Unable to authenticate when sshd_config is using Match Group administrators in a domain configuration

[robertstrom]

Prerequisites

• [X] Write a descriptive title.
• [X] Make sure you are able to repro it on the latest version
• [X] Search the existing issues.

Steps to reproduce

I am testing the latest version of Windows OpenSSH, v9.5.0.0p1 on Windows Server 2022. I have done the following:

• Ensured that the "built-in" version of OpenSSH has been uninstalled
• Installed OpenSSH v9.5.0.0p1- OpenSSH-Win64-v9.5.0.0.msi. No special install method, just clicking on the MSI package
• Configured the ProgramData AuthorizedKeysFile PROGRAMDATA/ssh/administrators_authorized_keys file with ed25519 public keys from both Windows and Linux systems. The keys were copied and pasted into the file
• Run this command to ensure that the permissions on the file are correct

 icacls.exe $env:ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant Administrators:F /grant SYSTEM:F

• I have also run this script that is located in the C:\Program Files\OpenSSH directory - FixHostFilePermissions.ps1
• I have also run the script FixUserFilePermissions.ps1 to ensure that the users permissions for the SSH files are correct
• When I attempt to connect to a Windows Server 2022 system running OpenSSH v9.5.0.0p1 in a Domain joined configuration with the sshd_config file set to use the Match Group administrators I get prompted for a password (not the SSH key password)
• The user trying to authenticate is an administrator (configured to be a Domain Administrator) so they should be able to authenticate via key based authentication, but they are not
• As soon as I comment out these lines in the sshd_config file and restart the sshd service I am able to authenticate the user using SSH keys (the SSH keys are populated to the users .ssh/authorized_keys file)

# Match Group administrators
#        AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

• Successful authentication from a Windows system when the Match Group administrators are commented out

• Successful authentication from a Linux system when the Match Group administrators are commented out

• Now uncomment the lines and restart the sshd service

• Unsuccessful authentication from a Windows system when the Match Group administrators are NOT commented out. Asking for the local password (not the SSH key password)

• Unsuccessful authentication from a Linux system when the Match Group administrators are NOT commented out. Asking for the local password (not the SSH key password)

• I have also tested this on a Windows Server 2022 that is NOT domain joined and I can log in using SSH keys when the Match Group administrators lines are NOT commented out

• For the domain joined system I have tried the following domain name / user name schemes. All DO work when the Match Group administrators lines are commented out and all DO NOT work when the Match Group administrators lines are NOT commented out

• 2022testing\rstrom@server2022.2022testing.local

• 2022testing\rstrom@server2022

• rstrom@2022testing.local@server2022

• rstrom@server2022

Expected behavior

SSH key based authentication works for both domain joined and non-domain joined systems when using the **Match Group administrators** SSH configuration

Actual behavior

SSH key based authentication is only working as expected for a non-domain joined when using the **Match Group administrators** SSH configuration

Error details

No response

Environment data

PS C:\Users\rstrom> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.2
PSEdition                      Core
GitCommitId                    7.4.2
OS                             Microsoft Windows 10.0.20348
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

PS C:\Users\rstrom>

Version

OpenSSH v9.5.0.0p1

Visuals

No response

[robertstrom]

I also tried after making PowerShell v7 the default shell for SSH connection and also trying to use PowerShell SSH Remoting. I get the same results as described in my post above. The first connection attempt (unsuccessful / asking for USER password) shown in the screenshot is when using the Match Group administrators SSH configuration. The second connection attempt (successful / only asking for the SSH key passphrase) in the screenshot is when the Match Group administrators SSH configuration is commented out.

[tgauth]

Can you provide the logs from the SSH server when the public key login is not accepted? https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps has info on collecting the SSH server logs.

[robertstrom]

Can you provide the logs from the SSH server when the public key login is not accepted? https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps has info on collecting the SSH server logs.

I will work on this and past as soon as I am able (hope to get this by the end of this week).

Thanks!

[robertstrom]

I stopped the SSH service and I enabled SSH DEBUG logging in the sshd_config file. The entries in the sshd_config file look like this:

# Logging
## SyslogFacility AUTH
## LogLevel INFO
SyslogFacility LOCAL0
LogLevel DEBUG

I restarted the SSH service with a blank administrators_authorized_keys file and then ran these commands (as per the documentation in Key-based authentication in OpenSSH for Windows):

$authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_ed25519.pub

$remotePowershell = "powershell Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value '''$authorizedKey''';icacls.exe ""$env:ProgramData\ssh\administrators_authorized_keys"" /inheritance:r /grant ""Administrators:F"" /grant ""SYSTEM:F"""

ssh rstrom@dc1 $remotePowershell

I was prompted for my password (expected) which then copied over the public key into the administrators_authorized_keys file (expected). I validated that the public key was copied over. Then I attempted to SSH to the machine (the machine is a Domain Controller) using the command:

ssh rstrom@dc1

I was prompted for my password (not expected)

The logs below encompass the password logon when I copied over the public key and the attempted logon after the public key was copied over.

PS C:\ProgramData\ssh> cat .\logs\sshd.log
2268 2024-07-23 15:46:07.339 debug1: Bind to port 22 on ::.
2268 2024-07-23 15:46:07.339 Server listening on :: port 22.
2268 2024-07-23 15:46:07.339 debug1: Bind to port 22 on 0.0.0.0.
2268 2024-07-23 15:46:07.339 Server listening on 0.0.0.0 port 22.
5032 2024-07-23 15:46:10.439 debug1: inetd sockets after dupping: 4, 4
5032 2024-07-23 15:46:10.439 Connection from 192.168.42.131 port 50768 on 192.168.42.142 port 22
5032 2024-07-23 15:46:10.439 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
5032 2024-07-23 15:46:10.439 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
5032 2024-07-23 15:46:10.439 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
5032 2024-07-23 15:46:10.470 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5032 2024-07-23 15:46:10.470 debug1: SSH2_MSG_KEXINIT sent [preauth]
5032 2024-07-23 15:46:10.470 debug1: SSH2_MSG_KEXINIT received [preauth]
5032 2024-07-23 15:46:10.470 debug1: kex: algorithm: curve25519-sha256 [preauth]
5032 2024-07-23 15:46:10.470 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
5032 2024-07-23 15:46:10.470 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
5032 2024-07-23 15:46:10.470 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
5032 2024-07-23 15:46:10.470 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
5032 2024-07-23 15:46:10.470 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
5032 2024-07-23 15:46:10.470 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
5032 2024-07-23 15:46:10.470 debug1: rekey out after 134217728 blocks [preauth]
5032 2024-07-23 15:46:10.470 debug1: SSH2_MSG_NEWKEYS sent [preauth]
5032 2024-07-23 15:46:10.470 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
5032 2024-07-23 15:46:10.470 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
5032 2024-07-23 15:46:10.470 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
5032 2024-07-23 15:46:10.470 debug1: SSH2_MSG_NEWKEYS received [preauth]
5032 2024-07-23 15:46:10.470 debug1: rekey in after 134217728 blocks [preauth]
5032 2024-07-23 15:46:10.470 debug1: KEX done [preauth]
5032 2024-07-23 15:46:10.502 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
5032 2024-07-23 15:46:10.502 debug1: attempt 0 failures 0 [preauth]
5032 2024-07-23 15:46:10.517 debug1: user 2022testing\\rstrom matched group list administrators at line 91
5032 2024-07-23 15:46:10.517 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
5032 2024-07-23 15:46:10.517 debug1: attempt 1 failures 0 [preauth]
5032 2024-07-23 15:46:10.517 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
5032 2024-07-23 15:46:10.517 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
5032 2024-07-23 15:46:10.517 Failed publickey for rstrom from 192.168.42.131 port 50768 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
5032 2024-07-23 15:46:10.533 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
5032 2024-07-23 15:46:10.533 debug1: attempt 2 failures 1 [preauth]
5032 2024-07-23 15:46:10.533 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
5032 2024-07-23 15:46:10.533 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
5032 2024-07-23 15:46:10.533 Failed publickey for rstrom from 192.168.42.131 port 50768 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
5032 2024-07-23 15:46:10.548 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
5032 2024-07-23 15:46:10.548 debug1: attempt 3 failures 2 [preauth]
5032 2024-07-23 15:46:10.548 debug1: keyboard-interactive devs  [preauth]
5032 2024-07-23 15:46:10.548 debug1: auth2_challenge: user=rstrom devs= [preauth]
5032 2024-07-23 15:46:10.548 debug1: kbdint_alloc: devices '' [preauth]
5032 2024-07-23 15:46:15.519 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
5032 2024-07-23 15:46:15.519 debug1: attempt 4 failures 3 [preauth]
5032 2024-07-23 15:46:15.535 Accepted password for rstrom from 192.168.42.131 port 50768 ssh2
5032 2024-07-23 15:46:15.535 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
5032 2024-07-23 15:46:15.550 debug1: monitor_read_log: child log fd closed
5032 2024-07-23 15:46:15.550 User child is on pid 4312
4312 2024-07-23 15:46:15.566 debug1: user 2022testing\\rstrom matched group list administrators at line 91
5032 2024-07-23 15:46:15.566 debug1: rekey in after 134217728 blocks
5032 2024-07-23 15:46:15.566 debug1: rekey out after 134217728 blocks
5032 2024-07-23 15:46:15.566 debug1: ssh_packet_set_postauth: called
5032 2024-07-23 15:46:15.566 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
5032 2024-07-23 15:46:15.566 debug1: Entering interactive session for SSH2.
5032 2024-07-23 15:46:15.566 debug1: server_init_dispatch
5032 2024-07-23 15:46:15.566 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
5032 2024-07-23 15:46:15.566 debug1: input_session_request
5032 2024-07-23 15:46:15.566 debug1: channel 0: new session [server-session] (inactive timeout: 0)
5032 2024-07-23 15:46:15.566 debug1: session_new: session 0
5032 2024-07-23 15:46:15.566 debug1: session_open: channel 0
5032 2024-07-23 15:46:15.566 debug1: session_open: session 0: link with channel 0
5032 2024-07-23 15:46:15.566 debug1: server_input_channel_open: confirm session
5032 2024-07-23 15:46:15.566 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
5032 2024-07-23 15:46:15.566 debug1: server_input_global_request: rtype hostkeys-prove-00@openssh.com want_reply 1
5032 2024-07-23 15:46:15.581 debug1: server_input_channel_req: channel 0 request exec reply 1
5032 2024-07-23 15:46:15.581 debug1: session_by_channel: session 0 channel 0
5032 2024-07-23 15:46:15.581 debug1: session_input_channel_req: session 0 req exec
5032 2024-07-23 15:46:15.581 Starting session: command for 2022testing\\\\rstrom from 192.168.42.131 port 50768 id 0
5032 2024-07-23 15:46:18.035 debug1: Received SIGCHLD.
5032 2024-07-23 15:46:18.035 debug1: session_by_pid: pid 2816
5032 2024-07-23 15:46:18.035 debug1: session_exit_message: session 0 channel 0 pid 2816 exit 0
5032 2024-07-23 15:46:18.035 debug1: session_exit_message: release channel 0
5032 2024-07-23 15:46:18.035 debug1: session_by_channel: session 0 channel 0
5032 2024-07-23 15:46:18.035 debug1: session_close_by_channel: channel 0 child 0
5032 2024-07-23 15:46:18.035 Close session: user 2022testing\\\\rstrom from 192.168.42.131 port 50768 id 0
5032 2024-07-23 15:46:18.035 debug1: channel 0: free: server-session, nchannels 1
5032 2024-07-23 15:46:18.035 Read error from remote host 192.168.42.131 port 50768: Unknown error
5032 2024-07-23 15:46:18.035 debug1: do_cleanup
5032 2024-07-23 15:46:18.035 debug1: do_cleanup
4316 2024-07-23 15:46:43.311 debug1: inetd sockets after dupping: 4, 4
4316 2024-07-23 15:46:43.311 Connection from 192.168.42.131 port 50769 on 192.168.42.141 port 22
4316 2024-07-23 15:46:43.311 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
4316 2024-07-23 15:46:43.311 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
4316 2024-07-23 15:46:43.311 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
4316 2024-07-23 15:46:43.342 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4316 2024-07-23 15:46:43.342 debug1: SSH2_MSG_KEXINIT sent [preauth]
4316 2024-07-23 15:46:43.342 debug1: SSH2_MSG_KEXINIT received [preauth]
4316 2024-07-23 15:46:43.342 debug1: kex: algorithm: curve25519-sha256 [preauth]
4316 2024-07-23 15:46:43.342 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
4316 2024-07-23 15:46:43.342 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4316 2024-07-23 15:46:43.342 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4316 2024-07-23 15:46:43.342 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4316 2024-07-23 15:46:43.342 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4316 2024-07-23 15:46:43.342 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
4316 2024-07-23 15:46:43.342 debug1: rekey out after 134217728 blocks [preauth]
4316 2024-07-23 15:46:43.342 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4316 2024-07-23 15:46:43.342 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4316 2024-07-23 15:46:43.342 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4316 2024-07-23 15:46:43.342 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
4316 2024-07-23 15:46:43.342 debug1: SSH2_MSG_NEWKEYS received [preauth]
4316 2024-07-23 15:46:43.342 debug1: rekey in after 134217728 blocks [preauth]
4316 2024-07-23 15:46:43.342 debug1: KEX done [preauth]
4316 2024-07-23 15:46:43.374 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
4316 2024-07-23 15:46:43.374 debug1: attempt 0 failures 0 [preauth]
4316 2024-07-23 15:46:43.374 debug1: user 2022testing\\rstrom matched group list administrators at line 91
4316 2024-07-23 15:46:43.389 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4316 2024-07-23 15:46:43.389 debug1: attempt 1 failures 0 [preauth]
4316 2024-07-23 15:46:43.389 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
4316 2024-07-23 15:46:43.389 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4316 2024-07-23 15:46:43.389 Failed publickey for rstrom from 192.168.42.131 port 50769 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
4316 2024-07-23 15:46:43.405 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4316 2024-07-23 15:46:43.405 debug1: attempt 2 failures 1 [preauth]
4316 2024-07-23 15:46:43.405 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
4316 2024-07-23 15:46:43.405 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4316 2024-07-23 15:46:43.405 Failed publickey for rstrom from 192.168.42.131 port 50769 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
4316 2024-07-23 15:46:43.420 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
4316 2024-07-23 15:46:43.420 debug1: attempt 3 failures 2 [preauth]
4316 2024-07-23 15:46:43.420 debug1: keyboard-interactive devs  [preauth]
4316 2024-07-23 15:46:43.420 debug1: auth2_challenge: user=rstrom devs= [preauth]
4316 2024-07-23 15:46:43.420 debug1: kbdint_alloc: devices '' [preauth]

Please let me know what else you may need and/or what you would like me to do in an attempt to get this to work properly.

Thanks,

Robert

[robertstrom]

The logs below are after I stopped the SSH service, deleted the sshd.log file, commented out these lines in the sshd_config file and then restarted the ssh service:

## Match Group administrators
##        AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

The connection was from the same system as above using the same user account as above and using the same SSH public and private key as above.

I ran these commands (as per the documentation in Key-based authentication in OpenSSH for Windows):

# Get the public key file generated previously on your client
$authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_ed25519.pub

# Generate the PowerShell to be run remote that will copy the public key file generated previously on your client to the authorized_keys file on your server
$remotePowershell = "powershell New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path $env:USERPROFILE\.ssh\authorized_keys -Value '$authorizedKey'"

# Connect to your server and run the PowerShell using the $remotePowerShell variable

ssh rstrom@dc1 $remotePowershell

Then I connected to the remote machine using the standard SSH command:

ssh rstrom@dc1

and the connection was successful. So, a connection when using the Match Group administrators using an account that is a Domain Admin and an SSH key was not able to log in, but the same account was able to log in using an SSH key when that public key was in their $HOMEDIR.ssh\authorized_keys file but not using the same public SSH key when in the PROGRAMDATA__/ssh/administrators_authorized_keys file.

PS C:\ProgramData\ssh> cat .\logs\sshd.log
3840 2024-07-23 16:04:36.960 debug1: Bind to port 22 on ::.
3840 2024-07-23 16:04:36.960 Server listening on :: port 22.
3840 2024-07-23 16:04:36.960 debug1: Bind to port 22 on 0.0.0.0.
3840 2024-07-23 16:04:36.960 Server listening on 0.0.0.0 port 22.
5040 2024-07-23 16:06:12.040 debug1: Bind to port 22 on ::.
5040 2024-07-23 16:06:12.040 Server listening on :: port 22.
5040 2024-07-23 16:06:12.040 debug1: Bind to port 22 on 0.0.0.0.
5040 2024-07-23 16:06:12.040 Server listening on 0.0.0.0 port 22.
1276 2024-07-23 16:07:34.978 debug1: inetd sockets after dupping: 4, 4
1276 2024-07-23 16:07:34.978 Connection from 192.168.42.131 port 50810 on 192.168.42.141 port 22
1276 2024-07-23 16:07:34.978 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
1276 2024-07-23 16:07:34.978 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
1276 2024-07-23 16:07:34.978 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
1276 2024-07-23 16:07:34.994 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
1276 2024-07-23 16:07:34.994 debug1: SSH2_MSG_KEXINIT sent [preauth]
1276 2024-07-23 16:07:34.994 debug1: SSH2_MSG_KEXINIT received [preauth]
1276 2024-07-23 16:07:34.994 debug1: kex: algorithm: curve25519-sha256 [preauth]
1276 2024-07-23 16:07:34.994 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
1276 2024-07-23 16:07:34.994 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
1276 2024-07-23 16:07:34.994 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
1276 2024-07-23 16:07:34.994 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
1276 2024-07-23 16:07:35.010 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
1276 2024-07-23 16:07:35.010 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
1276 2024-07-23 16:07:35.010 debug1: rekey out after 134217728 blocks [preauth]
1276 2024-07-23 16:07:35.010 debug1: SSH2_MSG_NEWKEYS sent [preauth]
1276 2024-07-23 16:07:35.010 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
1276 2024-07-23 16:07:35.010 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
1276 2024-07-23 16:07:35.010 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
1276 2024-07-23 16:07:35.010 debug1: SSH2_MSG_NEWKEYS received [preauth]
1276 2024-07-23 16:07:35.010 debug1: rekey in after 134217728 blocks [preauth]
1276 2024-07-23 16:07:35.010 debug1: KEX done [preauth]
1276 2024-07-23 16:07:35.041 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
1276 2024-07-23 16:07:35.041 debug1: attempt 0 failures 0 [preauth]
1276 2024-07-23 16:07:35.041 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
1276 2024-07-23 16:07:35.041 debug1: attempt 1 failures 0 [preauth]
1276 2024-07-23 16:07:35.041 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
1276 2024-07-23 16:07:35.041 debug1: trying public key file C:\\Users\\rstrom\\.ssh/authorized_keys
1276 2024-07-23 16:07:35.041 debug1: Could not open authorized keys 'C:\\Users\\rstrom\\.ssh/authorized_keys': No such file or directory
1276 2024-07-23 16:07:35.041 Failed publickey for rstrom from 192.168.42.131 port 50810 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
1276 2024-07-23 16:07:35.057 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
1276 2024-07-23 16:07:35.057 debug1: attempt 2 failures 1 [preauth]
1276 2024-07-23 16:07:35.057 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
1276 2024-07-23 16:07:35.057 debug1: trying public key file C:\\Users\\rstrom\\.ssh/authorized_keys
1276 2024-07-23 16:07:35.057 debug1: Could not open authorized keys 'C:\\Users\\rstrom\\.ssh/authorized_keys': No such file or directory
1276 2024-07-23 16:07:35.057 Failed publickey for rstrom from 192.168.42.131 port 50810 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
1276 2024-07-23 16:07:35.072 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
1276 2024-07-23 16:07:35.072 debug1: attempt 3 failures 2 [preauth]
1276 2024-07-23 16:07:35.072 debug1: keyboard-interactive devs  [preauth]
1276 2024-07-23 16:07:35.072 debug1: auth2_challenge: user=rstrom devs= [preauth]
1276 2024-07-23 16:07:35.072 debug1: kbdint_alloc: devices '' [preauth]
1276 2024-07-23 16:07:39.359 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
1276 2024-07-23 16:07:39.359 debug1: attempt 4 failures 3 [preauth]
1276 2024-07-23 16:07:39.406 Accepted password for rstrom from 192.168.42.131 port 50810 ssh2
1276 2024-07-23 16:07:39.406 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
1276 2024-07-23 16:07:39.422 debug1: monitor_read_log: child log fd closed
1276 2024-07-23 16:07:39.437 User child is on pid 4440
1276 2024-07-23 16:07:39.453 debug1: rekey in after 134217728 blocks
1276 2024-07-23 16:07:39.453 debug1: rekey out after 134217728 blocks
1276 2024-07-23 16:07:39.453 debug1: ssh_packet_set_postauth: called
1276 2024-07-23 16:07:39.453 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
1276 2024-07-23 16:07:39.453 debug1: Entering interactive session for SSH2.
1276 2024-07-23 16:07:39.453 debug1: server_init_dispatch
1276 2024-07-23 16:07:39.453 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
1276 2024-07-23 16:07:39.453 debug1: input_session_request
1276 2024-07-23 16:07:39.453 debug1: channel 0: new session [server-session] (inactive timeout: 0)
1276 2024-07-23 16:07:39.453 debug1: session_new: session 0
1276 2024-07-23 16:07:39.453 debug1: session_open: channel 0
1276 2024-07-23 16:07:39.453 debug1: session_open: session 0: link with channel 0
1276 2024-07-23 16:07:39.453 debug1: server_input_channel_open: confirm session
1276 2024-07-23 16:07:39.453 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
1276 2024-07-23 16:07:39.468 debug1: server_input_channel_req: channel 0 request exec reply 1
1276 2024-07-23 16:07:39.468 debug1: session_by_channel: session 0 channel 0
1276 2024-07-23 16:07:39.468 debug1: session_input_channel_req: session 0 req exec
1276 2024-07-23 16:07:39.468 Starting session: command for 2022testing\\\\rstrom from 192.168.42.131 port 50810 id 0
1276 2024-07-23 16:07:40.343 debug1: Received SIGCHLD.
1276 2024-07-23 16:07:40.343 debug1: session_by_pid: pid 2988
1276 2024-07-23 16:07:40.343 debug1: session_exit_message: session 0 channel 0 pid 2988 exit 0
1276 2024-07-23 16:07:40.343 debug1: session_exit_message: release channel 0
1276 2024-07-23 16:07:40.343 debug1: session_by_channel: session 0 channel 0
1276 2024-07-23 16:07:40.343 debug1: session_close_by_channel: channel 0 child 0
1276 2024-07-23 16:07:40.343 Close session: user 2022testing\\\\rstrom from 192.168.42.131 port 50810 id 0
1276 2024-07-23 16:07:40.343 debug1: channel 0: free: server-session, nchannels 1
1276 2024-07-23 16:07:40.343 Read error from remote host 192.168.42.131 port 50810: Unknown error
1276 2024-07-23 16:07:40.343 debug1: do_cleanup
1276 2024-07-23 16:07:40.343 debug1: do_cleanup
348 2024-07-23 16:07:47.284 debug1: inetd sockets after dupping: 4, 4
348 2024-07-23 16:07:47.284 Connection from 192.168.42.131 port 50811 on 192.168.42.141 port 22
348 2024-07-23 16:07:47.284 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
348 2024-07-23 16:07:47.284 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
348 2024-07-23 16:07:47.284 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
348 2024-07-23 16:07:47.331 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
348 2024-07-23 16:07:47.331 debug1: SSH2_MSG_KEXINIT sent [preauth]
348 2024-07-23 16:07:47.331 debug1: SSH2_MSG_KEXINIT received [preauth]
348 2024-07-23 16:07:47.331 debug1: kex: algorithm: curve25519-sha256 [preauth]
348 2024-07-23 16:07:47.331 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
348 2024-07-23 16:07:47.331 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
348 2024-07-23 16:07:47.331 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
348 2024-07-23 16:07:47.331 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
348 2024-07-23 16:07:47.331 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
348 2024-07-23 16:07:47.331 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
348 2024-07-23 16:07:47.331 debug1: rekey out after 134217728 blocks [preauth]
348 2024-07-23 16:07:47.331 debug1: SSH2_MSG_NEWKEYS sent [preauth]
348 2024-07-23 16:07:47.331 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
348 2024-07-23 16:07:47.331 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
348 2024-07-23 16:07:47.346 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
348 2024-07-23 16:07:47.346 debug1: SSH2_MSG_NEWKEYS received [preauth]
348 2024-07-23 16:07:47.346 debug1: rekey in after 134217728 blocks [preauth]
348 2024-07-23 16:07:47.346 debug1: KEX done [preauth]
348 2024-07-23 16:07:47.362 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
348 2024-07-23 16:07:47.362 debug1: attempt 0 failures 0 [preauth]
348 2024-07-23 16:07:47.362 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
348 2024-07-23 16:07:47.362 debug1: attempt 1 failures 0 [preauth]
348 2024-07-23 16:07:47.362 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
348 2024-07-23 16:07:47.362 debug1: trying public key file C:\\Users\\rstrom\\.ssh/authorized_keys
348 2024-07-23 16:07:47.362 debug1: C:\\Users\\rstrom\\.ssh/authorized_keys:1: matching key found: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
348 2024-07-23 16:07:47.362 debug1: C:\\Users\\rstrom\\.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
348 2024-07-23 16:07:47.362 Accepted key ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA found at C:\\Users\\rstrom\\.ssh/authorized_keys:1
348 2024-07-23 16:07:47.378 Postponed publickey for rstrom from 192.168.42.131 port 50811 ssh2 [preauth]
348 2024-07-23 16:07:47.378 debug1: userauth-request for user rstrom service ssh-connection method publickey-hostbound-v00@openssh.com [preauth]
348 2024-07-23 16:07:47.378 debug1: attempt 2 failures 0 [preauth]
348 2024-07-23 16:07:47.378 debug1: trying public key file C:\\Users\\rstrom\\.ssh/authorized_keys
348 2024-07-23 16:07:47.378 debug1: C:\\Users\\rstrom\\.ssh/authorized_keys:1: matching key found: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
348 2024-07-23 16:07:47.378 debug1: C:\\Users\\rstrom\\.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
348 2024-07-23 16:07:47.378 Accepted key ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA found at C:\\Users\\rstrom\\.ssh/authorized_keys:1
348 2024-07-23 16:07:47.378 debug1: auth_activate_options: setting new authentication options
348 2024-07-23 16:07:47.378 Accepted publickey for rstrom from 192.168.42.131 port 50811 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
348 2024-07-23 16:07:47.378 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
348 2024-07-23 16:07:47.394 debug1: auth_activate_options: setting new authentication options [preauth]
348 2024-07-23 16:07:47.394 debug1: monitor_read_log: child log fd closed
348 2024-07-23 16:07:47.425 User child is on pid 728
348 2024-07-23 16:07:47.425 debug1: rekey in after 134217728 blocks
348 2024-07-23 16:07:47.425 debug1: rekey out after 134217728 blocks
348 2024-07-23 16:07:47.425 debug1: ssh_packet_set_postauth: called
348 2024-07-23 16:07:47.425 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
348 2024-07-23 16:07:47.425 debug1: Entering interactive session for SSH2.
348 2024-07-23 16:07:47.425 debug1: server_init_dispatch
348 2024-07-23 16:07:47.425 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
348 2024-07-23 16:07:47.425 debug1: input_session_request
348 2024-07-23 16:07:47.425 debug1: channel 0: new session [server-session] (inactive timeout: 0)
348 2024-07-23 16:07:47.425 debug1: session_new: session 0
348 2024-07-23 16:07:47.425 debug1: session_open: channel 0
348 2024-07-23 16:07:47.425 debug1: session_open: session 0: link with channel 0
348 2024-07-23 16:07:47.425 debug1: server_input_channel_open: confirm session
348 2024-07-23 16:07:47.425 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
348 2024-07-23 16:07:47.456 debug1: server_input_channel_req: channel 0 request pty-req reply 1
348 2024-07-23 16:07:47.456 debug1: session_by_channel: session 0 channel 0
348 2024-07-23 16:07:47.456 debug1: session_input_channel_req: session 0 req pty-req
348 2024-07-23 16:07:47.456 debug1: Allocating pty.
348 2024-07-23 16:07:47.456 debug1: session_pty_req: session 0 alloc windows-pty
348 2024-07-23 16:07:47.456 debug1: server_input_channel_req: channel 0 request shell reply 1
348 2024-07-23 16:07:47.456 debug1: session_by_channel: session 0 channel 0
348 2024-07-23 16:07:47.456 debug1: session_input_channel_req: session 0 req shell
348 2024-07-23 16:07:47.456 Starting session: shell on windows-pty for 2022testing\\\\rstrom from 192.168.42.131 port 50811 id 0
348 2024-07-23 16:07:47.596 debug1: server_input_channel_req: channel 0 request window-change reply 0
348 2024-07-23 16:07:47.596 debug1: session_by_channel: session 0 channel 0
348 2024-07-23 16:07:47.596 debug1: session_input_channel_req: session 0 req window-change

