"OpenSSH for Windows" version
8.0.0.0
Server OperatingSystem
Windows 10 Pro
Client OperatingSystem
Windows 10 Pro
What is failing
Login fails to create tokens, causes the server to crash immediately.
Expected output
To be able to log in to a normal ssh session, and execute commands
Actual output
User mode:
debug1: monitor_child_preauth: craftxbox has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: Not running as SYSTEM: skipping loading user profile
CreateProcessAsUserW failed error:1314
fork of unprivileged child failed
debug1: do_cleanup
(exit)
psexec SYSTEM:
get_user_token - unable to generate sshd virtual token, ensure sshd service has TCB privileges
unable to get security token for user sshd
privsep_preauth, fork of unprivileged child failed
debug1: do_cleanup
(exit)
Audit log:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: LUKE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: sshd_25888
Account Domain: VIRTUAL USERS
Failure Information:
Failure Reason: User not allowed to logon at this computer.
Status: 0xC000006E
Sub Status: 0xC0000070
Process Information:
Caller Process ID: 0x6520
Caller Process Name: C:\PROGRA~1\OpenSSH\OpenSSH-Win64\sshd.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Normally 0xC0000070 would be indicative that something in secpol is blocking the connection, however both NT SERVICE\sshd and SYSTEM are present in all relevant Allow policies
"OpenSSH for Windows" version
8.0.0.0Server OperatingSystem
Windows 10 ProClient OperatingSystem
Windows 10 ProWhat is failing
Login fails to create tokens, causes the server to crash immediately.
Expected output
To be able to log in to a normal ssh session, and execute commands
Actual output
User mode:
psexec SYSTEM:
Audit log:
Normally 0xC0000070 would be indicative that something in secpol is blocking the connection, however both
NT SERVICE\sshdandSYSTEMare present in all relevantAllowpolicies