_priv_key_openssh_format (000002BBAEB61970), agent
debug2: key: C:\\Users\\testadmin\\.ssh\\ToWin12WSA (000002BBAEAFACF0), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:2pfzX7/MtZJ7U04xwc0/oj6tAvGAvV5k+nIZa/Fz2X8 C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: RSA SHA256:3NGk5gW2iwZwtTS+o+pq2g8duOyPgFdN/DYpiokDEf8 C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: ED25519 SHA256:CEeq6vQkmtPkhC+XnTxJALXwEgxxqiXo2AlQZNLN0Bw testadmin@TEST2@Win16Chef
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: ECDSA SHA256:fAyj/bqzXRCVy1yqur9yjGMAmtbpRI5X7e0Dc3gghII C:\\Program Files\\OpenSSH-Win64\\ssh_host_ecdsa_key
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: RSA SHA256:haggROxR7R+khv49Sp4SNjySSlkXqUXF4O//Tt2q7F0 C:\\Users\\testadmin\\.ssh\\testadmin-to-Debian8Jessie
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: RSA SHA256:Kaa/bNgkrJaTycklnzv77Uah4o8jojRWaQSBkNA5soE C:\\Program Files\\OpenSSH-Win64\\ssh_host_rsa_key
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 1
Received disconnect from 192.168.2.145 port 22:2: Too many authentication failures
Disconnected from 192.168.2.145 port 22

NOTE: I don't even get prompted for a password in this scenario (i.e. ssh from Windows 2016 SSH Client to Windows 2012 R2 SSHD Server). Again, the corresponding public key exists in the file C:\Users\testadmin\.ssh\authorized_keys on the Windows 2012 R2 SSHD host.

[bagajjal]

Try removing "NT Service/sshd". Starting from v1.0.0.0 we don't need this.

Please verify these,

1. sshd service runs as service.
2. all the binaries (*.exe) have "read, execute" permissions to "authenticated users".
3. Enable DEBUG3 sshd logs
   a) net stop sshd
   b) modify %programdata%\ssh\ssh_config (LOGLEVEL DEBUG3)
   c) net start sshd
4. Follow our troubleshooting steps
5. if nothing helps then share the sshd.log (with DEBUG3) enabled and ssh logs (ssh -vvv user@ip).

[pldmgg]

After removing "NT Service/sshd", got closer, but still no dice. Now it's complaining about a broken pipe and test2\testadmin being a bad user (i.e. NetUserGetInfo() failed with error: 1722 for user: testadmin and domain: test2)...

From CentOS7 Client to Windows 2102 R2 SSHD Server:

SSHD Log

(EDIT: Updated with DEBUG3)