[jborean93]

Then I attempted to SSH to the machine (the machine is a Domain Controller) using the command:

The command in your example is:

$remotePowershell = "powershell Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value '''$authorizedKey''';icacls.exe ...

This is different from the command run for the user profile example

$remotePowershell = "powershell New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path $env:USERPROFILE\.ssh\authorized_keys -Value '$authorizedKey'"

Notice how the -Value in the former contains three single quotes whereas the user profile one only contains one. This will cause the raw value being added to be surrounded by single quotes and will break the parsing of that line when doing ssh key auth. For example see here how the raw output contains the single quotes surrounded the value vs the latter without it.

Try rerunning the copy command but with -Value '$authorizedKey' instead of '''$authorizedKey'''. You may also need to remove the existing lines with ' surrounding them in the admin auth key file in case it breaks the parser altogether.

[robertstrom]

@jborean93 - thanks for the response!

A) As noted in my post I got the commands from the Microsoft documentation here. I did not link it before, I just referred to the name of the article - Key-based authentication in OpenSSH for Windows B) I did try using various other quotation marks before posting this issue since I had noticed the single quotes that were added to the entry in the administrators_authorized_keys file C) I believe that I have made the change that you have suggested and it is not working for me. I have changed the quotes surrounding the $authorizedkey

# Get the public key file generated previously on your client
$authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_ed25519.pub

# Generate the PowerShell to be run remote that will copy the public key file generated previously on your client to the authorized_keys file on your server
$remotePowershell = "powershell Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value '$authorizedKey'"

# Connect to your server and run the PowerShell using the $remotePowerShell variable
ssh rstrom@dc1 $remotePowershell

I have tried this numerous times and get the same result (one that I had gotten before when playing around with the quotes)

Add-Content : A positional parameter cannot be found that accepts argument
'AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn'.
At line:1 char:1
+ Add-Content -Force -Path C:\ProgramData\ssh\administrators_authorized ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Add-Content], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.AddContentCommand

D) I should be able to eliminate all of this PowerShell key copying and just copy the public key to the administrators_authorized_keys file and have the connection work. That is not working for me either. E) @tgauth - how about just a simple ssh-copy-id and have it just work, all the time, every time? From what I have been told Microsoft is trying to move to having SSH as a standard remote administration protocol. A standard that matches the rest of the industries secure remote administration. ssh-copy-id is the standard ... and it's stupid simple. Not some absolutely insane PowerShell command. There is no way that anyone is going to memorize that command to copy SSH keys. People can, and do, memorize

ssh-copy-id rstrom@dc1

Please fix this!

[robertstrom]

Additional info:

I just reverted back to the original PowerShell commands posted on the Key-based authentication in OpenSSH for Windows page

# Get the public key file generated previously on your client
$authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_ed25519.pub

# Generate the PowerShell to be run remote that will copy the public key file generated previously on your client to the authorized_keys file on your server
$remotePowershell = "powershell Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value '''$authorizedKey''';icacls.exe ""$env:ProgramData\ssh\administrators_authorized_keys"" /inheritance:r /grant ""Administrators:F"" /grant ""SYSTEM:F"""
ssh rstrom@dc1 $remotePowershell

This command works and it is entering the SSH public key correctly. But the key based authentication is still not working.

Successful commands run to add SSH public key on SSH client side (the second command after the ssh-copy-id command was typed and executed - the error seen above that is the error experience described in the response directly above)

Key correctly entered into the remote systems authorized key file

FYI - SSH keys only good for my very segregated VM test environment ;-)

[jborean93]

My apologies, it must work and be needed if the default shell is powershell, whereas on my host I just use cmd there. I'm unsure why the pub key is failing with the admin path, it seems like it should work and it is checking that file but nothing from there. You could try increasing the log level to 3 with LogLevel DEBUG3 and see if it shows any more details as to why it's not accepting the key.

[robertstrom]

LogLevel DEBUG3 as requested. Here's what I did that is contained in the log.

• I tried to login from a system that had the public key in the administrators_authorized_keys file already. Got prompted for a password.
• I deleted the public key then copied it over using the PowerShell commands. Got prompted for a password.
• I copied a public key from my POP!_OS Linux system into the administrators_authorized_keys file. Got prompted for a password.
• I used scp to copy over the sshd.log file from the POP!_OS Linux system (took a couple of times to get the syntax to the path correct). Got prompted for a password.

