Score:2

Server

Unable to SSH into Windows Domain server using Domain User

Thorsten Niehues

10/24/22, 8:38 AM

On our Windows Server 2019 is Open SSH Installed
Versions used/tested:

OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
OpenSSH_for_Windows_8.1p1, LibreSSL 2.9.2

Logon to the Server with a local account (the account exists on the server) works well:
ssh user@host

Logon to the Server with a domain account (the account exists on the domain) is not possible:
ssh domain\\user@host
or
ssh user@domain@host

Message on the client is:
Connection reset by 10.70.108.76 port 22

Anybody an idea how to fix or at least debug this issue ???

I read guides about installing OpenSSH-Server :
e.g. Install OpenSSH | Microsoft Docs

On the Server I noticed these Logs
Server -> Event-Viewer -> Windows Logs -> Security :
Audit Failure
Failure Reason: Unknown user name or bad password

Server -> Event-Viewer -> Applications and Services logs > OpenSSH > Admin

sshd: fatal: ga_init, unable to resolve user domain\\user
sshd: error: get_user_token - unable to generate token on 2nd attempt for user domain\\user

Verbose output -vvv prints this message before disconnecting :

debug3: recv - from CB ERROR:10054, io:0000026B5723BCD0
Connection reset by 192.168.0.1 port 22

3376

3 + 0

windows

ssh

Score:1

Server

Thorsten Niehues

10/29/22, 6:56 AM

The problem was caused by missing AD (Active Directory) Groups / AD Privileges

After granting the Computer to read all properties of the user which wants to connect via SSH :
Open ActiveDirectory > User > Properties > Add > (OpenSSH)Server > Read (is already checked after adding)

it works!

Also there is another thread describing something very similar : Domain user authentication fails with Connection Reset by Peer

0 + 0

Score:1

Server

SamErde

10/25/22, 12:24 AM

Try:

ssh -l [email protected] hostname

0 + 0

Score:0

Server

Manu

10/24/22, 12:44 PM

I believe you have to enter the username like this:

ssh user:domain@host

Bare in mind: case sensitive!

0 + 1

Thorsten Niehues

10/29/22, 10:49 AM

For the user i am able to log-in the case does NOT matter

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Unable to SSH into Windows Domain server using Domain User

TH: ไม่สามารถ SSH เข้าสู่เซิร์ฟเวอร์โดเมน Windows โดยใช้ผู้ใช้โดเมน

RO: Imposibil de SSH pe serverul de domeniu Windows folosind Domain User

RU: Невозможно подключиться по SSH к серверу домена Windows с помощью пользователя домена

VI: Không thể SSH vào máy chủ Miền Windows bằng Người dùng miền

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.