8476 2018-03-23 19:18:44.692 debug2: fd 3 setting O_NONBLOCK
8476 2018-03-23 19:18:44.692 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
8476 2018-03-23 19:18:44.692 debug1: Bind to port 22 on ::.
8476 2018-03-23 19:18:44.692 Server listening on :: port 22.
8476 2018-03-23 19:18:44.692 debug2: fd 4 setting O_NONBLOCK
8476 2018-03-23 19:18:44.692 debug1: Bind to port 22 on 0.0.0.0.
8476 2018-03-23 19:18:44.692 Server listening on 0.0.0.0 port 22.
8476 2018-03-23 19:19:26.406 debug3: fd 5 is not O_NONBLOCK
8476 2018-03-23 19:19:26.406 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" "-R"
8476 2018-03-23 19:19:26.408 debug3: send_rexec_state: entering fd = 8 config len 263
8476 2018-03-23 19:19:26.408 debug3: ssh_msg_send: type 0
8476 2018-03-23 19:19:26.414 debug3: send_rexec_state: done
2456 2018-03-23 19:19:26.433 debug1: inetd sockets after dupping: 3, 3
2456 2018-03-23 19:19:26.434 Connection from 192.168.2.34 port 42210 on 192.168.2.145 port 22
2456 2018-03-23 19:19:26.434 debug1: Client protocol version 2.0; client software version OpenSSH_7.4
2456 2018-03-23 19:19:26.434 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
2456 2018-03-23 19:19:26.434 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
2456 2018-03-23 19:19:26.434 debug2: fd 3 setting O_NONBLOCK
2456 2018-03-23 19:19:26.467 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" "-y"
2456 2018-03-23 19:19:26.467 debug3: send_rexec_state: entering fd = 6 config len 263
2456 2018-03-23 19:19:26.467 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.467 debug3: send_rexec_state: done
2456 2018-03-23 19:19:26.467 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.467 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.467 debug3: preauth child monitor started
2456 2018-03-23 19:19:26.483 debug3: privsep user:group 1:0 [preauth]
2456 2018-03-23 19:19:26.483 debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
2456 2018-03-23 19:19:26.483 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
2456 2018-03-23 19:19:26.483 debug3: send packet: type 20 [preauth]
2456 2018-03-23 19:19:26.483 debug1: SSH2_MSG_KEXINIT sent [preauth]
2456 2018-03-23 19:19:26.483 debug3: receive packet: type 20 [preauth]
2456 2018-03-23 19:19:26.483 debug1: SSH2_MSG_KEXINIT received [preauth]
2456 2018-03-23 19:19:26.483 debug2: local server KEXINIT proposal [preauth]
2456 2018-03-23 19:19:26.483 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
2456 2018-03-23 19:19:26.483 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
2456 2018-03-23 19:19:26.483 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr [preauth]
2456 2018-03-23 19:19:26.483 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr [preauth]
2456 2018-03-23 19:19:26.483 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
2456 2018-03-23 19:19:26.483 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
2456 2018-03-23 19:19:26.483 debug2: compression ctos: none [preauth]
2456 2018-03-23 19:19:26.483 debug2: compression stoc: none [preauth]
2456 2018-03-23 19:19:26.483 debug2: languages ctos:  [preauth]
2456 2018-03-23 19:19:26.483 debug2: languages stoc:  [preauth]
2456 2018-03-23 19:19:26.483 debug2: first_kex_follows 0  [preauth]
2456 2018-03-23 19:19:26.483 debug2: reserved 0  [preauth]
2456 2018-03-23 19:19:26.483 debug2: peer client KEXINIT proposal [preauth]
2456 2018-03-23 19:19:26.483 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c [preauth]
2456 2018-03-23 19:19:26.483 debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss [preauth]
2456 2018-03-23 19:19:26.483 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
2456 2018-03-23 19:19:26.483 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
2456 2018-03-23 19:19:26.483 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
2456 2018-03-23 19:19:26.484 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
2456 2018-03-23 19:19:26.484 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
2456 2018-03-23 19:19:26.484 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
2456 2018-03-23 19:19:26.484 debug2: languages ctos:  [preauth]
2456 2018-03-23 19:19:26.484 debug2: languages stoc:  [preauth]
2456 2018-03-23 19:19:26.484 debug2: first_kex_follows 0  [preauth]
2456 2018-03-23 19:19:26.484 debug2: reserved 0  [preauth]
2456 2018-03-23 19:19:26.484 debug1: kex: algorithm: curve25519-sha256 [preauth]
2456 2018-03-23 19:19:26.484 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
2456 2018-03-23 19:19:26.484 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
2456 2018-03-23 19:19:26.484 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
2456 2018-03-23 19:19:26.484 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
2456 2018-03-23 19:19:26.489 debug3: receive packet: type 30 [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_key_sign entering [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_request_send entering: type 6 [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_request_receive_expect entering: type 7 [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_request_receive entering [preauth]
2456 2018-03-23 19:19:26.498 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.498 debug3: monitor_read: checking request 6
2456 2018-03-23 19:19:26.498 debug3: mm_answer_sign
2456 2018-03-23 19:19:26.498 debug3: mm_answer_sign: hostkey proof signature 0000008A33DA3F50(100)
2456 2018-03-23 19:19:26.498 debug3: mm_request_send entering: type 7
2456 2018-03-23 19:19:26.498 debug2: monitor_read: 6 used once, disabling now
2456 2018-03-23 19:19:26.498 debug3: send packet: type 31 [preauth]
2456 2018-03-23 19:19:26.498 debug3: send packet: type 21 [preauth]
2456 2018-03-23 19:19:26.498 debug2: set_newkeys: mode 1 [preauth]
2456 2018-03-23 19:19:26.498 debug1: rekey after 134217728 blocks [preauth]
2456 2018-03-23 19:19:26.498 debug1: SSH2_MSG_NEWKEYS sent [preauth]
2456 2018-03-23 19:19:26.498 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
2456 2018-03-23 19:19:26.498 debug3: send packet: type 7 [preauth]
2456 2018-03-23 19:19:26.506 debug3: receive packet: type 21 [preauth]
2456 2018-03-23 19:19:26.506 debug1: SSH2_MSG_NEWKEYS received [preauth]
2456 2018-03-23 19:19:26.506 debug2: set_newkeys: mode 0 [preauth]
2456 2018-03-23 19:19:26.506 debug1: rekey after 134217728 blocks [preauth]
2456 2018-03-23 19:19:26.506 debug1: KEX done [preauth]
2456 2018-03-23 19:19:26.565 debug3: receive packet: type 5 [preauth]
2456 2018-03-23 19:19:26.565 debug3: send packet: type 6 [preauth]
2456 2018-03-23 19:19:26.566 debug3: receive packet: type 50 [preauth]
2456 2018-03-23 19:19:26.566 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method none [preauth]
2456 2018-03-23 19:19:26.566 debug1: attempt 0 failures 0 [preauth]
2456 2018-03-23 19:19:26.566 debug3: mm_getpwnamallow entering [preauth]
2456 2018-03-23 19:19:26.566 debug3: mm_request_send entering: type 8 [preauth]
2456 2018-03-23 19:19:26.566 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.566 debug3: monitor_read: checking request 8
2456 2018-03-23 19:19:26.566 debug3: mm_answer_pwnamallow
2456 2018-03-23 19:19:26.566 debug2: parse_server_config: config reprocess config len 263
2456 2018-03-23 19:19:26.640 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
2456 2018-03-23 19:19:26.640 debug3: mm_request_send entering: type 9
2456 2018-03-23 19:19:26.640 debug2: monitor_read: 8 used once, disabling now
2456 2018-03-23 19:19:26.640 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
2456 2018-03-23 19:19:26.640 debug3: mm_request_receive_expect entering: type 9 [preauth]
2456 2018-03-23 19:19:26.640 debug3: mm_request_receive entering [preauth]
2456 2018-03-23 19:19:26.640 debug2: input_userauth_request: setting up authctxt for testadmin@test2.lab [preauth]
2456 2018-03-23 19:19:26.640 debug3: mm_inform_authserv entering [preauth]
2456 2018-03-23 19:19:26.640 debug3: mm_request_send entering: type 4 [preauth]
2456 2018-03-23 19:19:26.640 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.640 debug3: monitor_read: checking request 4
2456 2018-03-23 19:19:26.640 debug3: mm_answer_authserv: service=ssh-connection, style=
2456 2018-03-23 19:19:26.640 debug2: monitor_read: 4 used once, disabling now
2456 2018-03-23 19:19:26.640 debug2: input_userauth_request: try method none [preauth]
2456 2018-03-23 19:19:26.640 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
2456 2018-03-23 19:19:26.640 debug3: send packet: type 51 [preauth]
2456 2018-03-23 19:19:26.645 debug3: receive packet: type 50 [preauth]
2456 2018-03-23 19:19:26.645 debug1: userauth-request for user testadmin@test2.lab service ssh-connection method publickey [preauth]
2456 2018-03-23 19:19:26.645 debug1: attempt 1 failures 0 [preauth]
2456 2018-03-23 19:19:26.645 debug2: input_userauth_request: try method publickey [preauth]
2456 2018-03-23 19:19:26.645 debug3: userauth_pubkey: have signature for RSA SHA256:XD8GhEBcMtgA7zxwzfJFvzXNKERxXkphKAerTOgFenU [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_key_allowed entering [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_send entering: type 22 [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.645 debug3: monitor_read: checking request 22
2456 2018-03-23 19:19:26.645 debug3: mm_answer_keyallowed entering
2456 2018-03-23 19:19:26.645 debug3: mm_answer_keyallowed: key_from_blob: 0000008A33DA5510
2456 2018-03-23 19:19:26.645 debug1: trying public key file C:\\Users\\testadmin\\.ssh/authorized_keys
2456 2018-03-23 19:19:26.645 debug1: matching key found: file C:\\Users\\testadmin\\.ssh/authorized_keys, line 1 RSA SHA256:XD8GhEBcMtgA7zxwzfJFvzXNKERxXkphKAerTOgFenU
2456 2018-03-23 19:19:26.645 debug3: mm_answer_keyallowed: key is allowed
2456 2018-03-23 19:19:26.645 debug3: mm_request_send entering: type 23
2456 2018-03-23 19:19:26.645 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_receive_expect entering: type 23 [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_receive entering [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_sshkey_verify entering [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_send entering: type 24 [preauth]
2456 2018-03-23 19:19:26.645 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.645 debug3: monitor_read: checking request 24
2456 2018-03-23 19:19:26.646 debug3: mm_answer_keyverify: publickey 0000008A33DA5970 signature verified
2456 2018-03-23 19:19:26.646 debug3: mm_request_send entering: type 25
2456 2018-03-23 19:19:26.646 debug1: monitor_child_preauth: testadmin@test2.lab has been authenticated by privileged process
2456 2018-03-23 19:19:26.646 debug3: mm_get_keystate: Waiting for new keys
2456 2018-03-23 19:19:26.646 debug3: mm_request_receive_expect entering: type 26
2456 2018-03-23 19:19:26.646 debug3: mm_request_receive entering
2456 2018-03-23 19:19:26.646 debug3: mm_get_keystate: GOT new keys
2456 2018-03-23 19:19:26.646 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
2456 2018-03-23 19:19:26.646 debug3: mm_request_receive_expect entering: type 25 [preauth]
2456 2018-03-23 19:19:26.646 debug3: mm_request_receive entering [preauth]
2456 2018-03-23 19:19:26.646 debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512 [preauth]
2456 2018-03-23 19:19:26.646 debug3: send packet: type 52 [preauth]
2456 2018-03-23 19:19:26.646 debug3: mm_request_send entering: type 26 [preauth]
2456 2018-03-23 19:19:26.646 debug3: mm_send_keystate: Finished sending state [preauth]
2456 2018-03-23 19:19:26.647 debug1: monitor_read_log: child log fd closed
2456 2018-03-23 19:19:26.715 debug3: LsaLogonUser succeeded
2456 2018-03-23 19:19:26.718 debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" "-z"
2456 2018-03-23 19:19:26.719 debug3: send_rexec_state: entering fd = 5 config len 263
2456 2018-03-23 19:19:26.719 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.724 debug3: send_rexec_state: done
2456 2018-03-23 19:19:26.724 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.724 debug3: ssh_msg_send: type 0
2456 2018-03-23 19:19:26.724 debug3: ssh_msg_send: type 0
8928 2018-03-23 19:19:26.737 debug3: ssh_msg_recv entering
8928 2018-03-23 19:19:26.737 debug2: fd 4 setting O_NONBLOCK
8928 2018-03-23 19:19:26.737 debug2: parse_server_config: config reprocess config len 263
8928 2018-03-23 19:19:28.993 debug3: NetUserGetInfo() failed with error: 1722 for user: testadmin and domain: test2 \n
8928 2018-03-23 19:19:29.015 debug3: NetUserGetInfo() with domainController: \\\\MAVERICK2 failed with error: 5 \n
8928 2018-03-23 19:19:29.015 Invalid user testadmin@test2 from 192.168.2.34 port 42210
2456 2018-03-23 19:19:29.044 debug3: mm_request_receive entering
2456 2018-03-23 19:19:29.044 debug1: do_cleanup