3660 2024-08-01 11:08:08.849 debug2: fd 3 setting O_NONBLOCK
3660 2024-08-01 11:08:08.849 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
3660 2024-08-01 11:08:08.849 debug1: Bind to port 22 on ::.
3660 2024-08-01 11:08:08.849 Server listening on :: port 22.
3660 2024-08-01 11:08:08.849 debug2: fd 4 setting O_NONBLOCK
3660 2024-08-01 11:08:08.849 debug1: Bind to port 22 on 0.0.0.0.
3660 2024-08-01 11:08:08.849 Server listening on 0.0.0.0 port 22.
3660 2024-08-01 11:08:08.849 debug3: pselect: installing signal handler for 3, previous 00007FF7B43A8E40
3660 2024-08-01 11:08:08.849 debug3: pselect: installing signal handler for 6, previous 00007FF7B43A8D40
3660 2024-08-01 11:08:08.849 debug3: pselect: installing signal handler for 7, previous 00007FF7B43A8E30
3660 2024-08-01 11:08:08.849 debug3: pselect: installing signal handler for 8, previous 00007FF7B43A8E30
3660 2024-08-01 11:08:08.849 debug3: pselect_notify_setup: initializing
3660 2024-08-01 11:08:08.849 debug2: fd 7 setting O_NONBLOCK
3660 2024-08-01 11:08:08.849 debug2: fd 5 setting O_NONBLOCK
3660 2024-08-01 11:08:08.849 debug3: pselect_notify_setup: pid 3660 saved 3660 pipe0 7 pipe1 5
3660 2024-08-01 11:08:26.553 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:08:26.553 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:08:26.569 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:08:26.569 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:08:26.569 debug3: send_rexec_state: done
3724 2024-08-01 11:08:26.585 debug1: inetd sockets after dupping: 4, 4
3724 2024-08-01 11:08:26.585 debug3: process_channel_timeouts: setting 0 timeouts
3724 2024-08-01 11:08:26.585 debug3: channel_clear_timeouts: clearing
3724 2024-08-01 11:08:26.585 Connection from 192.168.42.131 port 54163 on 192.168.42.141 port 22
3724 2024-08-01 11:08:26.585 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
3724 2024-08-01 11:08:26.585 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
3724 2024-08-01 11:08:26.585 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
3724 2024-08-01 11:08:26.585 debug2: fd 4 setting O_NONBLOCK
3724 2024-08-01 11:08:26.600 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
3724 2024-08-01 11:08:26.600 debug2: Network child is on pid 1440
3724 2024-08-01 11:08:26.600 debug3: send_rexec_state: entering fd = 6 config len 2367
3724 2024-08-01 11:08:26.600 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:26.600 debug3: send_rexec_state: done
3724 2024-08-01 11:08:26.600 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:26.600 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:26.600 debug3: preauth child monitor started
3724 2024-08-01 11:08:26.616 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
3724 2024-08-01 11:08:26.616 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3724 2024-08-01 11:08:26.616 debug3: send packet: type 20 [preauth]
3724 2024-08-01 11:08:26.616 debug1: SSH2_MSG_KEXINIT sent [preauth]
3724 2024-08-01 11:08:26.616 debug3: receive packet: type 20 [preauth]
3724 2024-08-01 11:08:26.616 debug1: SSH2_MSG_KEXINIT received [preauth]
3724 2024-08-01 11:08:26.616 debug2: local server KEXINIT proposal [preauth]
3724 2024-08-01 11:08:26.616 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3724 2024-08-01 11:08:26.616 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3724 2024-08-01 11:08:26.616 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3724 2024-08-01 11:08:26.616 debug2: compression ctos: none,zlib@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: compression stoc: none,zlib@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: languages ctos:  [preauth]
3724 2024-08-01 11:08:26.616 debug2: languages stoc:  [preauth]
3724 2024-08-01 11:08:26.616 debug2: first_kex_follows 0  [preauth]
3724 2024-08-01 11:08:26.616 debug2: reserved 0  [preauth]
3724 2024-08-01 11:08:26.616 debug2: peer client KEXINIT proposal [preauth]
3724 2024-08-01 11:08:26.616 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
3724 2024-08-01 11:08:26.616 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3724 2024-08-01 11:08:26.616 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3724 2024-08-01 11:08:26.616 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3724 2024-08-01 11:08:26.616 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
3724 2024-08-01 11:08:26.616 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
3724 2024-08-01 11:08:26.616 debug2: languages ctos:  [preauth]
3724 2024-08-01 11:08:26.616 debug2: languages stoc:  [preauth]
3724 2024-08-01 11:08:26.616 debug2: first_kex_follows 0  [preauth]
3724 2024-08-01 11:08:26.616 debug2: reserved 0  [preauth]
3724 2024-08-01 11:08:26.616 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
3724 2024-08-01 11:08:26.616 debug1: kex: algorithm: curve25519-sha256 [preauth]
3724 2024-08-01 11:08:26.616 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
3724 2024-08-01 11:08:26.616 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3724 2024-08-01 11:08:26.616 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3724 2024-08-01 11:08:26.616 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3724 2024-08-01 11:08:26.616 debug3: receive packet: type 30 [preauth]
3724 2024-08-01 11:08:26.616 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_sshkey_sign: entering [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_request_send: entering, type 6 [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_request_receive_expect: entering, type 7 [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_request_receive: entering [preauth]
3724 2024-08-01 11:08:26.616 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:26.616 debug3: monitor_read: checking request 6
3724 2024-08-01 11:08:26.616 debug3: mm_answer_sign: entering
3724 2024-08-01 11:08:26.616 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
3724 2024-08-01 11:08:26.616 debug3: mm_request_send: entering, type 7
3724 2024-08-01 11:08:26.616 debug2: monitor_read: 6 used once, disabling now
3724 2024-08-01 11:08:26.616 debug3: send packet: type 31 [preauth]
3724 2024-08-01 11:08:26.616 debug3: send packet: type 21 [preauth]
3724 2024-08-01 11:08:26.616 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
3724 2024-08-01 11:08:26.616 debug2: ssh_set_newkeys: mode 1 [preauth]
3724 2024-08-01 11:08:26.616 debug1: rekey out after 134217728 blocks [preauth]
3724 2024-08-01 11:08:26.616 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3724 2024-08-01 11:08:26.616 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
3724 2024-08-01 11:08:26.616 debug3: send packet: type 7 [preauth]
3724 2024-08-01 11:08:26.616 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3724 2024-08-01 11:08:26.616 debug3: receive packet: type 21 [preauth]
3724 2024-08-01 11:08:26.616 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
3724 2024-08-01 11:08:26.616 debug1: SSH2_MSG_NEWKEYS received [preauth]
3724 2024-08-01 11:08:26.616 debug2: ssh_set_newkeys: mode 0 [preauth]
3724 2024-08-01 11:08:26.616 debug1: rekey in after 134217728 blocks [preauth]
3724 2024-08-01 11:08:26.616 debug1: KEX done [preauth]
3724 2024-08-01 11:08:26.647 debug3: receive packet: type 5 [preauth]
3724 2024-08-01 11:08:26.647 debug3: send packet: type 6 [preauth]
3724 2024-08-01 11:08:26.647 debug3: receive packet: type 50 [preauth]
3724 2024-08-01 11:08:26.647 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
3724 2024-08-01 11:08:26.647 debug1: attempt 0 failures 0 [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_getpwnamallow: entering [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_request_send: entering, type 8 [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_request_receive_expect: entering, type 9 [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_request_receive: entering [preauth]
3724 2024-08-01 11:08:26.647 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:26.647 debug3: monitor_read: checking request 8
3724 2024-08-01 11:08:26.647 debug3: mm_answer_pwnamallow: entering
3724 2024-08-01 11:08:26.647 debug2: parse_server_config_depth: config reprocess config len 2367
3724 2024-08-01 11:08:26.647 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
3724 2024-08-01 11:08:26.663 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3724 2024-08-01 11:08:26.663 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3724 2024-08-01 11:08:26.663 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3724 2024-08-01 11:08:26.663 debug3: match found
3724 2024-08-01 11:08:26.663 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3724 2024-08-01 11:08:26.663 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3724 2024-08-01 11:08:26.663 debug3: mm_request_send: entering, type 9
3724 2024-08-01 11:08:26.663 debug2: monitor_read: 8 used once, disabling now
3724 2024-08-01 11:08:26.663 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
3724 2024-08-01 11:08:26.663 debug3: channel_clear_timeouts: clearing [preauth]
3724 2024-08-01 11:08:26.663 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_inform_authserv: entering [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_send: entering, type 4 [preauth]
3724 2024-08-01 11:08:26.663 debug2: input_userauth_request: try method none [preauth]
3724 2024-08-01 11:08:26.663 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3724 2024-08-01 11:08:26.663 debug3: send packet: type 51 [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:26.663 debug3: monitor_read: checking request 4
3724 2024-08-01 11:08:26.663 debug3: mm_answer_authserv: service=ssh-connection, style=
3724 2024-08-01 11:08:26.663 debug2: monitor_read: 4 used once, disabling now
3724 2024-08-01 11:08:26.663 debug3: receive packet: type 50 [preauth]
3724 2024-08-01 11:08:26.663 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3724 2024-08-01 11:08:26.663 debug1: attempt 1 failures 0 [preauth]
3724 2024-08-01 11:08:26.663 debug2: input_userauth_request: try method publickey [preauth]
3724 2024-08-01 11:08:26.663 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn [preauth]
3724 2024-08-01 11:08:26.663 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_key_allowed: entering [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_send: entering, type 22 [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_receive: entering [preauth]
3724 2024-08-01 11:08:26.663 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:26.663 debug3: monitor_read: checking request 22
3724 2024-08-01 11:08:26.663 debug3: mm_answer_keyallowed: entering
3724 2024-08-01 11:08:26.663 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3724 2024-08-01 11:08:26.663 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3724 2024-08-01 11:08:26.663 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3724 2024-08-01 11:08:26.663 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/2 lines
3724 2024-08-01 11:08:26.663 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
3724 2024-08-01 11:08:26.663 Failed publickey for rstrom from 192.168.42.131 port 54163 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
3724 2024-08-01 11:08:26.663 debug3: mm_request_send: entering, type 23
3724 2024-08-01 11:08:26.663 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
3724 2024-08-01 11:08:26.678 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3724 2024-08-01 11:08:26.678 debug3: ensure_minimum_time_since: elapsed 15.000ms, delaying 14.526ms (requested 7.381ms) [preauth]
3724 2024-08-01 11:08:26.694 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3724 2024-08-01 11:08:26.694 debug3: send packet: type 51 [preauth]
3724 2024-08-01 11:08:26.694 debug3: receive packet: type 50 [preauth]
3724 2024-08-01 11:08:26.694 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3724 2024-08-01 11:08:26.694 debug1: attempt 2 failures 1 [preauth]
3724 2024-08-01 11:08:26.694 debug2: input_userauth_request: try method publickey [preauth]
3724 2024-08-01 11:08:26.694 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMwiz2kfxOoYsJUEA+kjI9ju5fFP91Gad4OE3Yc5ecST [preauth]
3724 2024-08-01 11:08:26.694 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_key_allowed: entering [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_request_send: entering, type 22 [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_request_receive: entering [preauth]
3724 2024-08-01 11:08:26.694 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:26.694 debug3: monitor_read: checking request 22
3724 2024-08-01 11:08:26.694 debug3: mm_answer_keyallowed: entering
3724 2024-08-01 11:08:26.694 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3724 2024-08-01 11:08:26.694 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3724 2024-08-01 11:08:26.694 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3724 2024-08-01 11:08:26.694 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/2 lines
3724 2024-08-01 11:08:26.694 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
3724 2024-08-01 11:08:26.694 Failed publickey for rstrom from 192.168.42.131 port 54163 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
3724 2024-08-01 11:08:26.694 debug3: mm_request_send: entering, type 23
3724 2024-08-01 11:08:26.694 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
3724 2024-08-01 11:08:26.694 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3724 2024-08-01 11:08:26.694 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3724 2024-08-01 11:08:26.710 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3724 2024-08-01 11:08:26.710 debug3: send packet: type 51 [preauth]
3724 2024-08-01 11:08:26.710 debug3: receive packet: type 50 [preauth]
3724 2024-08-01 11:08:26.710 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
3724 2024-08-01 11:08:26.710 debug1: attempt 3 failures 2 [preauth]
3724 2024-08-01 11:08:26.710 debug2: input_userauth_request: try method keyboard-interactive [preauth]
3724 2024-08-01 11:08:26.710 debug1: keyboard-interactive devs  [preauth]
3724 2024-08-01 11:08:26.710 debug1: auth2_challenge: user=rstrom devs= [preauth]
3724 2024-08-01 11:08:26.710 debug1: kbdint_alloc: devices '' [preauth]
3724 2024-08-01 11:08:26.710 debug2: auth2_challenge_start: devices  [preauth]
3724 2024-08-01 11:08:26.710 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3724 2024-08-01 11:08:26.710 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3724 2024-08-01 11:08:26.725 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3724 2024-08-01 11:08:26.725 debug3: send packet: type 51 [preauth]
3724 2024-08-01 11:08:32.053 debug3: receive packet: type 50 [preauth]
3724 2024-08-01 11:08:32.053 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
3724 2024-08-01 11:08:32.053 debug1: attempt 4 failures 3 [preauth]
3724 2024-08-01 11:08:32.053 debug2: input_userauth_request: try method password [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_auth_password: entering [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_request_send: entering, type 12 [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_request_receive_expect: entering, type 13 [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_request_receive: entering [preauth]
3724 2024-08-01 11:08:32.053 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:32.053 debug3: monitor_read: checking request 12
3724 2024-08-01 11:08:32.053 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3724 2024-08-01 11:08:32.070 debug3: mm_answer_authpassword: sending result 1
3724 2024-08-01 11:08:32.070 debug3: mm_answer_authpassword: sending result 1
3724 2024-08-01 11:08:32.070 debug3: mm_request_send: entering, type 13
3724 2024-08-01 11:08:32.070 Accepted password for rstrom from 192.168.42.131 port 54163 ssh2
3724 2024-08-01 11:08:32.070 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
3724 2024-08-01 11:08:32.070 debug3: mm_get_keystate: Waiting for new keys
3724 2024-08-01 11:08:32.070 debug3: mm_request_receive_expect: entering, type 26
3724 2024-08-01 11:08:32.070 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:32.085 debug3: mm_get_keystate: GOT new keys
3724 2024-08-01 11:08:32.085 debug3: mm_auth_password: user authenticated [preauth]
3724 2024-08-01 11:08:32.085 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3724 2024-08-01 11:08:32.085 debug3: ensure_minimum_time_since: elapsed 17.000ms, delaying 12.526ms (requested 7.381ms) [preauth]
3724 2024-08-01 11:08:32.085 debug3: send packet: type 52 [preauth]
3724 2024-08-01 11:08:32.085 debug3: mm_request_send: entering, type 26 [preauth]
3724 2024-08-01 11:08:32.085 debug3: mm_send_keystate: Finished sending state [preauth]
3724 2024-08-01 11:08:32.085 debug1: monitor_read_log: child log fd closed
3724 2024-08-01 11:08:32.085 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
3724 2024-08-01 11:08:32.085 User child is on pid 88
3724 2024-08-01 11:08:32.085 debug3: send_rexec_state: entering fd = 5 config len 2367
3724 2024-08-01 11:08:32.085 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:32.085 debug3: send_rexec_state: done
3724 2024-08-01 11:08:32.085 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:32.085 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:32.085 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:32.085 debug3: ssh_msg_send: type 0
3724 2024-08-01 11:08:32.100 debug3: ssh_msg_send: type 0
88 2024-08-01 11:08:32.100 debug3: process_channel_timeouts: setting 0 timeouts
88 2024-08-01 11:08:32.100 debug3: channel_clear_timeouts: clearing
88 2024-08-01 11:08:32.100 debug3: recv_idexch_state: entering fd = 3
88 2024-08-01 11:08:32.100 debug3: ssh_msg_recv entering
88 2024-08-01 11:08:32.100 debug3: recv_idexch_state: done
88 2024-08-01 11:08:32.100 debug2: fd 5 setting O_NONBLOCK
88 2024-08-01 11:08:32.100 debug3: recv_autxctx_state: entering fd = 3
88 2024-08-01 11:08:32.100 debug3: ssh_msg_recv entering
88 2024-08-01 11:08:32.100 debug3: recv_autxctx_state: done
88 2024-08-01 11:08:32.100 debug2: parse_server_config_depth: config reprocess config len 2367
88 2024-08-01 11:08:32.100 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
88 2024-08-01 11:08:32.100 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
88 2024-08-01 11:08:32.100 debug1: user 2022testing\\rstrom matched group list administrators at line 92
88 2024-08-01 11:08:32.100 debug3: match found
88 2024-08-01 11:08:32.100 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3724 2024-08-01 11:08:32.100 debug3: monitor_recv_keystate: entering 
3724 2024-08-01 11:08:32.100 debug3: ssh_msg_recv entering
3724 2024-08-01 11:08:32.100 debug3: monitor_recv_keystate: done
3724 2024-08-01 11:08:32.100 debug3: monitor_apply_keystate: packet_set_state
3724 2024-08-01 11:08:32.100 debug2: ssh_set_newkeys: mode 0
3724 2024-08-01 11:08:32.100 debug1: rekey in after 134217728 blocks
3724 2024-08-01 11:08:32.100 debug2: ssh_set_newkeys: mode 1
3724 2024-08-01 11:08:32.100 debug1: rekey out after 134217728 blocks
3724 2024-08-01 11:08:32.100 debug1: ssh_packet_set_postauth: called
3724 2024-08-01 11:08:32.100 debug3: ssh_packet_set_state: done
3724 2024-08-01 11:08:32.100 debug3: monitor_recv_authopt: entering 
3724 2024-08-01 11:08:32.100 debug3: ssh_msg_recv entering
3724 2024-08-01 11:08:32.100 debug3: monitor_recv_authopt: done
3724 2024-08-01 11:08:32.100 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
3724 2024-08-01 11:08:32.100 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
3724 2024-08-01 11:08:32.100 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
3724 2024-08-01 11:08:32.100 debug3: notify_hostkeys: sent 3 hostkeys
3724 2024-08-01 11:08:32.100 debug3: send packet: type 80
3724 2024-08-01 11:08:32.100 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
3724 2024-08-01 11:08:32.100 debug1: Entering interactive session for SSH2.
3724 2024-08-01 11:08:32.100 debug1: server_init_dispatch
3724 2024-08-01 11:08:32.100 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
3724 2024-08-01 11:08:32.100 debug3: pselect_notify_setup: initializing
3724 2024-08-01 11:08:32.100 debug2: fd 10 setting O_NONBLOCK
3724 2024-08-01 11:08:32.100 debug2: fd 8 setting O_NONBLOCK
3724 2024-08-01 11:08:32.100 debug3: pselect_notify_setup: pid 88 saved 88 pipe0 10 pipe1 8
3724 2024-08-01 11:08:32.100 debug3: receive packet: type 90
3724 2024-08-01 11:08:32.100 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
3724 2024-08-01 11:08:32.100 debug1: input_session_request
3724 2024-08-01 11:08:32.100 debug1: channel 0: new session [server-session] (inactive timeout: 0)
3724 2024-08-01 11:08:32.100 debug2: session_new: allocate (allocated 0 max 10)
3724 2024-08-01 11:08:32.100 debug3: session_unused: session id 0 unused
3724 2024-08-01 11:08:32.100 debug1: session_new: session 0
3724 2024-08-01 11:08:32.100 debug1: session_open: channel 0
3724 2024-08-01 11:08:32.100 debug1: session_open: session 0: link with channel 0
3724 2024-08-01 11:08:32.100 debug1: server_input_channel_open: confirm session
3724 2024-08-01 11:08:32.100 debug3: send packet: type 91
3724 2024-08-01 11:08:32.100 debug3: receive packet: type 80
3724 2024-08-01 11:08:32.100 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
3724 2024-08-01 11:08:32.116 debug3: receive packet: type 98
3724 2024-08-01 11:08:32.116 debug1: server_input_channel_req: channel 0 request pty-req reply 1
3724 2024-08-01 11:08:32.116 debug1: session_by_channel: session 0 channel 0
3724 2024-08-01 11:08:32.116 debug1: session_input_channel_req: session 0 req pty-req
3724 2024-08-01 11:08:32.116 debug1: Allocating pty.
3724 2024-08-01 11:08:32.116 debug3: fd 9 is not O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug3: fd 11 is not O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug1: session_pty_req: session 0 alloc windows-pty
3724 2024-08-01 11:08:32.116 debug3: send packet: type 99
3724 2024-08-01 11:08:32.116 debug3: receive packet: type 98
3724 2024-08-01 11:08:32.116 debug1: server_input_channel_req: channel 0 request shell reply 1
3724 2024-08-01 11:08:32.116 debug1: session_by_channel: session 0 channel 0
3724 2024-08-01 11:08:32.116 debug1: session_input_channel_req: session 0 req shell
3724 2024-08-01 11:08:32.116 debug2: channel_set_xtype: labeled channel 0 as session:shell (inactive timeout 0)
3724 2024-08-01 11:08:32.116 Starting session: shell on windows-pty for 2022testing\\\\rstrom from 192.168.42.131 port 54163 id 0
3724 2024-08-01 11:08:32.116 debug2: fd 12 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug2: fd 13 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug2: fd 14 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug2: fd 15 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug2: fd 16 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug2: fd 17 setting O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3724 2024-08-01 11:08:32.116 debug3: shell_option: -c
3724 2024-08-01 11:08:32.116 debug3: This windows OS supports conpty
3724 2024-08-01 11:08:32.116 debug3: pty commandline: C:\\\\Windows\\\\system32\\\\conhost.exe --headless --width 120 --height 30 --signal 0x240 -- "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3724 2024-08-01 11:08:32.116 debug2: fd 5 setting TCP_NODELAY
3724 2024-08-01 11:08:32.116 debug2: channel 0: rfd 14 isatty
3724 2024-08-01 11:08:32.116 debug3: fd 14 is O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug3: fd 13 is O_NONBLOCK
3724 2024-08-01 11:08:32.116 debug3: send packet: type 99
3724 2024-08-01 11:08:33.210 debug3: receive packet: type 98
3724 2024-08-01 11:08:33.210 debug1: server_input_channel_req: channel 0 request window-change reply 0
3724 2024-08-01 11:08:33.210 debug1: session_by_channel: session 0 channel 0
3724 2024-08-01 11:08:33.210 debug1: session_input_channel_req: session 0 req window-change
3724 2024-08-01 11:08:36.261 debug2: channel 0: read failed rfd 14 maxlen 32768: Broken pipe
3724 2024-08-01 11:08:36.261 debug2: channel 0: read failed
3724 2024-08-01 11:08:36.261 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 14 efd -1 [closed])
3724 2024-08-01 11:08:36.261 debug2: channel 0: input open -> drain
3724 2024-08-01 11:08:36.261 debug2: channel 0: ibuf empty
3724 2024-08-01 11:08:36.261 debug2: channel 0: send eof
3724 2024-08-01 11:08:36.261 debug3: send packet: type 96
3724 2024-08-01 11:08:36.261 debug2: channel 0: input drain -> closed
3724 2024-08-01 11:08:36.261 debug2: pselect_notify_done: reading
3724 2024-08-01 11:08:36.261 debug1: Received SIGCHLD.
3724 2024-08-01 11:08:36.261 debug1: session_by_pid: pid 3452
3724 2024-08-01 11:08:36.261 debug2: channel 0: request exit-status confirm 0
3724 2024-08-01 11:08:36.261 debug3: send packet: type 98
3724 2024-08-01 11:08:36.261 debug1: session_exit_message: session 0 channel 0 pid 3452 exit 0
3724 2024-08-01 11:08:36.261 debug1: session_exit_message: release channel 0
3724 2024-08-01 11:08:36.261 debug2: channel 0: write failed
3724 2024-08-01 11:08:36.261 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 13 efd -1 [closed])
3724 2024-08-01 11:08:36.261 debug2: channel 0: send eow
3724 2024-08-01 11:08:36.261 debug3: send packet: type 98
3724 2024-08-01 11:08:36.261 debug2: channel 0: output open -> closed
3724 2024-08-01 11:08:36.261 debug2: channel 0: send close
3724 2024-08-01 11:08:36.261 debug3: send packet: type 97
3724 2024-08-01 11:08:36.261 debug3: channel 0: will not send data after close
3724 2024-08-01 11:08:36.261 debug3: receive packet: type 97
3724 2024-08-01 11:08:36.261 debug2: channel 0: rcvd close
3724 2024-08-01 11:08:36.261 debug3: channel 0: will not send data after close
3724 2024-08-01 11:08:36.261 debug2: channel 0: is dead
3724 2024-08-01 11:08:36.261 debug2: channel 0: gc: notify user
3724 2024-08-01 11:08:36.261 debug1: session_by_channel: session 0 channel 0
3724 2024-08-01 11:08:36.261 debug1: session_close_by_channel: channel 0 child 0
3724 2024-08-01 11:08:36.261 Close session: user 2022testing\\\\rstrom from 192.168.42.131 port 54163 id 0
3724 2024-08-01 11:08:36.261 debug3: session_unused: session id 0 unused
3724 2024-08-01 11:08:36.261 debug2: channel 0: gc: user detached
3724 2024-08-01 11:08:36.261 debug2: channel 0: is dead
3724 2024-08-01 11:08:36.261 debug2: channel 0: garbage collecting
3724 2024-08-01 11:08:36.261 debug1: channel 0: free: server-session, nchannels 1
3724 2024-08-01 11:08:36.261 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:shell] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
3724 2024-08-01 11:08:36.261 debug3: receive packet: type 1
3724 2024-08-01 11:08:36.261 Received disconnect from 192.168.42.131 port 54163:11: disconnected by user
3724 2024-08-01 11:08:36.261 Disconnected from 192.168.42.131 port 54163
3724 2024-08-01 11:08:36.261 debug1: do_cleanup
3724 2024-08-01 11:08:36.276 debug3: mm_request_receive: entering
3724 2024-08-01 11:08:36.276 debug1: do_cleanup
3660 2024-08-01 11:08:36.276 debug2: pselect_notify_done: reading
