CODEWITHSUNDEEP
windowssshopensshsshd
user6209804
user6209804

Reputation:

Error 1067- on start OpenSSH by net start opensshd in windows cmd

I try to start opensshd app by following command line: net start opensshd but i encounter below message after press enter in CMD:

 The OpenSSH Server service is starting.

The OpenSSH Server service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.

i install openssh. please Help Me!

Upvotes: 34

Views: 80580

Answers (15)

Tanner Haydock
Tanner Haydock

Reputation: 1

Had the same issue, I went to the ProgramData > ssh. In there I clicked on the logs folder, and changed the permission settings to only allow system to write to this folder. Now its up and running for me after that simple fix. Thanks to whoever figured that out.

1.) Go to ProgramData\ssh folder

2.) Open 'logs' Properties > Security

3.) Click advanced, and make sure only SYSTEM is allowed to write

Upvotes: 0

Mark Berry
Mark Berry

Reputation: 19062

I encountered this on Server 2022. With help from Gene Barnes' answer and Gustavo's comment there, to fix this:

  1. Right-click on the C:\ProgramData\ssh\logs folder and select Properties.
  2. Click on the Security tab, Advanced button and remove all users except SYSTEM and Administrators. Alternatively, downgrade other users to read-only.

The OpenSSH service should start now.

What happened (how to break it again)

If you're logged in as an administrator and double-click on the "logs" folder, you'll be offered the option to "Click Continue to permanently get access to this folder": SSH logs permissions

If you click Continue, the user you are logged in as is granted Full Control permissions on the logs folder. Apparently the October 2024 update makes a change that will refuse to start the OpenSSH service if any "extra" users have write permissions to the logs folder. However as @Kivioja Antti's answer on ServerFault reports, downgrading the extra user to read-only (Read & execute, List folder contents, Read) also fixes the problem--and lets that user continue to view the contents of the logs folder.

Upvotes: 5

Braxton
Braxton

Reputation: 1

For me, it's a config issue in the sshd_config file. I had ChrootDirectory "E:\" but when running sshd.exe in PowerShell, i got an invalid quote message for this line number. It does not like the ending slash. I had to change "E:\" to "E:"

Upvotes: -2

Gene Barnes
Gene Barnes

Reputation: 771

Windows update from October 2024 changed the permissions of the C:\ProgramData\ssh\logs folder, it added a domain user.

Removing all but SYSTEM and the Administrators group did the trick (was able to restart SSH Server service).

Upvotes: 67

Sky Walker
Sky Walker

Reputation: 1

For me it is a syntax error in config file, with the latest windows openssh you can't specify a folder like "f:\share\", you need to remove the trailing slash like "f:\share" for it to work. If you run sshd from a console you can see the error: invalid quotes.

Upvotes: 0

User
User

Reputation: 1

For anyone who tried .\FixHostFilePermissions.ps1 but still having this problem, you should try the most rated answer for files like sshd_config and ssh_host_*_key by hand. The script isn't perfect!
If you are lazy, simply replace files:

  • Backup ssh folder, then delete it.
  • Re-install sshd service with uninstall-sshd.ps1 and install-sshd.ps1.
  • Start service, replace new files with your backup.

Upvotes: 0

Rohit Kumar Sharma
Rohit Kumar Sharma

Reputation: 1

I received the same error as user @vaughan has received.

__PROGRAMDATA__\ssh/sshd_config: Permission denied

I fixed the issue by executing the following file which is delivered by OpenSSH tool itself under Powershell ISE (don't forget to Run as Administrator)

C:\Program Files\OpenSSH> .\install-sshd.ps1

  [*] C:\Program Files\OpenSSH\moduli
      looks good
 
  [*] C:\ProgramData\ssh
'Everyone' has no more access to 'C:\ProgramData\ssh'.
      Repaired permissions
 
  [*] C:\ProgramData\ssh\logs
'<domain>\<username>' has no more access to 'C:\ProgramData\ssh\logs'.
      Repaired permissions
 
  [*] C:\ProgramData\ssh\adminstrators_authorized_keys
      looks good
 
  [*] C:\ProgramData\ssh\sshd.pid
      looks good
 
  [*] C:\ProgramData\ssh\sshd_config
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_ecdsa_key.pub
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_ed25519_key.pub
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_rsa_key.pub
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_ecdsa_key
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_ed25519_key
      looks good
 
  [*] C:\ProgramData\ssh\ssh_host_rsa_key
      looks good
 
[SC] SetServiceObjectSecurity SUCCESS
[SC] ChangeServiceConfig2 SUCCESS
[SC] ChangeServiceConfig2 SUCCESS
sshd and ssh-agent services successfully installed

After this step you just need to run the Open SSH service under Services manually. And it works.

