I have installed OpenSSH on two of my Windows servers, using Chocolatey. I use it for automating deployments from my Linux boxes. I would also like to be able to SSH into PowerShell on these machines rather than command prompt. It works fine for one of them, but refuses to work for the other. They have the exact same configuration as far as I can tell.
C:\ProgramData\ssh\sshd_config is the same for both servers:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# GSSAPI options
#GSSAPIAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
C:\Users\Nacht.ssh\authorized_keys is the same:
command="C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jD0xfG/ZG1syjec5VWou4Sc/eDmtqPAZTy7OUbUSLxd0dCcbo5tQmzxeteSMEDMRR51Uqf9H+LuBVdf+l0CRQLMnsp1sZp5abOJoQJPvEcBHuAJZYknXc3TxvmULsSBRNKJu9yu9MIHde2PB9yrTONxwYTCqDjRibZyAUPJbv6S8SDMrf9/4E3eeOo4efOFM5Vp+bGs5BcHqSK5lDnWhoB3acqjo0zOUZk+mVTxjoCUCMBvh3I6V7tqK8+OMmM8XH0ELsCiM47wFcGS3/usj4K0OaMiylBmai0A4HM3vuXZzHoJvpB4b+N+O5lki8kwFPf8lwpgjukR/NC8wxcwR nacht@savage
I am testing from a linux box. When I ssh to the first server, I get a PowerShell prompt as expected. When I ssh to the second server, I get cmd prompt. I cannot find any errors anywhere, the Event Logs show the same content for both servers under the "OpenSSH/Operational" category, but the second server is missing all the logs under the "Windows PowerShell" category from starting up PowerShell.
On the Windows servers, this is what I ran to get OpenSSH installed:
choco install openssh -y
. "C:\Program Files\OpenSSH-Win64\install-sshd.ps1"
start-service sshd
New-NetFirewallRule -DisplayName "SSH" -Direction Inbound -Protocol TCP -LocalPort 22 -Action Allow
chocolatey reports that the same version of openssh is installed on both: openssh 8.0.0.1 [Approved]
What could possibly be different between these two servers that could cause the command option to work for one and not the other?