3660 2024-08-01 11:09:18.867 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:09:18.867 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:09:18.867 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:09:18.867 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:09:18.867 debug3: send_rexec_state: done
2504 2024-08-01 11:09:18.883 debug1: inetd sockets after dupping: 4, 4
2504 2024-08-01 11:09:18.883 debug3: process_channel_timeouts: setting 0 timeouts
2504 2024-08-01 11:09:18.883 debug3: channel_clear_timeouts: clearing
2504 2024-08-01 11:09:18.883 Connection from 192.168.42.131 port 54172 on 192.168.42.141 port 22
2504 2024-08-01 11:09:18.883 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
2504 2024-08-01 11:09:18.883 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
2504 2024-08-01 11:09:18.883 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
2504 2024-08-01 11:09:18.883 debug2: fd 4 setting O_NONBLOCK
2504 2024-08-01 11:09:18.899 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
2504 2024-08-01 11:09:18.899 debug2: Network child is on pid 1952
2504 2024-08-01 11:09:18.899 debug3: send_rexec_state: entering fd = 6 config len 2367
2504 2024-08-01 11:09:18.899 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:18.899 debug3: send_rexec_state: done
2504 2024-08-01 11:09:18.899 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:18.899 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:18.899 debug3: preauth child monitor started
2504 2024-08-01 11:09:18.914 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
2504 2024-08-01 11:09:18.914 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
2504 2024-08-01 11:09:18.914 debug3: send packet: type 20 [preauth]
2504 2024-08-01 11:09:18.914 debug1: SSH2_MSG_KEXINIT sent [preauth]
2504 2024-08-01 11:09:18.914 debug3: receive packet: type 20 [preauth]
2504 2024-08-01 11:09:18.914 debug1: SSH2_MSG_KEXINIT received [preauth]
2504 2024-08-01 11:09:18.914 debug2: local server KEXINIT proposal [preauth]
2504 2024-08-01 11:09:18.914 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
2504 2024-08-01 11:09:18.914 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
2504 2024-08-01 11:09:18.914 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
2504 2024-08-01 11:09:18.914 debug2: compression ctos: none,zlib@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: compression stoc: none,zlib@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: languages ctos:  [preauth]
2504 2024-08-01 11:09:18.914 debug2: languages stoc:  [preauth]
2504 2024-08-01 11:09:18.914 debug2: first_kex_follows 0  [preauth]
2504 2024-08-01 11:09:18.914 debug2: reserved 0  [preauth]
2504 2024-08-01 11:09:18.914 debug2: peer client KEXINIT proposal [preauth]
2504 2024-08-01 11:09:18.914 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
2504 2024-08-01 11:09:18.914 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
2504 2024-08-01 11:09:18.914 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
2504 2024-08-01 11:09:18.914 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
2504 2024-08-01 11:09:18.914 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
2504 2024-08-01 11:09:18.914 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
2504 2024-08-01 11:09:18.914 debug2: languages ctos:  [preauth]
2504 2024-08-01 11:09:18.914 debug2: languages stoc:  [preauth]
2504 2024-08-01 11:09:18.914 debug2: first_kex_follows 0  [preauth]
2504 2024-08-01 11:09:18.914 debug2: reserved 0  [preauth]
2504 2024-08-01 11:09:18.914 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
2504 2024-08-01 11:09:18.914 debug1: kex: algorithm: curve25519-sha256 [preauth]
2504 2024-08-01 11:09:18.914 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
2504 2024-08-01 11:09:18.914 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
2504 2024-08-01 11:09:18.914 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
2504 2024-08-01 11:09:18.914 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
2504 2024-08-01 11:09:18.914 debug3: receive packet: type 30 [preauth]
2504 2024-08-01 11:09:18.914 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_sshkey_sign: entering [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_request_send: entering, type 6 [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_request_receive_expect: entering, type 7 [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_request_receive: entering [preauth]
2504 2024-08-01 11:09:18.914 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:18.914 debug3: monitor_read: checking request 6
2504 2024-08-01 11:09:18.914 debug3: mm_answer_sign: entering
2504 2024-08-01 11:09:18.914 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
2504 2024-08-01 11:09:18.914 debug3: mm_request_send: entering, type 7
2504 2024-08-01 11:09:18.914 debug2: monitor_read: 6 used once, disabling now
2504 2024-08-01 11:09:18.914 debug3: send packet: type 31 [preauth]
2504 2024-08-01 11:09:18.914 debug3: send packet: type 21 [preauth]
2504 2024-08-01 11:09:18.914 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
2504 2024-08-01 11:09:18.914 debug2: ssh_set_newkeys: mode 1 [preauth]
2504 2024-08-01 11:09:18.914 debug1: rekey out after 134217728 blocks [preauth]
2504 2024-08-01 11:09:18.914 debug1: SSH2_MSG_NEWKEYS sent [preauth]
2504 2024-08-01 11:09:18.914 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
2504 2024-08-01 11:09:18.914 debug3: send packet: type 7 [preauth]
2504 2024-08-01 11:09:18.914 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
2504 2024-08-01 11:09:18.930 debug3: receive packet: type 21 [preauth]
2504 2024-08-01 11:09:18.930 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
2504 2024-08-01 11:09:18.930 debug1: SSH2_MSG_NEWKEYS received [preauth]
2504 2024-08-01 11:09:18.930 debug2: ssh_set_newkeys: mode 0 [preauth]
2504 2024-08-01 11:09:18.930 debug1: rekey in after 134217728 blocks [preauth]
2504 2024-08-01 11:09:18.930 debug1: KEX done [preauth]
2504 2024-08-01 11:09:18.946 debug3: receive packet: type 5 [preauth]
2504 2024-08-01 11:09:18.946 debug3: send packet: type 6 [preauth]
2504 2024-08-01 11:09:18.946 debug3: receive packet: type 50 [preauth]
2504 2024-08-01 11:09:18.946 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
2504 2024-08-01 11:09:18.946 debug1: attempt 0 failures 0 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_getpwnamallow: entering [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_send: entering, type 8 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive_expect: entering, type 9 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive: entering [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:18.946 debug3: monitor_read: checking request 8
2504 2024-08-01 11:09:18.946 debug3: mm_answer_pwnamallow: entering
2504 2024-08-01 11:09:18.946 debug2: parse_server_config_depth: config reprocess config len 2367
2504 2024-08-01 11:09:18.946 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
2504 2024-08-01 11:09:18.946 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
2504 2024-08-01 11:09:18.946 debug3: LsaLogonUser Succeeded (Impersonation: 0)
2504 2024-08-01 11:09:18.946 debug1: user 2022testing\\rstrom matched group list administrators at line 92
2504 2024-08-01 11:09:18.946 debug3: match found
2504 2024-08-01 11:09:18.946 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
2504 2024-08-01 11:09:18.946 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
2504 2024-08-01 11:09:18.946 debug3: mm_request_send: entering, type 9
2504 2024-08-01 11:09:18.946 debug2: monitor_read: 8 used once, disabling now
2504 2024-08-01 11:09:18.946 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
2504 2024-08-01 11:09:18.946 debug3: channel_clear_timeouts: clearing [preauth]
2504 2024-08-01 11:09:18.946 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_inform_authserv: entering [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_send: entering, type 4 [preauth]
2504 2024-08-01 11:09:18.946 debug2: input_userauth_request: try method none [preauth]
2504 2024-08-01 11:09:18.946 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
2504 2024-08-01 11:09:18.946 debug3: send packet: type 51 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:18.946 debug3: monitor_read: checking request 4
2504 2024-08-01 11:09:18.946 debug3: mm_answer_authserv: service=ssh-connection, style=
2504 2024-08-01 11:09:18.946 debug2: monitor_read: 4 used once, disabling now
2504 2024-08-01 11:09:18.946 debug3: receive packet: type 50 [preauth]
2504 2024-08-01 11:09:18.946 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
2504 2024-08-01 11:09:18.946 debug1: attempt 1 failures 0 [preauth]
2504 2024-08-01 11:09:18.946 debug2: input_userauth_request: try method publickey [preauth]
2504 2024-08-01 11:09:18.946 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn [preauth]
2504 2024-08-01 11:09:18.946 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_key_allowed: entering [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_send: entering, type 22 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive_expect: entering, type 23 [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive: entering [preauth]
2504 2024-08-01 11:09:18.946 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:18.946 debug3: monitor_read: checking request 22
2504 2024-08-01 11:09:18.946 debug3: mm_answer_keyallowed: entering
2504 2024-08-01 11:09:18.946 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
2504 2024-08-01 11:09:18.946 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��'
2504 2024-08-01 11:09:18.946 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
2504 2024-08-01 11:09:18.946 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/1 lines
2504 2024-08-01 11:09:18.946 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
2504 2024-08-01 11:09:18.946 Failed publickey for rstrom from 192.168.42.131 port 54172 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
2504 2024-08-01 11:09:18.946 debug3: mm_request_send: entering, type 23
2504 2024-08-01 11:09:18.961 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
2504 2024-08-01 11:09:18.961 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
2504 2024-08-01 11:09:18.961 debug3: ensure_minimum_time_since: elapsed 15.000ms, delaying 14.526ms (requested 7.381ms) [preauth]
2504 2024-08-01 11:09:18.977 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
2504 2024-08-01 11:09:18.977 debug3: send packet: type 51 [preauth]
2504 2024-08-01 11:09:18.977 debug3: receive packet: type 50 [preauth]
2504 2024-08-01 11:09:18.977 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
2504 2024-08-01 11:09:18.977 debug1: attempt 2 failures 1 [preauth]
2504 2024-08-01 11:09:18.977 debug2: input_userauth_request: try method publickey [preauth]
2504 2024-08-01 11:09:18.977 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMwiz2kfxOoYsJUEA+kjI9ju5fFP91Gad4OE3Yc5ecST [preauth]
2504 2024-08-01 11:09:18.977 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_key_allowed: entering [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_request_send: entering, type 22 [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_request_receive_expect: entering, type 23 [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_request_receive: entering [preauth]
2504 2024-08-01 11:09:18.977 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:18.977 debug3: monitor_read: checking request 22
2504 2024-08-01 11:09:18.977 debug3: mm_answer_keyallowed: entering
2504 2024-08-01 11:09:18.977 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
2504 2024-08-01 11:09:18.977 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��'
2504 2024-08-01 11:09:18.977 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
2504 2024-08-01 11:09:18.977 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/1 lines
2504 2024-08-01 11:09:18.977 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
2504 2024-08-01 11:09:18.977 Failed publickey for rstrom from 192.168.42.131 port 54172 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
2504 2024-08-01 11:09:18.977 debug3: mm_request_send: entering, type 23
2504 2024-08-01 11:09:18.977 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
2504 2024-08-01 11:09:18.977 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
2504 2024-08-01 11:09:18.977 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
2504 2024-08-01 11:09:18.992 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
2504 2024-08-01 11:09:18.992 debug3: send packet: type 51 [preauth]
2504 2024-08-01 11:09:18.992 debug3: receive packet: type 50 [preauth]
2504 2024-08-01 11:09:18.992 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
2504 2024-08-01 11:09:18.992 debug1: attempt 3 failures 2 [preauth]
2504 2024-08-01 11:09:18.992 debug2: input_userauth_request: try method keyboard-interactive [preauth]
2504 2024-08-01 11:09:18.992 debug1: keyboard-interactive devs  [preauth]
2504 2024-08-01 11:09:18.992 debug1: auth2_challenge: user=rstrom devs= [preauth]
2504 2024-08-01 11:09:18.992 debug1: kbdint_alloc: devices '' [preauth]
2504 2024-08-01 11:09:18.992 debug2: auth2_challenge_start: devices  [preauth]
2504 2024-08-01 11:09:18.992 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
2504 2024-08-01 11:09:18.992 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
2504 2024-08-01 11:09:19.008 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
2504 2024-08-01 11:09:19.008 debug3: send packet: type 51 [preauth]
2504 2024-08-01 11:09:22.688 debug3: receive packet: type 50 [preauth]
2504 2024-08-01 11:09:22.688 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
2504 2024-08-01 11:09:22.688 debug1: attempt 4 failures 3 [preauth]
2504 2024-08-01 11:09:22.688 debug2: input_userauth_request: try method password [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_auth_password: entering [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_request_send: entering, type 12 [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_request_receive_expect: entering, type 13 [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_request_receive: entering [preauth]
2504 2024-08-01 11:09:22.688 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:22.688 debug3: monitor_read: checking request 12
2504 2024-08-01 11:09:22.688 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
2504 2024-08-01 11:09:22.704 debug3: mm_answer_authpassword: sending result 1
2504 2024-08-01 11:09:22.704 debug3: mm_answer_authpassword: sending result 1
2504 2024-08-01 11:09:22.704 debug3: mm_request_send: entering, type 13
2504 2024-08-01 11:09:22.704 Accepted password for rstrom from 192.168.42.131 port 54172 ssh2
2504 2024-08-01 11:09:22.704 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
2504 2024-08-01 11:09:22.704 debug3: mm_get_keystate: Waiting for new keys
2504 2024-08-01 11:09:22.704 debug3: mm_request_receive_expect: entering, type 26
2504 2024-08-01 11:09:22.704 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:22.719 debug3: mm_get_keystate: GOT new keys
2504 2024-08-01 11:09:22.719 debug3: mm_auth_password: user authenticated [preauth]
2504 2024-08-01 11:09:22.719 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
2504 2024-08-01 11:09:22.719 debug3: ensure_minimum_time_since: elapsed 16.000ms, delaying 13.525ms (requested 7.381ms) [preauth]
2504 2024-08-01 11:09:22.719 debug3: send packet: type 52 [preauth]
2504 2024-08-01 11:09:22.719 debug3: mm_request_send: entering, type 26 [preauth]
2504 2024-08-01 11:09:22.719 debug3: mm_send_keystate: Finished sending state [preauth]
2504 2024-08-01 11:09:22.719 debug1: monitor_read_log: child log fd closed
2504 2024-08-01 11:09:22.719 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
2504 2024-08-01 11:09:22.719 User child is on pid 4428
2504 2024-08-01 11:09:22.719 debug3: send_rexec_state: entering fd = 5 config len 2367
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:22.719 debug3: send_rexec_state: done
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
2504 2024-08-01 11:09:22.719 debug3: ssh_msg_send: type 0
4428 2024-08-01 11:09:22.735 debug3: process_channel_timeouts: setting 0 timeouts
4428 2024-08-01 11:09:22.735 debug3: channel_clear_timeouts: clearing
4428 2024-08-01 11:09:22.735 debug3: recv_idexch_state: entering fd = 3
4428 2024-08-01 11:09:22.735 debug3: ssh_msg_recv entering
4428 2024-08-01 11:09:22.735 debug3: recv_idexch_state: done
4428 2024-08-01 11:09:22.735 debug2: fd 5 setting O_NONBLOCK
4428 2024-08-01 11:09:22.735 debug3: recv_autxctx_state: entering fd = 3
4428 2024-08-01 11:09:22.735 debug3: ssh_msg_recv entering
4428 2024-08-01 11:09:22.735 debug3: recv_autxctx_state: done
4428 2024-08-01 11:09:22.735 debug2: parse_server_config_depth: config reprocess config len 2367
4428 2024-08-01 11:09:22.735 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
4428 2024-08-01 11:09:22.735 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
4428 2024-08-01 11:09:22.735 debug1: user 2022testing\\rstrom matched group list administrators at line 92
4428 2024-08-01 11:09:22.735 debug3: match found
4428 2024-08-01 11:09:22.735 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
2504 2024-08-01 11:09:22.735 debug3: monitor_recv_keystate: entering 
2504 2024-08-01 11:09:22.735 debug3: ssh_msg_recv entering
2504 2024-08-01 11:09:22.735 debug3: monitor_recv_keystate: done
2504 2024-08-01 11:09:22.735 debug3: monitor_apply_keystate: packet_set_state
2504 2024-08-01 11:09:22.735 debug2: ssh_set_newkeys: mode 0
2504 2024-08-01 11:09:22.735 debug1: rekey in after 134217728 blocks
2504 2024-08-01 11:09:22.735 debug2: ssh_set_newkeys: mode 1
2504 2024-08-01 11:09:22.735 debug1: rekey out after 134217728 blocks
2504 2024-08-01 11:09:22.735 debug1: ssh_packet_set_postauth: called
2504 2024-08-01 11:09:22.735 debug3: ssh_packet_set_state: done
2504 2024-08-01 11:09:22.735 debug3: monitor_recv_authopt: entering 
2504 2024-08-01 11:09:22.735 debug3: ssh_msg_recv entering
2504 2024-08-01 11:09:22.735 debug3: monitor_recv_authopt: done
2504 2024-08-01 11:09:22.735 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
2504 2024-08-01 11:09:22.735 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
2504 2024-08-01 11:09:22.735 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
2504 2024-08-01 11:09:22.735 debug3: notify_hostkeys: sent 3 hostkeys
2504 2024-08-01 11:09:22.735 debug3: send packet: type 80
2504 2024-08-01 11:09:22.735 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
2504 2024-08-01 11:09:22.735 debug1: Entering interactive session for SSH2.
2504 2024-08-01 11:09:22.735 debug1: server_init_dispatch
2504 2024-08-01 11:09:22.735 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
2504 2024-08-01 11:09:22.735 debug3: pselect_notify_setup: initializing
2504 2024-08-01 11:09:22.735 debug2: fd 10 setting O_NONBLOCK
2504 2024-08-01 11:09:22.735 debug2: fd 8 setting O_NONBLOCK
2504 2024-08-01 11:09:22.735 debug3: pselect_notify_setup: pid 4428 saved 4428 pipe0 10 pipe1 8
2504 2024-08-01 11:09:22.735 debug3: receive packet: type 90
2504 2024-08-01 11:09:22.735 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
2504 2024-08-01 11:09:22.735 debug1: input_session_request
2504 2024-08-01 11:09:22.735 debug1: channel 0: new session [server-session] (inactive timeout: 0)
2504 2024-08-01 11:09:22.735 debug2: session_new: allocate (allocated 0 max 10)
2504 2024-08-01 11:09:22.735 debug3: session_unused: session id 0 unused
2504 2024-08-01 11:09:22.735 debug1: session_new: session 0
2504 2024-08-01 11:09:22.735 debug1: session_open: channel 0
2504 2024-08-01 11:09:22.735 debug1: session_open: session 0: link with channel 0
2504 2024-08-01 11:09:22.735 debug1: server_input_channel_open: confirm session
2504 2024-08-01 11:09:22.735 debug3: send packet: type 91
2504 2024-08-01 11:09:22.735 debug3: receive packet: type 80
2504 2024-08-01 11:09:22.735 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
2504 2024-08-01 11:09:22.750 debug3: receive packet: type 98
2504 2024-08-01 11:09:22.750 debug1: server_input_channel_req: channel 0 request exec reply 1
2504 2024-08-01 11:09:22.750 debug1: session_by_channel: session 0 channel 0
2504 2024-08-01 11:09:22.750 debug1: session_input_channel_req: session 0 req exec
2504 2024-08-01 11:09:22.750 debug2: channel_set_xtype: labeled channel 0 as session:command (inactive timeout 0)
2504 2024-08-01 11:09:22.750 Starting session: command for 2022testing\\\\rstrom from 192.168.42.131 port 54172 id 0
2504 2024-08-01 11:09:22.750 debug2: fd 9 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug2: fd 11 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug2: fd 12 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug2: fd 13 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug2: fd 14 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug2: fd 15 setting O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
2504 2024-08-01 11:09:22.750 debug3: shell_option: -c
2504 2024-08-01 11:09:22.750 debug3: exec_command: powershell Add-Content -Force -Path C:\\\\ProgramData\\\\ssh\\\\administrators_authorized_keys -Value '''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn 2022testing\\\\rstrom@EventCollector''';icacls.exe "C:\\\\ProgramData\\\\ssh\\\\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
2504 2024-08-01 11:09:22.750 debug3: arg escape option: TRUE
2504 2024-08-01 11:09:22.750 debug3: spawn_argv[0]: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
2504 2024-08-01 11:09:22.750 debug3: spawning "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe" -c "powershell Add-Content -Force -Path C:\\\\ProgramData\\\\ssh\\\\administrators_authorized_keys -Value '''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn 2022testing\\\\rstrom@EventCollector''';icacls.exe \\\\"C:\\\\ProgramData\\\\ssh\\\\administrators_authorized_keys\\\\" /inheritance:r /grant \\\\"Administrators:F\\\\" /grant \\\\"SYSTEM:F\\\\"" as subprocess
2504 2024-08-01 11:09:22.750 debug2: fd 5 setting TCP_NODELAY
2504 2024-08-01 11:09:22.750 debug3: fd 12 is O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug3: fd 11 is O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug3: fd 14 is O_NONBLOCK
2504 2024-08-01 11:09:22.750 debug3: send packet: type 99
2504 2024-08-01 11:09:23.860 debug2: channel 0: read failed rfd 12 maxlen 32768: Broken pipe
2504 2024-08-01 11:09:23.860 debug2: channel 0: read failed
2504 2024-08-01 11:09:23.860 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 12 efd 14 [read])
2504 2024-08-01 11:09:23.860 debug2: channel 0: input open -> drain
2504 2024-08-01 11:09:23.860 debug2: channel 0: read 0 from efd 14
2504 2024-08-01 11:09:23.860 debug2: channel 0: closing read-efd 14
2504 2024-08-01 11:09:23.860 debug2: channel 0: ibuf empty
2504 2024-08-01 11:09:23.860 debug2: channel 0: send eof
2504 2024-08-01 11:09:23.860 debug3: send packet: type 96
2504 2024-08-01 11:09:23.860 debug2: channel 0: input drain -> closed
2504 2024-08-01 11:09:23.875 debug2: pselect_notify_done: reading
2504 2024-08-01 11:09:23.875 debug1: Received SIGCHLD.
2504 2024-08-01 11:09:23.875 debug1: session_by_pid: pid 4452
2504 2024-08-01 11:09:23.875 debug2: channel 0: request exit-status confirm 0
2504 2024-08-01 11:09:23.875 debug3: send packet: type 98
2504 2024-08-01 11:09:23.875 debug1: session_exit_message: session 0 channel 0 pid 4452 exit 0
2504 2024-08-01 11:09:23.875 debug1: session_exit_message: release channel 0
2504 2024-08-01 11:09:23.875 debug2: channel 0: write failed
2504 2024-08-01 11:09:23.875 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 11 efd -1 [closed])
2504 2024-08-01 11:09:23.875 debug2: channel 0: send eow
2504 2024-08-01 11:09:23.875 debug3: send packet: type 98
2504 2024-08-01 11:09:23.875 debug2: channel 0: output open -> closed
2504 2024-08-01 11:09:23.875 debug2: channel 0: send close
2504 2024-08-01 11:09:23.875 debug3: send packet: type 97
2504 2024-08-01 11:09:23.875 debug3: channel 0: will not send data after close
2504 2024-08-01 11:09:23.875 debug3: receive packet: type 97
2504 2024-08-01 11:09:23.875 debug2: channel 0: rcvd close
2504 2024-08-01 11:09:23.875 debug3: channel 0: will not send data after close
2504 2024-08-01 11:09:23.875 debug2: channel 0: is dead
2504 2024-08-01 11:09:23.875 debug2: channel 0: gc: notify user
2504 2024-08-01 11:09:23.875 debug1: session_by_channel: session 0 channel 0
2504 2024-08-01 11:09:23.875 debug1: session_close_by_channel: channel 0 child 0
2504 2024-08-01 11:09:23.875 Close session: user 2022testing\\\\rstrom from 192.168.42.131 port 54172 id 0
2504 2024-08-01 11:09:23.875 debug3: session_unused: session id 0 unused
2504 2024-08-01 11:09:23.875 debug2: channel 0: gc: user detached
2504 2024-08-01 11:09:23.875 debug2: channel 0: is dead
2504 2024-08-01 11:09:23.875 debug2: channel 0: garbage collecting
2504 2024-08-01 11:09:23.875 debug1: channel 0: free: server-session, nchannels 1
2504 2024-08-01 11:09:23.875 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:command] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
2504 2024-08-01 11:09:23.875 debug3: WSARecv - WSARecv() ERROR: io:0000027482E91DD0 10054
2504 2024-08-01 11:09:23.875 debug3: recv - from CB ERROR:108, io:0000027482E91DD0
2504 2024-08-01 11:09:23.875 Read error from remote host 192.168.42.131 port 54172: Unknown error
2504 2024-08-01 11:09:23.875 debug1: do_cleanup
2504 2024-08-01 11:09:23.891 debug3: mm_request_receive: entering
2504 2024-08-01 11:09:23.891 debug1: do_cleanup
3660 2024-08-01 11:09:23.907 debug2: pselect_notify_done: reading
3660 2024-08-01 11:09:35.663 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:09:35.663 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:09:35.663 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:09:35.663 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:09:35.663 debug3: send_rexec_state: done
4692 2024-08-01 11:09:35.679 debug1: inetd sockets after dupping: 4, 4
4692 2024-08-01 11:09:35.679 debug3: process_channel_timeouts: setting 0 timeouts
4692 2024-08-01 11:09:35.679 debug3: channel_clear_timeouts: clearing
4692 2024-08-01 11:09:35.679 Connection from 192.168.42.131 port 54173 on 192.168.42.141 port 22
4692 2024-08-01 11:09:35.679 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
4692 2024-08-01 11:09:35.679 debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.5
4692 2024-08-01 11:09:35.679 debug1: compat_banner: match: OpenSSH_for_Windows_9.5 pat OpenSSH* compat 0x04000000
4692 2024-08-01 11:09:35.679 debug2: fd 4 setting O_NONBLOCK
4692 2024-08-01 11:09:35.694 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
4692 2024-08-01 11:09:35.694 debug2: Network child is on pid 2308
4692 2024-08-01 11:09:35.694 debug3: send_rexec_state: entering fd = 6 config len 2367
4692 2024-08-01 11:09:35.694 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:35.694 debug3: send_rexec_state: done
4692 2024-08-01 11:09:35.694 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:35.694 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:35.694 debug3: preauth child monitor started