Upvotes: 0

Adrian
Adrian

Reputation: 235

I too had this problem - sshd would start fine from an Administrator console, but would fail with this error when started as a service.

The problem is permissions. But the bigger problem is that windows does not show you the actual error message from sshd. So, to understand where the problem is, you need to start a shell as the Local System Account, as described here: How do you run CMD.exe under the Local System Account?

In a local system account shell, try to run sshd and it will show you the actual error. In my case it said that the permissions for the host keys was too permissive, although only Administrators and System Account had access. Running the FixHostFilePermission.ps1 script fixed it for me.

Upvotes: 1

vaughan
vaughan

Reputation: 7475

For me it was a permission issue.

Open a PowerShell in non-administrator mode. Run sshd.exe.

I finally see the proper error:

__PROGRAMDATA__\ssh/sshd_config: Permission denied

If you go into services.msc you can locate OpenSSH SSH Server and it has a place to specify which user to run it with.

Or you can fix the permissions of the sshd_config file.

Or maybe you have another issue.

The .\FixHostFilePermissions.ps1 and .\FixUserFilePermissions.ps1 didn't work for me.

Upvotes: 1

Monday Fatigue
Monday Fatigue

Reputation: 331

  1. Uninstall old versions of OpenSSH Client & Server from Optional Features.
  2. Remove %ProgramData%\ssh directory and its contents.
  3. Install latest beta version of OpenSSH as explained here: https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
    • Using winget is the easiest way.
    • Run winget uninstall "openssh beta" to remove older version
    • winget install "openssh beta" to install latest version.
  4. In an administrative command prompt, Navigate to %ProgramFiles%\OpenSSH and run both FixHostFilePermissions.ps1 and FixUserFilePermissions.ps1. Answer all to Y(Yes) or A(All).
  5. Try to start the OpenSSH service.

Upvotes: 5

ItsIgnacioPortal
ItsIgnacioPortal

Reputation: 55

For me the solution was to download and install an MSI from this github repo

Upvotes: 0

javidasd
javidasd

Reputation: 1372

just write this command in PowerShell

cd 'C:\Program Files\OpenSSH-Win64'
.\FixHostFilePermissions.ps1

then press enter .

Upvotes: 10

Raymond Chiu
Raymond Chiu

Reputation: 1064

I got the similar problem that i cannot startup the "OpenSSH SSH Serve" service after following the instructions in https://hostadvice.com/how-to/how-to-install-an-openssh-server-client-on-a-windows-2016-server/

I later on found out that this is the security problem in the C:\ProgramData\ssh\ssh_host*key files. All the key files in this folder should ONLY be owned by following 2 system users:

  1. BUILTIN\Administrators
  2. NT AUTHORITY\SYSTEM

In the Powershell under the C:\ProgramData\ssh folder, issue following command can list out the owners of the file ssh_host_dsa_key:

 PS C:\ProgramData\ssh> icacls .\ssh_host_dsa_key
 .\ssh_host_dsa_key BUILTIN\Administrators:(F)
                    NT AUTHORITY\SYSTEM:(F)
                    xxdomain\otheruser:(M)

 Successfully processed 1 files; Failed processing 0 files

Obviously we need to remove the user "xxdomain\otheruser" from the owner list

Resolution

Updated on Nov 25, 2019: Found out that the OpenSSH-Win64.zip file already contained a powershell script: FixHostFilePermissions.ps1

What you need to do is to run following inside the powershell:

cd 'C:\Program Files\OpenSSH-Win64'
.\FixHostFilePermissions.ps1

And press 'Enter' for each question to update the permission.

Upvotes: 43

garryp
garryp

Reputation: 5776

I got this error, and it turned out in my case to be an error I'd made editing sshd_config, so be sure to check this. Spent ages trying to diagnose this.

Hope that saves someone some pain.

Upvotes: 3

krusty
krusty

Reputation: 103

I got the same error by installing OpenSSH on Windows 7...

Open "services.msc" and try to start the service from there.

If it still doesn't work then you can try to follow the steps in this tutorial: http://www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/

One important thing: Try to download an older version of OpenSSH
Download Link: http://www.mls-software.com/opensshd.html#botpage
(I recommend you the version "setupssh-7.3p1-2")

Hope it works
Cheers

Upvotes: 0

Related Questions