SSH Client -vvv Output:

[pdadmin@CentOS7-WS .ssh]$ ssh -i ToWin12WSA -l testadmin@test2.lab win12ws.test2.lab -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "win12ws.test2.lab" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to win12ws.test2.lab [192.168.2.145] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ToWin12WSA type -1
debug1: key_load_public: No such file or directory
debug1: identity file ToWin12WSA-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.6
debug1: match: OpenSSH_for_Windows_7.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to win12ws.test2.lab:22 as 'testadmin@test2.lab'
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DLeuZlbOpTmtzxPzJM3LaoMLbN+kGWOTj5OGIgIvuqc
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from win12ws.test2.lab
debug3: hostkeys_foreach: reading file "/home/pdadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pdadmin/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 192.168.2.145
debug1: Host 'win12ws.test2.lab' is known and matches the ECDSA host key.
debug1: Found key in /home/pdadmin/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ToWin12WSA ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ToWin12WSA
debug3: sign_and_send_pubkey: RSA SHA256:XD8GhEBcMtgA7zxwzfJFvzXNKERxXkphKAerTOgFenU
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to win12ws.test2.lab ([192.168.2.145]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
packet_write_wait: Connection to 192.168.2.145 port 22: Broken pipe

EDIT 2:
Not sure why it's complaining about testadmin being a bad user...I just logged into Maverick2 DC with it and it works fine...

[bagajjal]

Looks like you are running into a known bug #1098.
It will be fixed for next release.

we suggest to use v1.0.0.0.

[pldmgg]

Okay, thanks for your help!