4692 2024-08-01 11:09:35.710 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4692 2024-08-01 11:09:35.710 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4692 2024-08-01 11:09:35.710 debug3: send packet: type 20 [preauth]
4692 2024-08-01 11:09:35.710 debug1: SSH2_MSG_KEXINIT sent [preauth]
4692 2024-08-01 11:09:35.710 debug3: receive packet: type 20 [preauth]
4692 2024-08-01 11:09:35.710 debug1: SSH2_MSG_KEXINIT received [preauth]
4692 2024-08-01 11:09:35.710 debug2: local server KEXINIT proposal [preauth]
4692 2024-08-01 11:09:35.710 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4692 2024-08-01 11:09:35.710 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4692 2024-08-01 11:09:35.710 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4692 2024-08-01 11:09:35.710 debug2: compression ctos: none,zlib@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: compression stoc: none,zlib@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: languages ctos:  [preauth]
4692 2024-08-01 11:09:35.710 debug2: languages stoc:  [preauth]
4692 2024-08-01 11:09:35.710 debug2: first_kex_follows 0  [preauth]
4692 2024-08-01 11:09:35.710 debug2: reserved 0  [preauth]
4692 2024-08-01 11:09:35.710 debug2: peer client KEXINIT proposal [preauth]
4692 2024-08-01 11:09:35.710 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
4692 2024-08-01 11:09:35.710 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4692 2024-08-01 11:09:35.710 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4692 2024-08-01 11:09:35.710 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4692 2024-08-01 11:09:35.710 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
4692 2024-08-01 11:09:35.710 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
4692 2024-08-01 11:09:35.710 debug2: languages ctos:  [preauth]
4692 2024-08-01 11:09:35.710 debug2: languages stoc:  [preauth]
4692 2024-08-01 11:09:35.710 debug2: first_kex_follows 0  [preauth]
4692 2024-08-01 11:09:35.710 debug2: reserved 0  [preauth]
4692 2024-08-01 11:09:35.710 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
4692 2024-08-01 11:09:35.710 debug1: kex: algorithm: curve25519-sha256 [preauth]
4692 2024-08-01 11:09:35.710 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
4692 2024-08-01 11:09:35.710 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4692 2024-08-01 11:09:35.710 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4692 2024-08-01 11:09:35.710 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4692 2024-08-01 11:09:35.710 debug3: receive packet: type 30 [preauth]
4692 2024-08-01 11:09:35.710 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_sshkey_sign: entering [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_request_send: entering, type 6 [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_request_receive: entering [preauth]
4692 2024-08-01 11:09:35.710 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:35.710 debug3: monitor_read: checking request 6
4692 2024-08-01 11:09:35.710 debug3: mm_answer_sign: entering
4692 2024-08-01 11:09:35.710 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
4692 2024-08-01 11:09:35.710 debug3: mm_request_send: entering, type 7
4692 2024-08-01 11:09:35.710 debug2: monitor_read: 6 used once, disabling now
4692 2024-08-01 11:09:35.710 debug3: send packet: type 31 [preauth]
4692 2024-08-01 11:09:35.710 debug3: send packet: type 21 [preauth]
4692 2024-08-01 11:09:35.710 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
4692 2024-08-01 11:09:35.710 debug2: ssh_set_newkeys: mode 1 [preauth]
4692 2024-08-01 11:09:35.710 debug1: rekey out after 134217728 blocks [preauth]
4692 2024-08-01 11:09:35.710 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4692 2024-08-01 11:09:35.710 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4692 2024-08-01 11:09:35.710 debug3: send packet: type 7 [preauth]
4692 2024-08-01 11:09:35.710 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4692 2024-08-01 11:09:35.710 debug3: receive packet: type 21 [preauth]
4692 2024-08-01 11:09:35.710 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
4692 2024-08-01 11:09:35.710 debug1: SSH2_MSG_NEWKEYS received [preauth]
4692 2024-08-01 11:09:35.710 debug2: ssh_set_newkeys: mode 0 [preauth]
4692 2024-08-01 11:09:35.710 debug1: rekey in after 134217728 blocks [preauth]
4692 2024-08-01 11:09:35.710 debug1: KEX done [preauth]
4692 2024-08-01 11:09:35.741 debug3: receive packet: type 5 [preauth]
4692 2024-08-01 11:09:35.741 debug3: send packet: type 6 [preauth]
4692 2024-08-01 11:09:35.741 debug3: receive packet: type 50 [preauth]
4692 2024-08-01 11:09:35.741 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
4692 2024-08-01 11:09:35.741 debug1: attempt 0 failures 0 [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_getpwnamallow: entering [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_request_send: entering, type 8 [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_request_receive: entering [preauth]
4692 2024-08-01 11:09:35.741 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:35.741 debug3: monitor_read: checking request 8
4692 2024-08-01 11:09:35.741 debug3: mm_answer_pwnamallow: entering
4692 2024-08-01 11:09:35.741 debug2: parse_server_config_depth: config reprocess config len 2367
4692 2024-08-01 11:09:35.741 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
4692 2024-08-01 11:09:35.757 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4692 2024-08-01 11:09:35.757 debug3: LsaLogonUser Succeeded (Impersonation: 0)
4692 2024-08-01 11:09:35.757 debug1: user 2022testing\\rstrom matched group list administrators at line 92
4692 2024-08-01 11:09:35.757 debug3: match found
4692 2024-08-01 11:09:35.757 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4692 2024-08-01 11:09:35.757 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
4692 2024-08-01 11:09:35.757 debug3: mm_request_send: entering, type 9
4692 2024-08-01 11:09:35.757 debug2: monitor_read: 8 used once, disabling now
4692 2024-08-01 11:09:35.757 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
4692 2024-08-01 11:09:35.757 debug3: channel_clear_timeouts: clearing [preauth]
4692 2024-08-01 11:09:35.757 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_inform_authserv: entering [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_send: entering, type 4 [preauth]
4692 2024-08-01 11:09:35.757 debug2: input_userauth_request: try method none [preauth]
4692 2024-08-01 11:09:35.757 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4692 2024-08-01 11:09:35.757 debug3: send packet: type 51 [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:35.757 debug3: monitor_read: checking request 4
4692 2024-08-01 11:09:35.757 debug3: mm_answer_authserv: service=ssh-connection, style=
4692 2024-08-01 11:09:35.757 debug2: monitor_read: 4 used once, disabling now
4692 2024-08-01 11:09:35.757 debug3: receive packet: type 50 [preauth]
4692 2024-08-01 11:09:35.757 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4692 2024-08-01 11:09:35.757 debug1: attempt 1 failures 0 [preauth]
4692 2024-08-01 11:09:35.757 debug2: input_userauth_request: try method publickey [preauth]
4692 2024-08-01 11:09:35.757 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByVhoqzQrGLi9Dl/m9IS4JfY96ao0HTuvMvXZ5G8rnn [preauth]
4692 2024-08-01 11:09:35.757 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_key_allowed: entering [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_send: entering, type 22 [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_receive: entering [preauth]
4692 2024-08-01 11:09:35.757 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:35.757 debug3: monitor_read: checking request 22
4692 2024-08-01 11:09:35.757 debug3: mm_answer_keyallowed: entering
4692 2024-08-01 11:09:35.757 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4692 2024-08-01 11:09:35.757 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4692 2024-08-01 11:09:35.757 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4692 2024-08-01 11:09:35.757 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/2 lines
4692 2024-08-01 11:09:35.757 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
4692 2024-08-01 11:09:35.757 Failed publickey for rstrom from 192.168.42.131 port 54173 ssh2: ED25519 SHA256:emyp8YQy83OynlHgiiNyc31DyTmUOY62WzKIIfQNqtA
4692 2024-08-01 11:09:35.757 debug3: mm_request_send: entering, type 23
4692 2024-08-01 11:09:35.757 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
4692 2024-08-01 11:09:35.757 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4692 2024-08-01 11:09:35.757 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4692 2024-08-01 11:09:35.773 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4692 2024-08-01 11:09:35.773 debug3: send packet: type 51 [preauth]
4692 2024-08-01 11:09:35.773 debug3: receive packet: type 50 [preauth]
4692 2024-08-01 11:09:35.773 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4692 2024-08-01 11:09:35.773 debug1: attempt 2 failures 1 [preauth]
4692 2024-08-01 11:09:35.773 debug2: input_userauth_request: try method publickey [preauth]
4692 2024-08-01 11:09:35.773 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMwiz2kfxOoYsJUEA+kjI9ju5fFP91Gad4OE3Yc5ecST [preauth]
4692 2024-08-01 11:09:35.773 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_key_allowed: entering [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_request_send: entering, type 22 [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_request_receive: entering [preauth]
4692 2024-08-01 11:09:35.773 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:35.773 debug3: monitor_read: checking request 22
4692 2024-08-01 11:09:35.773 debug3: mm_answer_keyallowed: entering
4692 2024-08-01 11:09:35.773 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4692 2024-08-01 11:09:35.773 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4692 2024-08-01 11:09:35.773 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4692 2024-08-01 11:09:35.773 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/2 lines
4692 2024-08-01 11:09:35.773 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
4692 2024-08-01 11:09:35.773 Failed publickey for rstrom from 192.168.42.131 port 54173 ssh2: ED25519 SHA256:cePjA/xhZtLhGHtjWy+aaoRZ5sdRscv2ZQnELV6tkuU
4692 2024-08-01 11:09:35.773 debug3: mm_request_send: entering, type 23
4692 2024-08-01 11:09:35.773 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
4692 2024-08-01 11:09:35.773 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4692 2024-08-01 11:09:35.773 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4692 2024-08-01 11:09:35.788 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4692 2024-08-01 11:09:35.788 debug3: send packet: type 51 [preauth]
4692 2024-08-01 11:09:35.788 debug3: receive packet: type 50 [preauth]
4692 2024-08-01 11:09:35.788 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
4692 2024-08-01 11:09:35.788 debug1: attempt 3 failures 2 [preauth]
4692 2024-08-01 11:09:35.788 debug2: input_userauth_request: try method keyboard-interactive [preauth]
4692 2024-08-01 11:09:35.788 debug1: keyboard-interactive devs  [preauth]
4692 2024-08-01 11:09:35.788 debug1: auth2_challenge: user=rstrom devs= [preauth]
4692 2024-08-01 11:09:35.788 debug1: kbdint_alloc: devices '' [preauth]
4692 2024-08-01 11:09:35.788 debug2: auth2_challenge_start: devices  [preauth]
4692 2024-08-01 11:09:35.788 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4692 2024-08-01 11:09:35.788 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4692 2024-08-01 11:09:35.804 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4692 2024-08-01 11:09:35.804 debug3: send packet: type 51 [preauth]
4692 2024-08-01 11:09:39.633 debug3: receive packet: type 50 [preauth]
4692 2024-08-01 11:09:39.633 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
4692 2024-08-01 11:09:39.633 debug1: attempt 4 failures 3 [preauth]
4692 2024-08-01 11:09:39.633 debug2: input_userauth_request: try method password [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_auth_password: entering [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_request_send: entering, type 12 [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_request_receive_expect: entering, type 13 [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_request_receive: entering [preauth]
4692 2024-08-01 11:09:39.633 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:39.633 debug3: monitor_read: checking request 12
4692 2024-08-01 11:09:39.648 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4692 2024-08-01 11:09:39.664 debug3: mm_answer_authpassword: sending result 1
4692 2024-08-01 11:09:39.664 debug3: mm_answer_authpassword: sending result 1
4692 2024-08-01 11:09:39.664 debug3: mm_request_send: entering, type 13
4692 2024-08-01 11:09:39.664 Accepted password for rstrom from 192.168.42.131 port 54173 ssh2
4692 2024-08-01 11:09:39.664 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
4692 2024-08-01 11:09:39.664 debug3: mm_get_keystate: Waiting for new keys
4692 2024-08-01 11:09:39.664 debug3: mm_request_receive_expect: entering, type 26
4692 2024-08-01 11:09:39.664 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:39.695 debug3: mm_get_keystate: GOT new keys
4692 2024-08-01 11:09:39.695 debug3: mm_auth_password: user authenticated [preauth]
4692 2024-08-01 11:09:39.695 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4692 2024-08-01 11:09:39.695 debug3: ensure_minimum_time_since: elapsed 31.000ms, delaying 28.051ms (requested 7.381ms) [preauth]
4692 2024-08-01 11:09:39.695 debug3: send packet: type 52 [preauth]
4692 2024-08-01 11:09:39.695 debug3: mm_request_send: entering, type 26 [preauth]
4692 2024-08-01 11:09:39.695 debug3: mm_send_keystate: Finished sending state [preauth]
4692 2024-08-01 11:09:39.695 debug1: monitor_read_log: child log fd closed
4692 2024-08-01 11:09:39.695 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
4692 2024-08-01 11:09:39.711 User child is on pid 3236
4692 2024-08-01 11:09:39.711 debug3: send_rexec_state: entering fd = 5 config len 2367
4692 2024-08-01 11:09:39.711 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:39.711 debug3: send_rexec_state: done
4692 2024-08-01 11:09:39.711 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:39.711 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:39.711 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:39.711 debug3: ssh_msg_send: type 0
4692 2024-08-01 11:09:39.726 debug3: ssh_msg_send: type 0
3236 2024-08-01 11:09:39.726 debug3: process_channel_timeouts: setting 0 timeouts
3236 2024-08-01 11:09:39.726 debug3: channel_clear_timeouts: clearing
3236 2024-08-01 11:09:39.726 debug3: recv_idexch_state: entering fd = 3
3236 2024-08-01 11:09:39.726 debug3: ssh_msg_recv entering
3236 2024-08-01 11:09:39.726 debug3: recv_idexch_state: done
3236 2024-08-01 11:09:39.726 debug2: fd 5 setting O_NONBLOCK
3236 2024-08-01 11:09:39.726 debug3: recv_autxctx_state: entering fd = 3
3236 2024-08-01 11:09:39.726 debug3: ssh_msg_recv entering
3236 2024-08-01 11:09:39.726 debug3: recv_autxctx_state: done
3236 2024-08-01 11:09:39.726 debug2: parse_server_config_depth: config reprocess config len 2367
3236 2024-08-01 11:09:39.726 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.131 addr 192.168.42.131 laddr 192.168.42.141 lport 22
3236 2024-08-01 11:09:39.726 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
3236 2024-08-01 11:09:39.726 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3236 2024-08-01 11:09:39.726 debug3: match found
3236 2024-08-01 11:09:39.726 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4692 2024-08-01 11:09:39.726 debug3: monitor_recv_keystate: entering 
4692 2024-08-01 11:09:39.726 debug3: ssh_msg_recv entering
4692 2024-08-01 11:09:39.726 debug3: monitor_recv_keystate: done
4692 2024-08-01 11:09:39.726 debug3: monitor_apply_keystate: packet_set_state
4692 2024-08-01 11:09:39.726 debug2: ssh_set_newkeys: mode 0
4692 2024-08-01 11:09:39.726 debug1: rekey in after 134217728 blocks
4692 2024-08-01 11:09:39.726 debug2: ssh_set_newkeys: mode 1
4692 2024-08-01 11:09:39.726 debug1: rekey out after 134217728 blocks
4692 2024-08-01 11:09:39.726 debug1: ssh_packet_set_postauth: called
4692 2024-08-01 11:09:39.726 debug3: ssh_packet_set_state: done
4692 2024-08-01 11:09:39.726 debug3: monitor_recv_authopt: entering 
4692 2024-08-01 11:09:39.726 debug3: ssh_msg_recv entering
4692 2024-08-01 11:09:39.726 debug3: monitor_recv_authopt: done
4692 2024-08-01 11:09:39.726 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
4692 2024-08-01 11:09:39.726 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
4692 2024-08-01 11:09:39.726 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
4692 2024-08-01 11:09:39.726 debug3: notify_hostkeys: sent 3 hostkeys
4692 2024-08-01 11:09:39.726 debug3: send packet: type 80
4692 2024-08-01 11:09:39.726 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4692 2024-08-01 11:09:39.726 debug1: Entering interactive session for SSH2.
4692 2024-08-01 11:09:39.726 debug1: server_init_dispatch
4692 2024-08-01 11:09:39.726 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
4692 2024-08-01 11:09:39.726 debug3: pselect_notify_setup: initializing
4692 2024-08-01 11:09:39.726 debug2: fd 10 setting O_NONBLOCK
4692 2024-08-01 11:09:39.726 debug2: fd 8 setting O_NONBLOCK
4692 2024-08-01 11:09:39.726 debug3: pselect_notify_setup: pid 3236 saved 3236 pipe0 10 pipe1 8
4692 2024-08-01 11:09:39.726 debug3: receive packet: type 90
4692 2024-08-01 11:09:39.726 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
4692 2024-08-01 11:09:39.726 debug1: input_session_request
4692 2024-08-01 11:09:39.726 debug1: channel 0: new session [server-session] (inactive timeout: 0)
4692 2024-08-01 11:09:39.726 debug2: session_new: allocate (allocated 0 max 10)
4692 2024-08-01 11:09:39.726 debug3: session_unused: session id 0 unused
4692 2024-08-01 11:09:39.726 debug1: session_new: session 0
4692 2024-08-01 11:09:39.726 debug1: session_open: channel 0
4692 2024-08-01 11:09:39.726 debug1: session_open: session 0: link with channel 0
4692 2024-08-01 11:09:39.726 debug1: server_input_channel_open: confirm session
4692 2024-08-01 11:09:39.726 debug3: send packet: type 91
4692 2024-08-01 11:09:39.726 debug3: receive packet: type 80
4692 2024-08-01 11:09:39.726 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
4692 2024-08-01 11:09:39.758 debug3: receive packet: type 98
4692 2024-08-01 11:09:39.758 debug1: server_input_channel_req: channel 0 request pty-req reply 1
4692 2024-08-01 11:09:39.758 debug1: session_by_channel: session 0 channel 0
4692 2024-08-01 11:09:39.758 debug1: session_input_channel_req: session 0 req pty-req
4692 2024-08-01 11:09:39.758 debug1: Allocating pty.
4692 2024-08-01 11:09:39.758 debug3: fd 9 is not O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug3: fd 11 is not O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug1: session_pty_req: session 0 alloc windows-pty
4692 2024-08-01 11:09:39.758 debug3: send packet: type 99
4692 2024-08-01 11:09:39.758 debug3: receive packet: type 98
4692 2024-08-01 11:09:39.758 debug1: server_input_channel_req: channel 0 request shell reply 1
4692 2024-08-01 11:09:39.758 debug1: session_by_channel: session 0 channel 0
4692 2024-08-01 11:09:39.758 debug1: session_input_channel_req: session 0 req shell
4692 2024-08-01 11:09:39.758 debug2: channel_set_xtype: labeled channel 0 as session:shell (inactive timeout 0)
4692 2024-08-01 11:09:39.758 Starting session: shell on windows-pty for 2022testing\\\\rstrom from 192.168.42.131 port 54173 id 0
4692 2024-08-01 11:09:39.758 debug2: fd 12 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug2: fd 13 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug2: fd 14 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug2: fd 15 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug2: fd 16 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug2: fd 17 setting O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4692 2024-08-01 11:09:39.758 debug3: shell_option: -c
4692 2024-08-01 11:09:39.758 debug3: This windows OS supports conpty
4692 2024-08-01 11:09:39.758 debug3: pty commandline: C:\\\\Windows\\\\system32\\\\conhost.exe --headless --width 120 --height 30 --signal 0x9c -- "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4692 2024-08-01 11:09:39.758 debug2: fd 5 setting TCP_NODELAY
4692 2024-08-01 11:09:39.758 debug2: channel 0: rfd 14 isatty
4692 2024-08-01 11:09:39.758 debug3: fd 14 is O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug3: fd 13 is O_NONBLOCK
4692 2024-08-01 11:09:39.758 debug3: send packet: type 99
4692 2024-08-01 11:09:39.867 debug3: receive packet: type 98
4692 2024-08-01 11:09:39.867 debug1: server_input_channel_req: channel 0 request window-change reply 0
4692 2024-08-01 11:09:39.867 debug1: session_by_channel: session 0 channel 0
4692 2024-08-01 11:09:39.867 debug1: session_input_channel_req: session 0 req window-change
4692 2024-08-01 11:09:42.729 debug2: channel 0: read failed rfd 14 maxlen 32768: Broken pipe
4692 2024-08-01 11:09:42.729 debug2: channel 0: read failed
4692 2024-08-01 11:09:42.729 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 14 efd -1 [closed])
4692 2024-08-01 11:09:42.729 debug2: channel 0: input open -> drain
4692 2024-08-01 11:09:42.729 debug2: channel 0: ibuf empty
4692 2024-08-01 11:09:42.729 debug2: channel 0: send eof
4692 2024-08-01 11:09:42.729 debug3: send packet: type 96
4692 2024-08-01 11:09:42.729 debug2: channel 0: input drain -> closed
4692 2024-08-01 11:09:42.744 debug2: pselect_notify_done: reading
4692 2024-08-01 11:09:42.744 debug1: Received SIGCHLD.
4692 2024-08-01 11:09:42.744 debug1: session_by_pid: pid 2716
4692 2024-08-01 11:09:42.744 debug2: channel 0: request exit-status confirm 0
4692 2024-08-01 11:09:42.744 debug3: send packet: type 98
4692 2024-08-01 11:09:42.744 debug1: session_exit_message: session 0 channel 0 pid 2716 exit 0
4692 2024-08-01 11:09:42.744 debug1: session_exit_message: release channel 0
4692 2024-08-01 11:09:42.744 debug2: channel 0: write failed
4692 2024-08-01 11:09:42.744 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 13 efd -1 [closed])
4692 2024-08-01 11:09:42.744 debug2: channel 0: send eow
4692 2024-08-01 11:09:42.744 debug3: send packet: type 98
4692 2024-08-01 11:09:42.744 debug2: channel 0: output open -> closed
4692 2024-08-01 11:09:42.744 debug2: channel 0: send close
4692 2024-08-01 11:09:42.744 debug3: send packet: type 97
4692 2024-08-01 11:09:42.744 debug3: channel 0: will not send data after close
4692 2024-08-01 11:09:42.744 debug3: receive packet: type 97
4692 2024-08-01 11:09:42.744 debug2: channel 0: rcvd close
4692 2024-08-01 11:09:42.744 debug3: channel 0: will not send data after close
4692 2024-08-01 11:09:42.744 debug2: channel 0: is dead
4692 2024-08-01 11:09:42.744 debug2: channel 0: gc: notify user
4692 2024-08-01 11:09:42.744 debug1: session_by_channel: session 0 channel 0
4692 2024-08-01 11:09:42.744 debug1: session_close_by_channel: channel 0 child 0
4692 2024-08-01 11:09:42.744 Close session: user 2022testing\\\\rstrom from 192.168.42.131 port 54173 id 0
4692 2024-08-01 11:09:42.744 debug3: session_unused: session id 0 unused
4692 2024-08-01 11:09:42.744 debug2: channel 0: gc: user detached
4692 2024-08-01 11:09:42.744 debug2: channel 0: is dead
4692 2024-08-01 11:09:42.744 debug2: channel 0: garbage collecting
4692 2024-08-01 11:09:42.744 debug1: channel 0: free: server-session, nchannels 1
4692 2024-08-01 11:09:42.744 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:shell] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
4692 2024-08-01 11:09:42.744 debug3: receive packet: type 1
4692 2024-08-01 11:09:42.744 Received disconnect from 192.168.42.131 port 54173:11: disconnected by user
4692 2024-08-01 11:09:42.744 Disconnected from 192.168.42.131 port 54173
4692 2024-08-01 11:09:42.744 debug1: do_cleanup
4692 2024-08-01 11:09:42.744 debug3: mm_request_receive: entering
4692 2024-08-01 11:09:42.744 debug1: do_cleanup
3660 2024-08-01 11:09:42.760 debug2: pselect_notify_done: reading
3660 2024-08-01 11:14:30.055 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:14:30.055 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:14:30.055 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:14:30.055 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:14:30.055 debug3: send_rexec_state: done
3240 2024-08-01 11:14:30.070 debug1: inetd sockets after dupping: 4, 4
3240 2024-08-01 11:14:30.070 debug3: process_channel_timeouts: setting 0 timeouts
3240 2024-08-01 11:14:30.070 debug3: channel_clear_timeouts: clearing
3240 2024-08-01 11:14:30.070 Connection from 192.168.42.1 port 52440 on 192.168.42.141 port 22
3240 2024-08-01 11:14:30.070 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
3240 2024-08-01 11:14:30.070 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
3240 2024-08-01 11:14:30.070 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
3240 2024-08-01 11:14:30.070 debug2: fd 4 setting O_NONBLOCK
3240 2024-08-01 11:14:30.101 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
3240 2024-08-01 11:14:30.101 debug2: Network child is on pid 2084
3240 2024-08-01 11:14:30.101 debug3: send_rexec_state: entering fd = 6 config len 2367
3240 2024-08-01 11:14:30.101 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:30.101 debug3: send_rexec_state: done
3240 2024-08-01 11:14:30.101 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:30.101 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:30.101 debug3: preauth child monitor started
3240 2024-08-01 11:14:30.101 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
3240 2024-08-01 11:14:30.101 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3240 2024-08-01 11:14:30.101 debug3: send packet: type 20 [preauth]
3240 2024-08-01 11:14:30.101 debug1: SSH2_MSG_KEXINIT sent [preauth]
3240 2024-08-01 11:14:30.101 debug3: receive packet: type 20 [preauth]
3240 2024-08-01 11:14:30.101 debug1: SSH2_MSG_KEXINIT received [preauth]
3240 2024-08-01 11:14:30.101 debug2: local server KEXINIT proposal [preauth]
3240 2024-08-01 11:14:30.101 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3240 2024-08-01 11:14:30.101 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3240 2024-08-01 11:14:30.101 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3240 2024-08-01 11:14:30.101 debug2: compression ctos: none,zlib@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: compression stoc: none,zlib@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: languages ctos:  [preauth]
3240 2024-08-01 11:14:30.101 debug2: languages stoc:  [preauth]
3240 2024-08-01 11:14:30.101 debug2: first_kex_follows 0  [preauth]
3240 2024-08-01 11:14:30.101 debug2: reserved 0  [preauth]
3240 2024-08-01 11:14:30.101 debug2: peer client KEXINIT proposal [preauth]
3240 2024-08-01 11:14:30.101 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
