Setting up OpenSSH Server on Windows Server 2012 R2

I wasn’t lucky enough this week.

I have OpenSSH installed on my Windows Server 2012 R2 using Desired State Configuration and Chocolatey (more about that) with the following configuration:

Configuration SSHServerFeature
{
    param (
        [String]$NodeName
    )
    
    Import-DscResource -Module cChoco

    Node $NodeName
    {
        cChocoInstaller installChoco
        {
            InstallDir = "c:\choco"
        }
        cChocoPackageInstaller installOpenSSH
        {
            Name                 = 'openssh'
            Ensure               = 'Present'
            DependsOn            = "[cChocoInstaller]installChoco"
            AutoUpgrade          = $True
        }
    }
}

Pretty simple, isn’t it? Too much .. after I had it installed, SSH service wasn’t there.

I dug deeper into DSC resource and added the property to installOpenSSH:

Params               = '"/SSHServerFeature /KeyBasedAuthenticationFeature"'

But, no luck. And I installed service up with C:\Program Files\OpenSSH-Win64\install-sshd.ps1.

Now OpenSSH Server’s service wasn’t starting. It was complaining so unclear that I had to research how to debug sshd on Windows.

The article that helped me very much is — Troubleshooting Steps in GitHub repo for Win32-OpenSSH. But a frustrating surprise was Win32-OpenSSH bug #1304 that lead to the inability of just performing troubleshooting steps, because sshd -d under user account is failing to fork unprivileged child. Oh, gosh…

So, the ultimate way to make OpenSSH Server working after manual crumpling stuff was:

  1. Install PsExec by Mark Russinovich.
  2. Delete keys from C:\ProgramData\ssh to avoid any possible issues with ACLs I have changed. Of course, if you already have clients to your server, don’t do this, instead read that article.
  3. Run: C:\pstools\PsExec64.exe -s ssh-keygen -A
  4. Run: C:\pstools\PsExec64.exe -s sshd.exe -d

After client logoff from SSH, sshd started with -d exits and writes to a console something like:

Received disconnect from 10.20.21.28 port 38572:11: disconnected by user
Disconnected from 10.20.21.28 port 38572
debug1: do_cleanup
debug1: do_cleanup
sshd.exe exited on CRM1 with error code 255.

It’s ok. When it’s started as a service, it works fine.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: