Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

Le serveur SSH OpenSSH ne démarre pas sur Windows Server 2019 après les mises à jour Windows

ayi

J'ai two Windows Server 2019 hosts that cannot démarrez le OpenSSH SSSH Server service après le suivant Windows updates were installed:

.NET Framework 4.8

October 2024 Cumulative Update

Malicious Software Removal Tool

The Date Modified changed to dernier night on tous files in C:\Windows\System32\OpenSSH:

OpenSSH Directory

Attempting to démarrez le service results in:

"Windows could pas démarrez le OpenSSH SSH Service on Local Computer. Error 1067: The process terminated unexpectedly"

Il y a nothing in le SSH log file quand attempting to start. The Event Log gives pas helpful details that I can find autre than saying "The OpenSSH SSH Server service terminated unexpectedly. It has done this 8 time(s)."

ayi

The permissions on le LOG directory was wrong.
I removed le LOG folder, restarted le service et everything started working again. The LOG folder was automatically re-created.

But.. si you enter le logfile (as admin user), et après accepting "you need admin permissions to access this folder", votre username end up in le list op users avec read permissions.
after that, le deamon ne va pas start again.
removing le user depuis le security list of le LOG folder solves this, et le service starts again. 🙁

From Microsoft December 2024 monthly update, known issues section:

https://support.microsoft.com/kb/5048661

Following le installation of le October 2024 security update, certains customers report that le OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails avec no detailed logging, et manual intervention is requis to exécutez le sshd.exe process.

Workaround:

Customers can temporarily resolve le issue by updating permissions (ACLs) on le affected directories. Follow these steps:

Open PowerShell as an Administrator.

Mettez à jour le permissions for C:\ProgramData\ssh et C:\ProgramData\ssh\logs to allow full control for SYSTEM et le Administrators group, tandis que allowing read access for Authenticated Users. Vous pouvez restrict read access to spécifique users ou groups by modifying le permissions string si needed.

Use le suivant commands to mettez à jour le permissions:
`$directoryPath = "C:\ProgramData\ssh"
$acl = Get-Acl -Path $directoryPath
$sddlString = "O:BAD😛AI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)"
$securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All"))
Set-Acl -Path $directoryPath -AclObject $acl


- Repeat le ci-dessus steps for C:\ProgramData\ssh\logs.

The issue was resolved in le [KB5053596](https://support.microsoft.com/KB/5053596) March 2025 Windows cumulative monthly update.

Background:

Win32 OpenSSH Issue #2282 Opened October 8, 2024, indicating le issue began avec version 9.4:

**v9.4.0.0p1 et later enforce permissions on le logs folder, leading to undiagnosable crashes of le service après Windows Update #2282**

[https://github.com/PowerShell/Win32-OpenSSH/issues/2282](https://github.com/PowerShell/Win32-OpenSSH/issues/2282)

Linked to this pull request:

**add check for prog data folder permissions pendant sshd service startup #686**

[https://github.com/PowerShell/openssh-portable/pull/686](https://github.com/PowerShell/openssh-portable/pull/686)