3240 2024-08-01 11:14:30.101 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3240 2024-08-01 11:14:30.101 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3240 2024-08-01 11:14:30.101 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3240 2024-08-01 11:14:30.101 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
3240 2024-08-01 11:14:30.101 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
3240 2024-08-01 11:14:30.101 debug2: languages ctos:  [preauth]
3240 2024-08-01 11:14:30.101 debug2: languages stoc:  [preauth]
3240 2024-08-01 11:14:30.101 debug2: first_kex_follows 0  [preauth]
3240 2024-08-01 11:14:30.101 debug2: reserved 0  [preauth]
3240 2024-08-01 11:14:30.101 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
3240 2024-08-01 11:14:30.101 debug1: kex: algorithm: curve25519-sha256 [preauth]
3240 2024-08-01 11:14:30.101 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
3240 2024-08-01 11:14:30.101 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3240 2024-08-01 11:14:30.101 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3240 2024-08-01 11:14:30.101 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3240 2024-08-01 11:14:30.101 debug3: receive packet: type 30 [preauth]
3240 2024-08-01 11:14:30.101 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_sshkey_sign: entering [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_request_send: entering, type 6 [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_request_receive_expect: entering, type 7 [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:30.117 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:30.117 debug3: monitor_read: checking request 6
3240 2024-08-01 11:14:30.117 debug3: mm_answer_sign: entering
3240 2024-08-01 11:14:30.117 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
3240 2024-08-01 11:14:30.117 debug3: mm_request_send: entering, type 7
3240 2024-08-01 11:14:30.117 debug2: monitor_read: 6 used once, disabling now
3240 2024-08-01 11:14:30.117 debug3: send packet: type 31 [preauth]
3240 2024-08-01 11:14:30.117 debug3: send packet: type 21 [preauth]
3240 2024-08-01 11:14:30.117 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
3240 2024-08-01 11:14:30.117 debug2: ssh_set_newkeys: mode 1 [preauth]
3240 2024-08-01 11:14:30.117 debug1: rekey out after 134217728 blocks [preauth]
3240 2024-08-01 11:14:30.117 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3240 2024-08-01 11:14:30.117 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
3240 2024-08-01 11:14:30.117 debug3: send packet: type 7 [preauth]
3240 2024-08-01 11:14:30.117 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3240 2024-08-01 11:14:32.162 debug3: receive packet: type 21 [preauth]
3240 2024-08-01 11:14:32.162 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
3240 2024-08-01 11:14:32.162 debug1: SSH2_MSG_NEWKEYS received [preauth]
3240 2024-08-01 11:14:32.162 debug2: ssh_set_newkeys: mode 0 [preauth]
3240 2024-08-01 11:14:32.162 debug1: rekey in after 134217728 blocks [preauth]
3240 2024-08-01 11:14:32.162 debug1: KEX done [preauth]
3240 2024-08-01 11:14:32.193 debug3: receive packet: type 5 [preauth]
3240 2024-08-01 11:14:32.193 debug3: send packet: type 6 [preauth]
3240 2024-08-01 11:14:32.193 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:32.193 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
3240 2024-08-01 11:14:32.193 debug1: attempt 0 failures 0 [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_getpwnamallow: entering [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_request_send: entering, type 8 [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_request_receive_expect: entering, type 9 [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:32.193 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:32.193 debug3: monitor_read: checking request 8
3240 2024-08-01 11:14:32.193 debug3: mm_answer_pwnamallow: entering
3240 2024-08-01 11:14:32.193 debug2: parse_server_config_depth: config reprocess config len 2367
3240 2024-08-01 11:14:32.193 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
3240 2024-08-01 11:14:32.208 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3240 2024-08-01 11:14:32.208 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3240 2024-08-01 11:14:32.208 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3240 2024-08-01 11:14:32.208 debug3: match found
3240 2024-08-01 11:14:32.208 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3240 2024-08-01 11:14:32.208 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3240 2024-08-01 11:14:32.208 debug3: mm_request_send: entering, type 9
3240 2024-08-01 11:14:32.208 debug2: monitor_read: 8 used once, disabling now
3240 2024-08-01 11:14:32.208 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
3240 2024-08-01 11:14:32.208 debug3: channel_clear_timeouts: clearing [preauth]
3240 2024-08-01 11:14:32.208 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_inform_authserv: entering [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_send: entering, type 4 [preauth]
3240 2024-08-01 11:14:32.208 debug2: input_userauth_request: try method none [preauth]
3240 2024-08-01 11:14:32.208 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3240 2024-08-01 11:14:32.208 debug3: send packet: type 51 [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:32.208 debug3: monitor_read: checking request 4
3240 2024-08-01 11:14:32.208 debug3: mm_answer_authserv: service=ssh-connection, style=
3240 2024-08-01 11:14:32.208 debug2: monitor_read: 4 used once, disabling now
3240 2024-08-01 11:14:32.208 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:32.208 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3240 2024-08-01 11:14:32.208 debug1: attempt 1 failures 0 [preauth]
3240 2024-08-01 11:14:32.208 debug2: input_userauth_request: try method publickey [preauth]
3240 2024-08-01 11:14:32.208 debug2: userauth_pubkey: valid user rstrom querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABgQCXvGKoIjdvag4QYh2nA7cWRCwIhhq5sZhBm0oLeUz4ezSN67L5Yj/zAAgGoBcYVoaeTEejb2ZkzzrAd7WPkFpZsp72KKAjeoTR099fvvWNv5sLJA+GaUVQG24e6/+Ivx2UAX9II6TnxsK+NR+UdjwzSXA25VgdL5iUvdeXv0qGuO6rIgHI3NflZG95e3/0+ye/e1ZuQ53D6259RMfQkJSiZUmS0kaES7TgaNygl+97uomSNLJq3/tzlr1/ABVHq1UqdaQF8EDr7w1SfABGmJD1a7KDko2a+W19Sp53UCKCHiAMH7kRt30GVyy7KNSsrtlVzW5IGrseTgbXLXepY53DadilEq8mvMNT4uAFt62fbUfP5h7t/vTnf/JsXedOiGIDLyVfUyh5lnes0rUAsX0ECRT8eeckBd9WzBoMfO0SdES/952mN8/whYHy5nf6Bb6MvIy8Nt1zkks3s+nfxBYWZHFXgmzoG92SXvN20Nv223ivUDFRBql2XOnmABtZ2n0= [preauth]
3240 2024-08-01 11:14:32.208 debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_key_allowed: entering [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_send: entering, type 22 [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:32.208 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:32.208 debug3: monitor_read: checking request 22
3240 2024-08-01 11:14:32.208 debug3: mm_answer_keyallowed: entering
3240 2024-08-01 11:14:32.208 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3240 2024-08-01 11:14:32.208 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3240 2024-08-01 11:14:32.208 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3240 2024-08-01 11:14:32.208 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3240 2024-08-01 11:14:32.208 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
3240 2024-08-01 11:14:32.208 Failed publickey for rstrom from 192.168.42.1 port 52440 ssh2: RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM
3240 2024-08-01 11:14:32.208 debug3: mm_request_send: entering, type 23
3240 2024-08-01 11:14:32.208 debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
3240 2024-08-01 11:14:32.208 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3240 2024-08-01 11:14:32.208 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3240 2024-08-01 11:14:32.224 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3240 2024-08-01 11:14:32.224 debug3: send packet: type 51 [preauth]
3240 2024-08-01 11:14:32.224 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:32.224 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3240 2024-08-01 11:14:32.224 debug1: attempt 2 failures 1 [preauth]
3240 2024-08-01 11:14:32.224 debug2: input_userauth_request: try method publickey [preauth]
3240 2024-08-01 11:14:32.224 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPESjHdmvcmvmFLFCDdVqtK5OokwC5DNHgzDdLx6Pva0 [preauth]
3240 2024-08-01 11:14:32.224 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_key_allowed: entering [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_request_send: entering, type 22 [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:32.224 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:32.224 debug3: monitor_read: checking request 22
3240 2024-08-01 11:14:32.224 debug3: mm_answer_keyallowed: entering
3240 2024-08-01 11:14:32.224 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3240 2024-08-01 11:14:32.224 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3240 2024-08-01 11:14:32.224 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3240 2024-08-01 11:14:32.224 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3240 2024-08-01 11:14:32.224 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
3240 2024-08-01 11:14:32.224 Failed publickey for rstrom from 192.168.42.1 port 52440 ssh2: ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA
3240 2024-08-01 11:14:32.224 debug3: mm_request_send: entering, type 23
3240 2024-08-01 11:14:32.224 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
3240 2024-08-01 11:14:32.224 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3240 2024-08-01 11:14:32.224 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3240 2024-08-01 11:14:32.240 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3240 2024-08-01 11:14:32.240 debug3: send packet: type 51 [preauth]
3240 2024-08-01 11:14:32.240 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:32.240 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3240 2024-08-01 11:14:32.240 debug1: attempt 3 failures 2 [preauth]
3240 2024-08-01 11:14:32.240 debug2: input_userauth_request: try method publickey [preauth]
3240 2024-08-01 11:14:32.240 debug2: userauth_pubkey: valid user rstrom querying public key sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODUWSYLsX2lMWrAlbguU3jHZRO5g6Oo5Fk/kZieyYXMCGkXFVRF7+O57B7bVsyNHSNf944fjyiEOPF3RKtma+AAAAAEc3NoOg== [preauth]
3240 2024-08-01 11:14:32.240 debug1: userauth_pubkey: publickey test pkalg sk-ecdsa-sha2-nistp256@openssh.com pkblob ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_key_allowed: entering [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_request_send: entering, type 22 [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:32.240 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:32.240 debug3: monitor_read: checking request 22
3240 2024-08-01 11:14:32.240 debug3: mm_answer_keyallowed: entering
3240 2024-08-01 11:14:32.240 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3240 2024-08-01 11:14:32.240 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3240 2024-08-01 11:14:32.240 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3240 2024-08-01 11:14:32.240 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3240 2024-08-01 11:14:32.240 debug3: mm_answer_keyallowed: publickey authentication test: ECDSA-SK key is not allowed
3240 2024-08-01 11:14:32.240 Failed publickey for rstrom from 192.168.42.1 port 52440 ssh2: ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go
3240 2024-08-01 11:14:32.240 debug3: mm_request_send: entering, type 23
3240 2024-08-01 11:14:32.240 debug2: userauth_pubkey: authenticated 0 pkalg sk-ecdsa-sha2-nistp256@openssh.com [preauth]
3240 2024-08-01 11:14:32.240 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3240 2024-08-01 11:14:32.240 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3240 2024-08-01 11:14:32.255 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3240 2024-08-01 11:14:32.255 debug3: send packet: type 51 [preauth]
3240 2024-08-01 11:14:32.255 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:32.255 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
3240 2024-08-01 11:14:32.255 debug1: attempt 4 failures 3 [preauth]
3240 2024-08-01 11:14:32.255 debug2: input_userauth_request: try method keyboard-interactive [preauth]
3240 2024-08-01 11:14:32.255 debug1: keyboard-interactive devs  [preauth]
3240 2024-08-01 11:14:32.255 debug1: auth2_challenge: user=rstrom devs= [preauth]
3240 2024-08-01 11:14:32.255 debug1: kbdint_alloc: devices '' [preauth]
3240 2024-08-01 11:14:32.255 debug2: auth2_challenge_start: devices  [preauth]
3240 2024-08-01 11:14:32.255 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3240 2024-08-01 11:14:32.255 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3240 2024-08-01 11:14:32.271 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3240 2024-08-01 11:14:32.271 debug3: send packet: type 51 [preauth]
3240 2024-08-01 11:14:37.196 debug3: receive packet: type 50 [preauth]
3240 2024-08-01 11:14:37.196 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
3240 2024-08-01 11:14:37.196 debug1: attempt 5 failures 4 [preauth]
3240 2024-08-01 11:14:37.196 debug2: input_userauth_request: try method password [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_auth_password: entering [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_request_send: entering, type 12 [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_request_receive_expect: entering, type 13 [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_request_receive: entering [preauth]
3240 2024-08-01 11:14:37.196 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.196 debug3: monitor_read: checking request 12
3240 2024-08-01 11:14:37.196 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3240 2024-08-01 11:14:37.212 debug3: mm_answer_authpassword: sending result 1
3240 2024-08-01 11:14:37.212 debug3: mm_answer_authpassword: sending result 1
3240 2024-08-01 11:14:37.212 debug3: mm_request_send: entering, type 13
3240 2024-08-01 11:14:37.212 Accepted password for rstrom from 192.168.42.1 port 52440 ssh2
3240 2024-08-01 11:14:37.212 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
3240 2024-08-01 11:14:37.212 debug3: mm_get_keystate: Waiting for new keys
3240 2024-08-01 11:14:37.212 debug3: mm_request_receive_expect: entering, type 26
3240 2024-08-01 11:14:37.212 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.227 debug3: mm_get_keystate: GOT new keys
3240 2024-08-01 11:14:37.227 debug3: mm_auth_password: user authenticated [preauth]
3240 2024-08-01 11:14:37.227 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3240 2024-08-01 11:14:37.227 debug3: ensure_minimum_time_since: elapsed 16.000ms, delaying 13.526ms (requested 7.381ms) [preauth]
3240 2024-08-01 11:14:37.227 debug3: send packet: type 52 [preauth]
3240 2024-08-01 11:14:37.227 debug3: mm_request_send: entering, type 26 [preauth]
3240 2024-08-01 11:14:37.227 debug3: mm_send_keystate: Finished sending state [preauth]
3240 2024-08-01 11:14:37.227 debug1: monitor_read_log: child log fd closed
3240 2024-08-01 11:14:37.227 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
3240 2024-08-01 11:14:37.227 User child is on pid 3308
3240 2024-08-01 11:14:37.227 debug3: send_rexec_state: entering fd = 5 config len 2367
3240 2024-08-01 11:14:37.227 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:37.227 debug3: send_rexec_state: done
3240 2024-08-01 11:14:37.227 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:37.227 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:37.227 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:37.227 debug3: ssh_msg_send: type 0
3240 2024-08-01 11:14:37.243 debug3: ssh_msg_send: type 0
3308 2024-08-01 11:14:37.243 debug3: process_channel_timeouts: setting 0 timeouts
3308 2024-08-01 11:14:37.243 debug3: channel_clear_timeouts: clearing
3308 2024-08-01 11:14:37.243 debug3: recv_idexch_state: entering fd = 3
3308 2024-08-01 11:14:37.243 debug3: ssh_msg_recv entering
3308 2024-08-01 11:14:37.243 debug3: recv_idexch_state: done
3308 2024-08-01 11:14:37.243 debug2: fd 5 setting O_NONBLOCK
3308 2024-08-01 11:14:37.243 debug3: recv_autxctx_state: entering fd = 3
3308 2024-08-01 11:14:37.243 debug3: ssh_msg_recv entering
3308 2024-08-01 11:14:37.243 debug3: recv_autxctx_state: done
3308 2024-08-01 11:14:37.243 debug2: parse_server_config_depth: config reprocess config len 2367
3308 2024-08-01 11:14:37.243 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
3308 2024-08-01 11:14:37.243 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
3308 2024-08-01 11:14:37.243 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3308 2024-08-01 11:14:37.243 debug3: match found
3308 2024-08-01 11:14:37.243 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3240 2024-08-01 11:14:37.243 debug3: monitor_recv_keystate: entering 
3240 2024-08-01 11:14:37.243 debug3: ssh_msg_recv entering
3240 2024-08-01 11:14:37.243 debug3: monitor_recv_keystate: done
3240 2024-08-01 11:14:37.243 debug3: monitor_apply_keystate: packet_set_state
3240 2024-08-01 11:14:37.243 debug2: ssh_set_newkeys: mode 0
3240 2024-08-01 11:14:37.243 debug1: rekey in after 134217728 blocks
3240 2024-08-01 11:14:37.243 debug2: ssh_set_newkeys: mode 1
3240 2024-08-01 11:14:37.243 debug1: rekey out after 134217728 blocks
3240 2024-08-01 11:14:37.243 debug1: ssh_packet_set_postauth: called
3240 2024-08-01 11:14:37.243 debug3: ssh_packet_set_state: done
3240 2024-08-01 11:14:37.243 debug3: monitor_recv_authopt: entering 
3240 2024-08-01 11:14:37.243 debug3: ssh_msg_recv entering
3240 2024-08-01 11:14:37.243 debug3: monitor_recv_authopt: done
3240 2024-08-01 11:14:37.243 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
3240 2024-08-01 11:14:37.243 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
3240 2024-08-01 11:14:37.243 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
3240 2024-08-01 11:14:37.243 debug3: notify_hostkeys: sent 3 hostkeys
3240 2024-08-01 11:14:37.243 debug3: send packet: type 80
3240 2024-08-01 11:14:37.243 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
3240 2024-08-01 11:14:37.243 debug1: Entering interactive session for SSH2.
3240 2024-08-01 11:14:37.243 debug1: server_init_dispatch
3240 2024-08-01 11:14:37.243 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
3240 2024-08-01 11:14:37.243 debug3: pselect_notify_setup: initializing
3240 2024-08-01 11:14:37.243 debug2: fd 10 setting O_NONBLOCK
3240 2024-08-01 11:14:37.243 debug2: fd 8 setting O_NONBLOCK
3240 2024-08-01 11:14:37.243 debug3: pselect_notify_setup: pid 3308 saved 3308 pipe0 10 pipe1 8
3240 2024-08-01 11:14:37.243 debug3: receive packet: type 90
3240 2024-08-01 11:14:37.243 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
3240 2024-08-01 11:14:37.243 debug1: input_session_request
3240 2024-08-01 11:14:37.243 debug1: channel 0: new session [server-session] (inactive timeout: 0)
3240 2024-08-01 11:14:37.243 debug2: session_new: allocate (allocated 0 max 10)
3240 2024-08-01 11:14:37.243 debug3: session_unused: session id 0 unused
3240 2024-08-01 11:14:37.243 debug1: session_new: session 0
3240 2024-08-01 11:14:37.243 debug1: session_open: channel 0
3240 2024-08-01 11:14:37.243 debug1: session_open: session 0: link with channel 0
3240 2024-08-01 11:14:37.243 debug1: server_input_channel_open: confirm session
3240 2024-08-01 11:14:37.243 debug3: send packet: type 91
3240 2024-08-01 11:14:37.243 debug3: receive packet: type 80
3240 2024-08-01 11:14:37.243 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
3240 2024-08-01 11:14:37.243 debug3: receive packet: type 80
3240 2024-08-01 11:14:37.243 debug1: server_input_global_request: rtype hostkeys-prove-00@openssh.com want_reply 1
3240 2024-08-01 11:14:37.243 debug3: server_input_hostkeys_prove: sign RSA key (index 0) using sigalg rsa-sha2-512
3240 2024-08-01 11:14:37.243 debug3: mm_sshkey_sign: entering
3240 2024-08-01 11:14:37.243 debug3: mm_request_send: entering, type 6
3240 2024-08-01 11:14:37.243 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN
3240 2024-08-01 11:14:37.243 debug3: mm_request_receive_expect: entering, type 7
3240 2024-08-01 11:14:37.243 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.243 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.243 debug3: monitor_read: checking request 6
3240 2024-08-01 11:14:37.243 debug3: mm_answer_sign: entering
3240 2024-08-01 11:14:37.259 debug3: mm_answer_sign: rsa-sha2-512 hostkey proof signature len=404
3240 2024-08-01 11:14:37.259 debug3: mm_request_send: entering, type 7
3240 2024-08-01 11:14:37.259 debug3: server_input_hostkeys_prove: sign ECDSA key (index 1) using sigalg default
3240 2024-08-01 11:14:37.259 debug3: mm_sshkey_sign: entering
3240 2024-08-01 11:14:37.259 debug3: mm_request_send: entering, type 6
3240 2024-08-01 11:14:37.259 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN
3240 2024-08-01 11:14:37.259 debug3: mm_request_receive_expect: entering, type 7
3240 2024-08-01 11:14:37.259 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.259 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:37.259 debug3: monitor_read: checking request 6
3240 2024-08-01 11:14:37.259 debug3: mm_answer_sign: entering
3240 2024-08-01 11:14:37.259 debug3: mm_answer_sign:  hostkey proof signature len=101
3240 2024-08-01 11:14:37.259 debug3: mm_request_send: entering, type 7
3240 2024-08-01 11:14:37.259 debug3: send packet: type 81
3240 2024-08-01 11:14:37.259 debug3: receive packet: type 98
3240 2024-08-01 11:14:37.259 debug1: server_input_channel_req: channel 0 request auth-agent-req@openssh.com reply 0
3240 2024-08-01 11:14:37.259 debug1: session_by_channel: session 0 channel 0
3240 2024-08-01 11:14:37.259 debug1: session_input_channel_req: session 0 req auth-agent-req@openssh.com
3240 2024-08-01 11:14:37.259 debug3: sending debug message: Agent forwarding disabled: mkdtemp() failed: No such file or directory
3240 2024-08-01 11:14:37.259 debug3: send packet: type 4
3240 2024-08-01 11:14:37.259 debug3: receive packet: type 98
3240 2024-08-01 11:14:37.259 debug1: server_input_channel_req: channel 0 request pty-req reply 1
3240 2024-08-01 11:14:37.259 debug1: session_by_channel: session 0 channel 0
3240 2024-08-01 11:14:37.259 debug1: session_input_channel_req: session 0 req pty-req
3240 2024-08-01 11:14:37.259 debug1: Allocating pty.
3240 2024-08-01 11:14:37.259 debug3: fd 9 is not O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug3: fd 11 is not O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug1: session_pty_req: session 0 alloc windows-pty
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
3240 2024-08-01 11:14:37.259 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
3240 2024-08-01 11:14:37.259 debug3: send packet: type 99
3240 2024-08-01 11:14:37.259 debug3: receive packet: type 98
3240 2024-08-01 11:14:37.259 debug1: server_input_channel_req: channel 0 request env reply 0
3240 2024-08-01 11:14:37.259 debug1: session_by_channel: session 0 channel 0
3240 2024-08-01 11:14:37.259 debug1: session_input_channel_req: session 0 req env
3240 2024-08-01 11:14:37.259 debug2: Ignoring env request LANG: disallowed name
3240 2024-08-01 11:14:37.259 debug3: receive packet: type 98
3240 2024-08-01 11:14:37.259 debug1: server_input_channel_req: channel 0 request shell reply 1
3240 2024-08-01 11:14:37.259 debug1: session_by_channel: session 0 channel 0
3240 2024-08-01 11:14:37.259 debug1: session_input_channel_req: session 0 req shell
3240 2024-08-01 11:14:37.259 debug2: channel_set_xtype: labeled channel 0 as session:shell (inactive timeout 0)
3240 2024-08-01 11:14:37.259 Starting session: shell on windows-pty for 2022testing\\\\rstrom from 192.168.42.1 port 52440 id 0
3240 2024-08-01 11:14:37.259 debug2: fd 12 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug2: fd 13 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug2: fd 14 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug2: fd 15 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug2: fd 16 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug2: fd 17 setting O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3240 2024-08-01 11:14:37.259 debug3: shell_option: -c
3240 2024-08-01 11:14:37.259 debug3: This windows OS supports conpty
3240 2024-08-01 11:14:37.259 debug3: pty commandline: C:\\\\Windows\\\\system32\\\\conhost.exe --headless --width 130 --height 30 --signal 0x224 -- "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3240 2024-08-01 11:14:37.259 debug2: fd 5 setting TCP_NODELAY
3240 2024-08-01 11:14:37.259 debug2: channel 0: rfd 14 isatty
3240 2024-08-01 11:14:37.259 debug3: fd 14 is O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug3: fd 13 is O_NONBLOCK
3240 2024-08-01 11:14:37.259 debug3: send packet: type 99
3240 2024-08-01 11:14:46.762 debug2: channel 0: read failed rfd 14 maxlen 32768: Broken pipe
3240 2024-08-01 11:14:46.762 debug2: channel 0: read failed
3240 2024-08-01 11:14:46.762 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 14 efd -1 [closed])
3240 2024-08-01 11:14:46.762 debug2: channel 0: input open -> drain
3240 2024-08-01 11:14:46.762 debug2: channel 0: ibuf empty
3240 2024-08-01 11:14:46.762 debug2: channel 0: send eof
3240 2024-08-01 11:14:46.762 debug3: send packet: type 96
3240 2024-08-01 11:14:46.762 debug2: channel 0: input drain -> closed
3240 2024-08-01 11:14:46.762 debug2: pselect_notify_done: reading
3240 2024-08-01 11:14:46.762 debug1: Received SIGCHLD.
3240 2024-08-01 11:14:46.762 debug1: session_by_pid: pid 944
3240 2024-08-01 11:14:46.762 debug2: channel 0: request exit-status confirm 0
3240 2024-08-01 11:14:46.762 debug3: send packet: type 98
3240 2024-08-01 11:14:46.762 debug1: session_exit_message: session 0 channel 0 pid 944 exit 0
3240 2024-08-01 11:14:46.762 debug1: session_exit_message: release channel 0
3240 2024-08-01 11:14:46.762 debug2: channel 0: write failed
3240 2024-08-01 11:14:46.762 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 13 efd -1 [closed])
3240 2024-08-01 11:14:46.762 debug2: channel 0: send eow
3240 2024-08-01 11:14:46.762 debug3: send packet: type 98
3240 2024-08-01 11:14:46.762 debug2: channel 0: output open -> closed
3240 2024-08-01 11:14:46.762 debug2: channel 0: send close
3240 2024-08-01 11:14:46.762 debug3: send packet: type 97
3240 2024-08-01 11:14:46.762 debug3: channel 0: will not send data after close
3240 2024-08-01 11:14:46.762 debug3: receive packet: type 97
3240 2024-08-01 11:14:46.762 debug2: channel 0: rcvd close
3240 2024-08-01 11:14:46.762 debug3: channel 0: will not send data after close
3240 2024-08-01 11:14:46.762 debug2: channel 0: is dead
3240 2024-08-01 11:14:46.762 debug2: channel 0: gc: notify user
3240 2024-08-01 11:14:46.762 debug1: session_by_channel: session 0 channel 0
3240 2024-08-01 11:14:46.762 debug1: session_close_by_channel: channel 0 child 0
3240 2024-08-01 11:14:46.762 Close session: user 2022testing\\\\rstrom from 192.168.42.1 port 52440 id 0
3240 2024-08-01 11:14:46.762 debug3: session_unused: session id 0 unused
3240 2024-08-01 11:14:46.762 debug2: channel 0: gc: user detached
3240 2024-08-01 11:14:46.762 debug2: channel 0: is dead
3240 2024-08-01 11:14:46.762 debug2: channel 0: garbage collecting
3240 2024-08-01 11:14:46.762 debug1: channel 0: free: server-session, nchannels 1
3240 2024-08-01 11:14:46.762 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:shell] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
3240 2024-08-01 11:14:46.762 debug3: receive packet: type 1
3240 2024-08-01 11:14:46.762 Received disconnect from 192.168.42.1 port 52440:11: disconnected by user
3240 2024-08-01 11:14:46.762 Disconnected from 192.168.42.1 port 52440
3240 2024-08-01 11:14:46.762 debug1: do_cleanup
3240 2024-08-01 11:14:46.762 debug3: mm_request_receive: entering
3240 2024-08-01 11:14:46.762 debug1: do_cleanup
3660 2024-08-01 11:14:46.778 debug2: pselect_notify_done: reading
3660 2024-08-01 11:14:52.855 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:14:52.855 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:14:52.855 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:14:52.855 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:14:52.855 debug3: send_rexec_state: done
3696 2024-08-01 11:14:52.886 debug1: inetd sockets after dupping: 4, 4
3696 2024-08-01 11:14:52.886 debug3: process_channel_timeouts: setting 0 timeouts
3696 2024-08-01 11:14:52.886 debug3: channel_clear_timeouts: clearing
3696 2024-08-01 11:14:52.886 Connection from 192.168.42.1 port 40100 on 192.168.42.141 port 22
3696 2024-08-01 11:14:52.886 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
3696 2024-08-01 11:14:52.886 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
3696 2024-08-01 11:14:52.886 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
3696 2024-08-01 11:14:52.886 debug2: fd 4 setting O_NONBLOCK
3696 2024-08-01 11:14:52.889 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
3696 2024-08-01 11:14:52.904 debug2: Network child is on pid 3996
3696 2024-08-01 11:14:52.904 debug3: send_rexec_state: entering fd = 6 config len 2367
3696 2024-08-01 11:14:52.904 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:52.904 debug3: send_rexec_state: done
3696 2024-08-01 11:14:52.904 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:52.904 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:52.904 debug3: preauth child monitor started
3696 2024-08-01 11:14:52.904 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
3696 2024-08-01 11:14:52.904 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3696 2024-08-01 11:14:52.904 debug3: send packet: type 20 [preauth]
3696 2024-08-01 11:14:52.904 debug1: SSH2_MSG_KEXINIT sent [preauth]
3696 2024-08-01 11:14:52.904 debug3: receive packet: type 20 [preauth]
3696 2024-08-01 11:14:52.904 debug1: SSH2_MSG_KEXINIT received [preauth]
3696 2024-08-01 11:14:52.904 debug2: local server KEXINIT proposal [preauth]
3696 2024-08-01 11:14:52.904 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3696 2024-08-01 11:14:52.904 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3696 2024-08-01 11:14:52.904 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
3696 2024-08-01 11:14:52.904 debug2: compression ctos: none,zlib@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: compression stoc: none,zlib@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: languages ctos:  [preauth]
3696 2024-08-01 11:14:52.904 debug2: languages stoc:  [preauth]
3696 2024-08-01 11:14:52.904 debug2: first_kex_follows 0  [preauth]
3696 2024-08-01 11:14:52.904 debug2: reserved 0  [preauth]
3696 2024-08-01 11:14:52.904 debug2: peer client KEXINIT proposal [preauth]
3696 2024-08-01 11:14:52.904 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
3696 2024-08-01 11:14:52.904 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3696 2024-08-01 11:14:52.904 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3696 2024-08-01 11:14:52.904 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3696 2024-08-01 11:14:52.904 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
3696 2024-08-01 11:14:52.904 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
3696 2024-08-01 11:14:52.904 debug2: languages ctos:  [preauth]
3696 2024-08-01 11:14:52.904 debug2: languages stoc:  [preauth]
3696 2024-08-01 11:14:52.904 debug2: first_kex_follows 0  [preauth]
3696 2024-08-01 11:14:52.904 debug2: reserved 0  [preauth]
3696 2024-08-01 11:14:52.904 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
3696 2024-08-01 11:14:52.904 debug1: kex: algorithm: curve25519-sha256 [preauth]
3696 2024-08-01 11:14:52.904 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
3696 2024-08-01 11:14:52.904 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3696 2024-08-01 11:14:52.904 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
3696 2024-08-01 11:14:52.904 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3696 2024-08-01 11:14:52.904 debug3: receive packet: type 30 [preauth]
3696 2024-08-01 11:14:52.904 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_sshkey_sign: entering [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_request_send: entering, type 6 [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_request_receive_expect: entering, type 7 [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:52.904 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.904 debug3: monitor_read: checking request 6
3696 2024-08-01 11:14:52.904 debug3: mm_answer_sign: entering
3696 2024-08-01 11:14:52.904 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
3696 2024-08-01 11:14:52.904 debug3: mm_request_send: entering, type 7
3696 2024-08-01 11:14:52.904 debug2: monitor_read: 6 used once, disabling now
3696 2024-08-01 11:14:52.904 debug3: send packet: type 31 [preauth]
3696 2024-08-01 11:14:52.904 debug3: send packet: type 21 [preauth]
3696 2024-08-01 11:14:52.904 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
3696 2024-08-01 11:14:52.904 debug2: ssh_set_newkeys: mode 1 [preauth]
3696 2024-08-01 11:14:52.904 debug1: rekey out after 134217728 blocks [preauth]
3696 2024-08-01 11:14:52.904 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3696 2024-08-01 11:14:52.904 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
3696 2024-08-01 11:14:52.904 debug3: send packet: type 7 [preauth]
3696 2024-08-01 11:14:52.904 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3696 2024-08-01 11:14:52.920 debug3: receive packet: type 21 [preauth]
3696 2024-08-01 11:14:52.920 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
3696 2024-08-01 11:14:52.920 debug1: SSH2_MSG_NEWKEYS received [preauth]
3696 2024-08-01 11:14:52.920 debug2: ssh_set_newkeys: mode 0 [preauth]
3696 2024-08-01 11:14:52.920 debug1: rekey in after 134217728 blocks [preauth]
3696 2024-08-01 11:14:52.920 debug1: KEX done [preauth]
3696 2024-08-01 11:14:52.936 debug3: receive packet: type 5 [preauth]
3696 2024-08-01 11:14:52.936 debug3: send packet: type 6 [preauth]
3696 2024-08-01 11:14:52.936 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:52.936 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
3696 2024-08-01 11:14:52.936 debug1: attempt 0 failures 0 [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_getpwnamallow: entering [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_request_send: entering, type 8 [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_request_receive_expect: entering, type 9 [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:52.936 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.936 debug3: monitor_read: checking request 8
3696 2024-08-01 11:14:52.936 debug3: mm_answer_pwnamallow: entering
3696 2024-08-01 11:14:52.936 debug2: parse_server_config_depth: config reprocess config len 2367
3696 2024-08-01 11:14:52.936 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
3696 2024-08-01 11:14:52.951 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3696 2024-08-01 11:14:52.951 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3696 2024-08-01 11:14:52.951 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3696 2024-08-01 11:14:52.951 debug3: match found
3696 2024-08-01 11:14:52.951 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3696 2024-08-01 11:14:52.951 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3696 2024-08-01 11:14:52.951 debug3: mm_request_send: entering, type 9
3696 2024-08-01 11:14:52.951 debug2: monitor_read: 8 used once, disabling now
3696 2024-08-01 11:14:52.951 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
3696 2024-08-01 11:14:52.951 debug3: channel_clear_timeouts: clearing [preauth]
3696 2024-08-01 11:14:52.951 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_inform_authserv: entering [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_send: entering, type 4 [preauth]
3696 2024-08-01 11:14:52.951 debug2: input_userauth_request: try method none [preauth]
3696 2024-08-01 11:14:52.951 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3696 2024-08-01 11:14:52.951 debug3: send packet: type 51 [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.951 debug3: monitor_read: checking request 4
3696 2024-08-01 11:14:52.951 debug3: mm_answer_authserv: service=ssh-connection, style=
3696 2024-08-01 11:14:52.951 debug2: monitor_read: 4 used once, disabling now
3696 2024-08-01 11:14:52.951 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:52.951 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3696 2024-08-01 11:14:52.951 debug1: attempt 1 failures 0 [preauth]
3696 2024-08-01 11:14:52.951 debug2: input_userauth_request: try method publickey [preauth]
3696 2024-08-01 11:14:52.951 debug2: userauth_pubkey: valid user rstrom querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABgQCXvGKoIjdvag4QYh2nA7cWRCwIhhq5sZhBm0oLeUz4ezSN67L5Yj/zAAgGoBcYVoaeTEejb2ZkzzrAd7WPkFpZsp72KKAjeoTR099fvvWNv5sLJA+GaUVQG24e6/+Ivx2UAX9II6TnxsK+NR+UdjwzSXA25VgdL5iUvdeXv0qGuO6rIgHI3NflZG95e3/0+ye/e1ZuQ53D6259RMfQkJSiZUmS0kaES7TgaNygl+97uomSNLJq3/tzlr1/ABVHq1UqdaQF8EDr7w1SfABGmJD1a7KDko2a+W19Sp53UCKCHiAMH7kRt30GVyy7KNSsrtlVzW5IGrseTgbXLXepY53DadilEq8mvMNT4uAFt62fbUfP5h7t/vTnf/JsXedOiGIDLyVfUyh5lnes0rUAsX0ECRT8eeckBd9WzBoMfO0SdES/952mN8/whYHy5nf6Bb6MvIy8Nt1zkks3s+nfxBYWZHFXgmzoG92SXvN20Nv223ivUDFRBql2XOnmABtZ2n0= [preauth]
3696 2024-08-01 11:14:52.951 debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_key_allowed: entering [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_send: entering, type 22 [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:52.951 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.951 debug3: monitor_read: checking request 22
3696 2024-08-01 11:14:52.951 debug3: mm_answer_keyallowed: entering
3696 2024-08-01 11:14:52.951 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3696 2024-08-01 11:14:52.951 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3696 2024-08-01 11:14:52.951 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3696 2024-08-01 11:14:52.951 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3696 2024-08-01 11:14:52.951 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
3696 2024-08-01 11:14:52.951 Failed publickey for rstrom from 192.168.42.1 port 40100 ssh2: RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM
3696 2024-08-01 11:14:52.951 debug3: mm_request_send: entering, type 23
3696 2024-08-01 11:14:52.951 debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
3696 2024-08-01 11:14:52.951 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3696 2024-08-01 11:14:52.951 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3696 2024-08-01 11:14:52.967 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3696 2024-08-01 11:14:52.967 debug3: send packet: type 51 [preauth]
3696 2024-08-01 11:14:52.967 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:52.967 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3696 2024-08-01 11:14:52.967 debug1: attempt 2 failures 1 [preauth]
3696 2024-08-01 11:14:52.967 debug2: input_userauth_request: try method publickey [preauth]
3696 2024-08-01 11:14:52.967 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPESjHdmvcmvmFLFCDdVqtK5OokwC5DNHgzDdLx6Pva0 [preauth]
3696 2024-08-01 11:14:52.967 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_key_allowed: entering [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_request_send: entering, type 22 [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:52.967 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.967 debug3: monitor_read: checking request 22
3696 2024-08-01 11:14:52.967 debug3: mm_answer_keyallowed: entering
3696 2024-08-01 11:14:52.967 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3696 2024-08-01 11:14:52.967 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3696 2024-08-01 11:14:52.967 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3696 2024-08-01 11:14:52.967 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3696 2024-08-01 11:14:52.967 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
3696 2024-08-01 11:14:52.967 Failed publickey for rstrom from 192.168.42.1 port 40100 ssh2: ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA
3696 2024-08-01 11:14:52.967 debug3: mm_request_send: entering, type 23
3696 2024-08-01 11:14:52.967 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
3696 2024-08-01 11:14:52.967 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3696 2024-08-01 11:14:52.967 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3696 2024-08-01 11:14:52.983 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3696 2024-08-01 11:14:52.983 debug3: send packet: type 51 [preauth]
3696 2024-08-01 11:14:52.983 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:52.983 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
3696 2024-08-01 11:14:52.983 debug1: attempt 3 failures 2 [preauth]
3696 2024-08-01 11:14:52.983 debug2: input_userauth_request: try method publickey [preauth]
3696 2024-08-01 11:14:52.983 debug2: userauth_pubkey: valid user rstrom querying public key sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODUWSYLsX2lMWrAlbguU3jHZRO5g6Oo5Fk/kZieyYXMCGkXFVRF7+O57B7bVsyNHSNf944fjyiEOPF3RKtma+AAAAAEc3NoOg== [preauth]
3696 2024-08-01 11:14:52.983 debug1: userauth_pubkey: publickey test pkalg sk-ecdsa-sha2-nistp256@openssh.com pkblob ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_key_allowed: entering [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_request_send: entering, type 22 [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_request_receive_expect: entering, type 23 [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:52.983 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:52.983 debug3: monitor_read: checking request 22
3696 2024-08-01 11:14:52.983 debug3: mm_answer_keyallowed: entering
3696 2024-08-01 11:14:52.983 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
3696 2024-08-01 11:14:52.983 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
3696 2024-08-01 11:14:52.983 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
3696 2024-08-01 11:14:52.983 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
3696 2024-08-01 11:14:52.983 debug3: mm_answer_keyallowed: publickey authentication test: ECDSA-SK key is not allowed
3696 2024-08-01 11:14:52.983 Failed publickey for rstrom from 192.168.42.1 port 40100 ssh2: ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go
3696 2024-08-01 11:14:52.983 debug3: mm_request_send: entering, type 23
3696 2024-08-01 11:14:52.983 debug2: userauth_pubkey: authenticated 0 pkalg sk-ecdsa-sha2-nistp256@openssh.com [preauth]
3696 2024-08-01 11:14:52.983 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3696 2024-08-01 11:14:52.983 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3696 2024-08-01 11:14:52.998 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3696 2024-08-01 11:14:52.998 debug3: send packet: type 51 [preauth]
3696 2024-08-01 11:14:52.998 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:52.998 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
3696 2024-08-01 11:14:52.998 debug1: attempt 4 failures 3 [preauth]
3696 2024-08-01 11:14:52.998 debug2: input_userauth_request: try method keyboard-interactive [preauth]
3696 2024-08-01 11:14:52.998 debug1: keyboard-interactive devs  [preauth]
3696 2024-08-01 11:14:52.998 debug1: auth2_challenge: user=rstrom devs= [preauth]
3696 2024-08-01 11:14:52.998 debug1: kbdint_alloc: devices '' [preauth]
3696 2024-08-01 11:14:52.998 debug2: auth2_challenge_start: devices  [preauth]
3696 2024-08-01 11:14:52.998 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3696 2024-08-01 11:14:52.998 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
3696 2024-08-01 11:14:53.014 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3696 2024-08-01 11:14:53.014 debug3: send packet: type 51 [preauth]
3696 2024-08-01 11:14:56.781 debug3: receive packet: type 50 [preauth]
3696 2024-08-01 11:14:56.781 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
3696 2024-08-01 11:14:56.781 debug1: attempt 5 failures 4 [preauth]
3696 2024-08-01 11:14:56.781 debug2: input_userauth_request: try method password [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_auth_password: entering [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_request_send: entering, type 12 [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_request_receive_expect: entering, type 13 [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_request_receive: entering [preauth]
3696 2024-08-01 11:14:56.781 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:56.781 debug3: monitor_read: checking request 12
3696 2024-08-01 11:14:56.797 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
3696 2024-08-01 11:14:56.812 debug3: mm_answer_authpassword: sending result 1
3696 2024-08-01 11:14:56.812 debug3: mm_answer_authpassword: sending result 1
3696 2024-08-01 11:14:56.812 debug3: mm_request_send: entering, type 13
3696 2024-08-01 11:14:56.812 Accepted password for rstrom from 192.168.42.1 port 40100 ssh2
3696 2024-08-01 11:14:56.812 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
3696 2024-08-01 11:14:56.812 debug3: mm_get_keystate: Waiting for new keys
3696 2024-08-01 11:14:56.812 debug3: mm_request_receive_expect: entering, type 26
3696 2024-08-01 11:14:56.812 debug3: mm_request_receive: entering
3696 2024-08-01 11:14:56.844 debug3: mm_get_keystate: GOT new keys
3696 2024-08-01 11:14:56.844 debug3: mm_auth_password: user authenticated [preauth]
3696 2024-08-01 11:14:56.844 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3696 2024-08-01 11:14:56.844 debug3: ensure_minimum_time_since: elapsed 31.000ms, delaying 28.051ms (requested 7.381ms) [preauth]
3696 2024-08-01 11:14:56.844 debug3: send packet: type 52 [preauth]
3696 2024-08-01 11:14:56.844 debug3: mm_request_send: entering, type 26 [preauth]
3696 2024-08-01 11:14:56.844 debug3: mm_send_keystate: Finished sending state [preauth]
3696 2024-08-01 11:14:56.844 debug1: monitor_read_log: child log fd closed
3696 2024-08-01 11:14:56.844 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
3696 2024-08-01 11:14:56.859 User child is on pid 2492
3696 2024-08-01 11:14:56.859 debug3: send_rexec_state: entering fd = 5 config len 2367
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:56.859 debug3: send_rexec_state: done
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_send: type 0
2492 2024-08-01 11:14:56.859 debug3: process_channel_timeouts: setting 0 timeouts
2492 2024-08-01 11:14:56.859 debug3: channel_clear_timeouts: clearing
2492 2024-08-01 11:14:56.859 debug3: recv_idexch_state: entering fd = 3
2492 2024-08-01 11:14:56.859 debug3: ssh_msg_recv entering
2492 2024-08-01 11:14:56.859 debug3: recv_idexch_state: done
2492 2024-08-01 11:14:56.859 debug2: fd 5 setting O_NONBLOCK
2492 2024-08-01 11:14:56.859 debug3: recv_autxctx_state: entering fd = 3
2492 2024-08-01 11:14:56.859 debug3: ssh_msg_recv entering
2492 2024-08-01 11:14:56.859 debug3: recv_autxctx_state: done
2492 2024-08-01 11:14:56.859 debug2: parse_server_config_depth: config reprocess config len 2367
2492 2024-08-01 11:14:56.859 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
2492 2024-08-01 11:14:56.859 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
2492 2024-08-01 11:14:56.859 debug1: user 2022testing\\rstrom matched group list administrators at line 92
2492 2024-08-01 11:14:56.859 debug3: match found
2492 2024-08-01 11:14:56.859 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
3696 2024-08-01 11:14:56.859 debug3: monitor_recv_keystate: entering 
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_recv entering
3696 2024-08-01 11:14:56.859 debug3: monitor_recv_keystate: done
3696 2024-08-01 11:14:56.859 debug3: monitor_apply_keystate: packet_set_state
3696 2024-08-01 11:14:56.859 debug2: ssh_set_newkeys: mode 0
3696 2024-08-01 11:14:56.859 debug1: rekey in after 134217728 blocks
3696 2024-08-01 11:14:56.859 debug2: ssh_set_newkeys: mode 1
3696 2024-08-01 11:14:56.859 debug1: rekey out after 134217728 blocks
3696 2024-08-01 11:14:56.859 debug1: ssh_packet_set_postauth: called
3696 2024-08-01 11:14:56.859 debug3: ssh_packet_set_state: done
3696 2024-08-01 11:14:56.859 debug3: monitor_recv_authopt: entering 
3696 2024-08-01 11:14:56.859 debug3: ssh_msg_recv entering
3696 2024-08-01 11:14:56.859 debug3: monitor_recv_authopt: done
3696 2024-08-01 11:14:56.859 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
3696 2024-08-01 11:14:56.859 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
3696 2024-08-01 11:14:56.859 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
3696 2024-08-01 11:14:56.859 debug3: notify_hostkeys: sent 3 hostkeys
3696 2024-08-01 11:14:56.859 debug3: send packet: type 80
3696 2024-08-01 11:14:56.859 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
3696 2024-08-01 11:14:56.859 debug1: Entering interactive session for SSH2.
3696 2024-08-01 11:14:56.859 debug1: server_init_dispatch
3696 2024-08-01 11:14:56.859 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
3696 2024-08-01 11:14:56.859 debug3: pselect_notify_setup: initializing
3696 2024-08-01 11:14:56.859 debug2: fd 10 setting O_NONBLOCK
3696 2024-08-01 11:14:56.859 debug2: fd 8 setting O_NONBLOCK
3696 2024-08-01 11:14:56.859 debug3: pselect_notify_setup: pid 2492 saved 2492 pipe0 10 pipe1 8
3696 2024-08-01 11:14:56.875 debug3: receive packet: type 90
3696 2024-08-01 11:14:56.875 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
3696 2024-08-01 11:14:56.875 debug1: input_session_request
3696 2024-08-01 11:14:56.875 debug1: channel 0: new session [server-session] (inactive timeout: 0)
3696 2024-08-01 11:14:56.875 debug2: session_new: allocate (allocated 0 max 10)
3696 2024-08-01 11:14:56.875 debug3: session_unused: session id 0 unused
3696 2024-08-01 11:14:56.875 debug1: session_new: session 0
3696 2024-08-01 11:14:56.875 debug1: session_open: channel 0
3696 2024-08-01 11:14:56.875 debug1: session_open: session 0: link with channel 0
3696 2024-08-01 11:14:56.875 debug1: server_input_channel_open: confirm session
3696 2024-08-01 11:14:56.875 debug3: send packet: type 91
3696 2024-08-01 11:14:56.875 debug3: receive packet: type 80
3696 2024-08-01 11:14:56.875 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
3696 2024-08-01 11:14:56.906 debug3: receive packet: type 98
3696 2024-08-01 11:14:56.906 debug1: server_input_channel_req: channel 0 request auth-agent-req@openssh.com reply 0
3696 2024-08-01 11:14:56.906 debug1: session_by_channel: session 0 channel 0
3696 2024-08-01 11:14:56.906 debug1: session_input_channel_req: session 0 req auth-agent-req@openssh.com
3696 2024-08-01 11:14:56.906 debug3: sending debug message: Agent forwarding disabled: mkdtemp() failed: No such file or directory
3696 2024-08-01 11:14:56.906 debug3: send packet: type 4
3696 2024-08-01 11:14:56.906 debug3: receive packet: type 98
3696 2024-08-01 11:14:56.906 debug1: server_input_channel_req: channel 0 request pty-req reply 1
3696 2024-08-01 11:14:56.906 debug1: session_by_channel: session 0 channel 0
3696 2024-08-01 11:14:56.906 debug1: session_input_channel_req: session 0 req pty-req
3696 2024-08-01 11:14:56.906 debug1: Allocating pty.
3696 2024-08-01 11:14:56.906 debug3: fd 9 is not O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug3: fd 11 is not O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug1: session_pty_req: session 0 alloc windows-pty
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 1 (0x1)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 2 (0x2)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 3 (0x3)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 4 (0x4)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 5 (0x5)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 6 (0x6)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 7 (0x7)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 8 (0x8)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 9 (0x9)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 10 (0xa)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 12 (0xc)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 13 (0xd)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 14 (0xe)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 18 (0x12)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 30 (0x1e)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 31 (0x1f)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 32 (0x20)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 33 (0x21)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 34 (0x22)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 35 (0x23)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 36 (0x24)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 37 (0x25)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 38 (0x26)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 39 (0x27)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 40 (0x28)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 41 (0x29)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 50 (0x32)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 51 (0x33)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 52 (0x34)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 53 (0x35)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 54 (0x36)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 55 (0x37)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 56 (0x38)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 57 (0x39)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 58 (0x3a)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 59 (0x3b)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 60 (0x3c)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 61 (0x3d)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 62 (0x3e)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 70 (0x46)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 71 (0x47)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 72 (0x48)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 73 (0x49)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 74 (0x4a)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 75 (0x4b)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 90 (0x5a)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 91 (0x5b)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 92 (0x5c)
3696 2024-08-01 11:14:56.906 debug1: Ignoring unsupported tty mode opcode 93 (0x5d)
3696 2024-08-01 11:14:56.906 debug3: send packet: type 99
3696 2024-08-01 11:14:56.906 debug3: receive packet: type 98
3696 2024-08-01 11:14:56.906 debug1: server_input_channel_req: channel 0 request env reply 0
3696 2024-08-01 11:14:56.906 debug1: session_by_channel: session 0 channel 0
3696 2024-08-01 11:14:56.906 debug1: session_input_channel_req: session 0 req env
3696 2024-08-01 11:14:56.906 debug2: Ignoring env request LANG: disallowed name
3696 2024-08-01 11:14:56.906 debug3: receive packet: type 98
3696 2024-08-01 11:14:56.906 debug1: server_input_channel_req: channel 0 request shell reply 1
3696 2024-08-01 11:14:56.906 debug1: session_by_channel: session 0 channel 0
3696 2024-08-01 11:14:56.906 debug1: session_input_channel_req: session 0 req shell
3696 2024-08-01 11:14:56.906 debug2: channel_set_xtype: labeled channel 0 as session:shell (inactive timeout 0)
3696 2024-08-01 11:14:56.906 Starting session: shell on windows-pty for 2022testing\\\\rstrom from 192.168.42.1 port 40100 id 0
3696 2024-08-01 11:14:56.906 debug2: fd 12 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug2: fd 13 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug2: fd 14 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug2: fd 15 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug2: fd 16 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug2: fd 17 setting O_NONBLOCK
3696 2024-08-01 11:14:56.906 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3696 2024-08-01 11:14:56.906 debug3: shell_option: -c
3696 2024-08-01 11:14:56.906 debug3: This windows OS supports conpty
3696 2024-08-01 11:14:56.906 debug3: pty commandline: C:\\\\Windows\\\\system32\\\\conhost.exe --headless --width 130 --height 30 --signal 0x1f4 -- "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
3696 2024-08-01 11:14:56.922 debug2: fd 5 setting TCP_NODELAY
3696 2024-08-01 11:14:56.922 debug2: channel 0: rfd 14 isatty
3696 2024-08-01 11:14:56.922 debug3: fd 14 is O_NONBLOCK
3696 2024-08-01 11:14:56.922 debug3: fd 13 is O_NONBLOCK
3696 2024-08-01 11:14:56.922 debug3: send packet: type 99
3696 2024-08-01 11:15:15.178 debug2: channel 0: rcvd adjust 49262
3696 2024-08-01 11:15:15.288 debug2: channel 0: rcvd adjust 49206
3696 2024-08-01 11:15:15.398 debug2: channel 0: rcvd adjust 49294
3696 2024-08-01 11:15:44.944 debug2: channel 0: rcvd adjust 49202
3696 2024-08-01 11:15:45.023 debug2: channel 0: rcvd adjust 49217
3696 2024-08-01 11:15:45.116 debug2: channel 0: rcvd adjust 49227
3696 2024-08-01 11:15:45.194 debug2: channel 0: rcvd adjust 49249
3696 2024-08-01 11:16:21.273 debug2: channel 0: read failed rfd 14 maxlen 32768: Broken pipe
3696 2024-08-01 11:16:21.273 debug2: channel 0: read failed
3696 2024-08-01 11:16:21.273 debug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 14 efd -1 [closed])
3696 2024-08-01 11:16:21.273 debug2: channel 0: input open -> drain
3696 2024-08-01 11:16:21.273 debug2: channel 0: ibuf empty
3696 2024-08-01 11:16:21.273 debug2: channel 0: send eof
3696 2024-08-01 11:16:21.273 debug3: send packet: type 96
3696 2024-08-01 11:16:21.273 debug2: channel 0: input drain -> closed
3696 2024-08-01 11:16:21.273 debug2: pselect_notify_done: reading
3696 2024-08-01 11:16:21.273 debug1: Received SIGCHLD.
3696 2024-08-01 11:16:21.273 debug1: session_by_pid: pid 1636
3696 2024-08-01 11:16:21.273 debug2: channel 0: request exit-status confirm 0
3696 2024-08-01 11:16:21.273 debug3: send packet: type 98
3696 2024-08-01 11:16:21.273 debug1: session_exit_message: session 0 channel 0 pid 1636 exit 0
3696 2024-08-01 11:16:21.273 debug1: session_exit_message: release channel 0
3696 2024-08-01 11:16:21.273 debug2: channel 0: write failed
3696 2024-08-01 11:16:21.273 debug2: chan_shutdown_write: channel 0: (i3 o0 sock -1 wfd 13 efd -1 [closed])
3696 2024-08-01 11:16:21.273 debug2: channel 0: send eow
3696 2024-08-01 11:16:21.273 debug3: send packet: type 98
3696 2024-08-01 11:16:21.273 debug2: channel 0: output open -> closed
3696 2024-08-01 11:16:21.273 debug2: channel 0: send close
3696 2024-08-01 11:16:21.273 debug3: send packet: type 97
3696 2024-08-01 11:16:21.273 debug3: channel 0: will not send data after close
3696 2024-08-01 11:16:21.273 debug3: receive packet: type 97
3696 2024-08-01 11:16:21.273 debug2: channel 0: rcvd close
3696 2024-08-01 11:16:21.273 debug3: channel 0: will not send data after close
3696 2024-08-01 11:16:21.273 debug2: channel 0: is dead
3696 2024-08-01 11:16:21.273 debug2: channel 0: gc: notify user
3696 2024-08-01 11:16:21.273 debug1: session_by_channel: session 0 channel 0
3696 2024-08-01 11:16:21.273 debug1: session_close_by_channel: channel 0 child 0
3696 2024-08-01 11:16:21.273 Close session: user 2022testing\\\\rstrom from 192.168.42.1 port 40100 id 0
3696 2024-08-01 11:16:21.273 debug3: session_unused: session id 0 unused
3696 2024-08-01 11:16:21.273 debug2: channel 0: gc: user detached
3696 2024-08-01 11:16:21.273 debug2: channel 0: is dead
3696 2024-08-01 11:16:21.273 debug2: channel 0: garbage collecting
3696 2024-08-01 11:16:21.273 debug1: channel 0: free: server-session, nchannels 1
3696 2024-08-01 11:16:21.273 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:shell] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
3696 2024-08-01 11:16:21.273 debug3: receive packet: type 1
3696 2024-08-01 11:16:21.273 Received disconnect from 192.168.42.1 port 40100:11: disconnected by user
3696 2024-08-01 11:16:21.273 Disconnected from 192.168.42.1 port 40100
3696 2024-08-01 11:16:21.273 debug1: do_cleanup
3696 2024-08-01 11:16:21.273 debug3: mm_request_receive: entering
3696 2024-08-01 11:16:21.273 debug1: do_cleanup
3660 2024-08-01 11:16:21.289 debug2: pselect_notify_done: reading
3660 2024-08-01 11:17:10.157 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:17:10.157 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:17:10.157 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:17:10.157 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:17:10.157 debug3: send_rexec_state: done
4696 2024-08-01 11:17:10.188 debug1: inetd sockets after dupping: 4, 4
4696 2024-08-01 11:17:10.188 debug3: process_channel_timeouts: setting 0 timeouts
4696 2024-08-01 11:17:10.188 debug3: channel_clear_timeouts: clearing
4696 2024-08-01 11:17:10.188 Connection from 192.168.42.1 port 38324 on 192.168.42.141 port 22
4696 2024-08-01 11:17:10.188 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
4696 2024-08-01 11:17:10.188 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
4696 2024-08-01 11:17:10.188 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
4696 2024-08-01 11:17:10.188 debug2: fd 4 setting O_NONBLOCK
4696 2024-08-01 11:17:10.203 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
4696 2024-08-01 11:17:10.203 debug2: Network child is on pid 2584
4696 2024-08-01 11:17:10.203 debug3: send_rexec_state: entering fd = 6 config len 2367
4696 2024-08-01 11:17:10.203 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:10.203 debug3: send_rexec_state: done
4696 2024-08-01 11:17:10.203 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:10.203 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:10.203 debug3: preauth child monitor started
4696 2024-08-01 11:17:10.203 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4696 2024-08-01 11:17:10.203 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4696 2024-08-01 11:17:10.203 debug3: send packet: type 20 [preauth]
4696 2024-08-01 11:17:10.203 debug1: SSH2_MSG_KEXINIT sent [preauth]
4696 2024-08-01 11:17:10.203 debug3: receive packet: type 20 [preauth]
4696 2024-08-01 11:17:10.219 debug1: SSH2_MSG_KEXINIT received [preauth]
4696 2024-08-01 11:17:10.219 debug2: local server KEXINIT proposal [preauth]
4696 2024-08-01 11:17:10.219 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4696 2024-08-01 11:17:10.219 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4696 2024-08-01 11:17:10.219 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4696 2024-08-01 11:17:10.219 debug2: compression ctos: none,zlib@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: compression stoc: none,zlib@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: languages ctos:  [preauth]
4696 2024-08-01 11:17:10.219 debug2: languages stoc:  [preauth]
4696 2024-08-01 11:17:10.219 debug2: first_kex_follows 0  [preauth]
4696 2024-08-01 11:17:10.219 debug2: reserved 0  [preauth]
4696 2024-08-01 11:17:10.219 debug2: peer client KEXINIT proposal [preauth]
4696 2024-08-01 11:17:10.219 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
4696 2024-08-01 11:17:10.219 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4696 2024-08-01 11:17:10.219 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4696 2024-08-01 11:17:10.219 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4696 2024-08-01 11:17:10.219 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
4696 2024-08-01 11:17:10.219 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
4696 2024-08-01 11:17:10.219 debug2: languages ctos:  [preauth]
4696 2024-08-01 11:17:10.219 debug2: languages stoc:  [preauth]
4696 2024-08-01 11:17:10.219 debug2: first_kex_follows 0  [preauth]
4696 2024-08-01 11:17:10.219 debug2: reserved 0  [preauth]
4696 2024-08-01 11:17:10.219 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
4696 2024-08-01 11:17:10.219 debug1: kex: algorithm: curve25519-sha256 [preauth]
4696 2024-08-01 11:17:10.219 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
4696 2024-08-01 11:17:10.219 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4696 2024-08-01 11:17:10.219 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4696 2024-08-01 11:17:10.219 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4696 2024-08-01 11:17:10.219 debug3: receive packet: type 30 [preauth]
4696 2024-08-01 11:17:10.219 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_sshkey_sign: entering [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_request_send: entering, type 6 [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:10.219 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.219 debug3: monitor_read: checking request 6
4696 2024-08-01 11:17:10.219 debug3: mm_answer_sign: entering
4696 2024-08-01 11:17:10.219 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
4696 2024-08-01 11:17:10.219 debug3: mm_request_send: entering, type 7
4696 2024-08-01 11:17:10.219 debug2: monitor_read: 6 used once, disabling now
4696 2024-08-01 11:17:10.219 debug3: send packet: type 31 [preauth]
4696 2024-08-01 11:17:10.219 debug3: send packet: type 21 [preauth]
4696 2024-08-01 11:17:10.219 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
4696 2024-08-01 11:17:10.219 debug2: ssh_set_newkeys: mode 1 [preauth]
4696 2024-08-01 11:17:10.219 debug1: rekey out after 134217728 blocks [preauth]
4696 2024-08-01 11:17:10.219 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4696 2024-08-01 11:17:10.219 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4696 2024-08-01 11:17:10.219 debug3: send packet: type 7 [preauth]
4696 2024-08-01 11:17:10.219 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4696 2024-08-01 11:17:10.219 debug3: receive packet: type 21 [preauth]
4696 2024-08-01 11:17:10.219 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
4696 2024-08-01 11:17:10.219 debug1: SSH2_MSG_NEWKEYS received [preauth]
4696 2024-08-01 11:17:10.219 debug2: ssh_set_newkeys: mode 0 [preauth]
4696 2024-08-01 11:17:10.219 debug1: rekey in after 134217728 blocks [preauth]
4696 2024-08-01 11:17:10.219 debug1: KEX done [preauth]
4696 2024-08-01 11:17:10.250 debug3: receive packet: type 5 [preauth]
4696 2024-08-01 11:17:10.250 debug3: send packet: type 6 [preauth]
4696 2024-08-01 11:17:10.250 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:10.250 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
4696 2024-08-01 11:17:10.250 debug1: attempt 0 failures 0 [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_getpwnamallow: entering [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_request_send: entering, type 8 [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:10.250 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.250 debug3: monitor_read: checking request 8
4696 2024-08-01 11:17:10.250 debug3: mm_answer_pwnamallow: entering
4696 2024-08-01 11:17:10.250 debug2: parse_server_config_depth: config reprocess config len 2367
4696 2024-08-01 11:17:10.250 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
4696 2024-08-01 11:17:10.266 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4696 2024-08-01 11:17:10.266 debug3: LsaLogonUser Succeeded (Impersonation: 0)
4696 2024-08-01 11:17:10.266 debug1: user 2022testing\\rstrom matched group list administrators at line 92
4696 2024-08-01 11:17:10.266 debug3: match found
4696 2024-08-01 11:17:10.266 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4696 2024-08-01 11:17:10.266 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
4696 2024-08-01 11:17:10.266 debug3: mm_request_send: entering, type 9
4696 2024-08-01 11:17:10.266 debug2: monitor_read: 8 used once, disabling now
4696 2024-08-01 11:17:10.266 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
4696 2024-08-01 11:17:10.266 debug3: channel_clear_timeouts: clearing [preauth]
4696 2024-08-01 11:17:10.266 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_inform_authserv: entering [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_send: entering, type 4 [preauth]
4696 2024-08-01 11:17:10.266 debug2: input_userauth_request: try method none [preauth]
4696 2024-08-01 11:17:10.266 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4696 2024-08-01 11:17:10.266 debug3: send packet: type 51 [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.266 debug3: monitor_read: checking request 4
4696 2024-08-01 11:17:10.266 debug3: mm_answer_authserv: service=ssh-connection, style=
4696 2024-08-01 11:17:10.266 debug2: monitor_read: 4 used once, disabling now
4696 2024-08-01 11:17:10.266 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:10.266 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4696 2024-08-01 11:17:10.266 debug1: attempt 1 failures 0 [preauth]
4696 2024-08-01 11:17:10.266 debug2: input_userauth_request: try method publickey [preauth]
4696 2024-08-01 11:17:10.266 debug2: userauth_pubkey: valid user rstrom querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABgQCXvGKoIjdvag4QYh2nA7cWRCwIhhq5sZhBm0oLeUz4ezSN67L5Yj/zAAgGoBcYVoaeTEejb2ZkzzrAd7WPkFpZsp72KKAjeoTR099fvvWNv5sLJA+GaUVQG24e6/+Ivx2UAX9II6TnxsK+NR+UdjwzSXA25VgdL5iUvdeXv0qGuO6rIgHI3NflZG95e3/0+ye/e1ZuQ53D6259RMfQkJSiZUmS0kaES7TgaNygl+97uomSNLJq3/tzlr1/ABVHq1UqdaQF8EDr7w1SfABGmJD1a7KDko2a+W19Sp53UCKCHiAMH7kRt30GVyy7KNSsrtlVzW5IGrseTgbXLXepY53DadilEq8mvMNT4uAFt62fbUfP5h7t/vTnf/JsXedOiGIDLyVfUyh5lnes0rUAsX0ECRT8eeckBd9WzBoMfO0SdES/952mN8/whYHy5nf6Bb6MvIy8Nt1zkks3s+nfxBYWZHFXgmzoG92SXvN20Nv223ivUDFRBql2XOnmABtZ2n0= [preauth]
4696 2024-08-01 11:17:10.266 debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_key_allowed: entering [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_send: entering, type 22 [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:10.266 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.266 debug3: monitor_read: checking request 22
4696 2024-08-01 11:17:10.266 debug3: mm_answer_keyallowed: entering
4696 2024-08-01 11:17:10.266 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4696 2024-08-01 11:17:10.266 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4696 2024-08-01 11:17:10.266 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4696 2024-08-01 11:17:10.266 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4696 2024-08-01 11:17:10.266 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
4696 2024-08-01 11:17:10.266 Failed publickey for rstrom from 192.168.42.1 port 38324 ssh2: RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM
4696 2024-08-01 11:17:10.266 debug3: mm_request_send: entering, type 23
4696 2024-08-01 11:17:10.266 debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
4696 2024-08-01 11:17:10.266 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4696 2024-08-01 11:17:10.266 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4696 2024-08-01 11:17:10.282 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4696 2024-08-01 11:17:10.282 debug3: send packet: type 51 [preauth]
4696 2024-08-01 11:17:10.282 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:10.282 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4696 2024-08-01 11:17:10.282 debug1: attempt 2 failures 1 [preauth]
4696 2024-08-01 11:17:10.282 debug2: input_userauth_request: try method publickey [preauth]
4696 2024-08-01 11:17:10.282 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPESjHdmvcmvmFLFCDdVqtK5OokwC5DNHgzDdLx6Pva0 [preauth]
4696 2024-08-01 11:17:10.282 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_key_allowed: entering [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_request_send: entering, type 22 [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:10.282 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.282 debug3: monitor_read: checking request 22
4696 2024-08-01 11:17:10.282 debug3: mm_answer_keyallowed: entering
4696 2024-08-01 11:17:10.282 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4696 2024-08-01 11:17:10.282 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4696 2024-08-01 11:17:10.282 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4696 2024-08-01 11:17:10.282 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4696 2024-08-01 11:17:10.282 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
4696 2024-08-01 11:17:10.282 Failed publickey for rstrom from 192.168.42.1 port 38324 ssh2: ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA
4696 2024-08-01 11:17:10.282 debug3: mm_request_send: entering, type 23
4696 2024-08-01 11:17:10.282 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
4696 2024-08-01 11:17:10.282 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4696 2024-08-01 11:17:10.282 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4696 2024-08-01 11:17:10.297 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4696 2024-08-01 11:17:10.297 debug3: send packet: type 51 [preauth]
4696 2024-08-01 11:17:10.297 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:10.297 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4696 2024-08-01 11:17:10.297 debug1: attempt 3 failures 2 [preauth]
4696 2024-08-01 11:17:10.297 debug2: input_userauth_request: try method publickey [preauth]
4696 2024-08-01 11:17:10.297 debug2: userauth_pubkey: valid user rstrom querying public key sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODUWSYLsX2lMWrAlbguU3jHZRO5g6Oo5Fk/kZieyYXMCGkXFVRF7+O57B7bVsyNHSNf944fjyiEOPF3RKtma+AAAAAEc3NoOg== [preauth]
4696 2024-08-01 11:17:10.297 debug1: userauth_pubkey: publickey test pkalg sk-ecdsa-sha2-nistp256@openssh.com pkblob ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_key_allowed: entering [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_request_send: entering, type 22 [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:10.297 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:10.297 debug3: monitor_read: checking request 22
4696 2024-08-01 11:17:10.297 debug3: mm_answer_keyallowed: entering
4696 2024-08-01 11:17:10.297 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4696 2024-08-01 11:17:10.297 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4696 2024-08-01 11:17:10.297 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4696 2024-08-01 11:17:10.297 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4696 2024-08-01 11:17:10.297 debug3: mm_answer_keyallowed: publickey authentication test: ECDSA-SK key is not allowed
4696 2024-08-01 11:17:10.297 Failed publickey for rstrom from 192.168.42.1 port 38324 ssh2: ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go
4696 2024-08-01 11:17:10.297 debug3: mm_request_send: entering, type 23
4696 2024-08-01 11:17:10.297 debug2: userauth_pubkey: authenticated 0 pkalg sk-ecdsa-sha2-nistp256@openssh.com [preauth]
4696 2024-08-01 11:17:10.297 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4696 2024-08-01 11:17:10.297 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4696 2024-08-01 11:17:10.313 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4696 2024-08-01 11:17:10.313 debug3: send packet: type 51 [preauth]
4696 2024-08-01 11:17:10.313 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:10.313 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
4696 2024-08-01 11:17:10.313 debug1: attempt 4 failures 3 [preauth]
4696 2024-08-01 11:17:10.313 debug2: input_userauth_request: try method keyboard-interactive [preauth]
4696 2024-08-01 11:17:10.313 debug1: keyboard-interactive devs  [preauth]
4696 2024-08-01 11:17:10.313 debug1: auth2_challenge: user=rstrom devs= [preauth]
4696 2024-08-01 11:17:10.313 debug1: kbdint_alloc: devices '' [preauth]
4696 2024-08-01 11:17:10.313 debug2: auth2_challenge_start: devices  [preauth]
4696 2024-08-01 11:17:10.313 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4696 2024-08-01 11:17:10.313 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4696 2024-08-01 11:17:10.329 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4696 2024-08-01 11:17:10.329 debug3: send packet: type 51 [preauth]
4696 2024-08-01 11:17:13.821 debug3: receive packet: type 50 [preauth]
4696 2024-08-01 11:17:13.821 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
4696 2024-08-01 11:17:13.821 debug1: attempt 5 failures 4 [preauth]
4696 2024-08-01 11:17:13.821 debug2: input_userauth_request: try method password [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_auth_password: entering [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_request_send: entering, type 12 [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_request_receive_expect: entering, type 13 [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_request_receive: entering [preauth]
4696 2024-08-01 11:17:13.821 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:13.821 debug3: monitor_read: checking request 12
4696 2024-08-01 11:17:13.837 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4696 2024-08-01 11:17:13.852 debug3: mm_answer_authpassword: sending result 1
4696 2024-08-01 11:17:13.852 debug3: mm_answer_authpassword: sending result 1
4696 2024-08-01 11:17:13.852 debug3: mm_request_send: entering, type 13
4696 2024-08-01 11:17:13.852 Accepted password for rstrom from 192.168.42.1 port 38324 ssh2
4696 2024-08-01 11:17:13.852 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
4696 2024-08-01 11:17:13.852 debug3: mm_get_keystate: Waiting for new keys
4696 2024-08-01 11:17:13.852 debug3: mm_request_receive_expect: entering, type 26
4696 2024-08-01 11:17:13.852 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:13.886 debug3: mm_get_keystate: GOT new keys
4696 2024-08-01 11:17:13.886 debug3: mm_auth_password: user authenticated [preauth]
4696 2024-08-01 11:17:13.886 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4696 2024-08-01 11:17:13.886 debug3: ensure_minimum_time_since: elapsed 31.000ms, delaying 28.051ms (requested 7.381ms) [preauth]
4696 2024-08-01 11:17:13.886 debug3: send packet: type 52 [preauth]
4696 2024-08-01 11:17:13.886 debug3: mm_request_send: entering, type 26 [preauth]
4696 2024-08-01 11:17:13.886 debug3: mm_send_keystate: Finished sending state [preauth]
4696 2024-08-01 11:17:13.886 debug1: monitor_read_log: child log fd closed
4696 2024-08-01 11:17:13.886 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
4696 2024-08-01 11:17:13.886 User child is on pid 3152
4696 2024-08-01 11:17:13.886 debug3: send_rexec_state: entering fd = 5 config len 2367
4696 2024-08-01 11:17:13.886 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:13.886 debug3: send_rexec_state: done
4696 2024-08-01 11:17:13.886 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:13.886 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:13.886 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:13.886 debug3: ssh_msg_send: type 0
4696 2024-08-01 11:17:13.902 debug3: ssh_msg_send: type 0
3152 2024-08-01 11:17:13.902 debug3: process_channel_timeouts: setting 0 timeouts
3152 2024-08-01 11:17:13.902 debug3: channel_clear_timeouts: clearing
3152 2024-08-01 11:17:13.902 debug3: recv_idexch_state: entering fd = 3
3152 2024-08-01 11:17:13.902 debug3: ssh_msg_recv entering
3152 2024-08-01 11:17:13.902 debug3: recv_idexch_state: done
3152 2024-08-01 11:17:13.902 debug2: fd 5 setting O_NONBLOCK
3152 2024-08-01 11:17:13.902 debug3: recv_autxctx_state: entering fd = 3
3152 2024-08-01 11:17:13.902 debug3: ssh_msg_recv entering
3152 2024-08-01 11:17:13.902 debug3: recv_autxctx_state: done
3152 2024-08-01 11:17:13.902 debug2: parse_server_config_depth: config reprocess config len 2367
3152 2024-08-01 11:17:13.902 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
3152 2024-08-01 11:17:13.902 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
3152 2024-08-01 11:17:13.902 debug1: user 2022testing\\rstrom matched group list administrators at line 92
3152 2024-08-01 11:17:13.902 debug3: match found
3152 2024-08-01 11:17:13.902 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4696 2024-08-01 11:17:13.902 debug3: monitor_recv_keystate: entering 
4696 2024-08-01 11:17:13.902 debug3: ssh_msg_recv entering
4696 2024-08-01 11:17:13.902 debug3: monitor_recv_keystate: done
4696 2024-08-01 11:17:13.902 debug3: monitor_apply_keystate: packet_set_state
4696 2024-08-01 11:17:13.902 debug2: ssh_set_newkeys: mode 0
4696 2024-08-01 11:17:13.902 debug1: rekey in after 134217728 blocks
4696 2024-08-01 11:17:13.902 debug2: ssh_set_newkeys: mode 1
4696 2024-08-01 11:17:13.902 debug1: rekey out after 134217728 blocks
4696 2024-08-01 11:17:13.902 debug1: ssh_packet_set_postauth: called
4696 2024-08-01 11:17:13.902 debug3: ssh_packet_set_state: done
4696 2024-08-01 11:17:13.902 debug3: monitor_recv_authopt: entering 
4696 2024-08-01 11:17:13.902 debug3: ssh_msg_recv entering
4696 2024-08-01 11:17:13.902 debug3: monitor_recv_authopt: done
4696 2024-08-01 11:17:13.902 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
4696 2024-08-01 11:17:13.902 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
4696 2024-08-01 11:17:13.902 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
4696 2024-08-01 11:17:13.902 debug3: notify_hostkeys: sent 3 hostkeys
4696 2024-08-01 11:17:13.902 debug3: send packet: type 80
4696 2024-08-01 11:17:13.902 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4696 2024-08-01 11:17:13.902 debug1: Entering interactive session for SSH2.
4696 2024-08-01 11:17:13.902 debug1: server_init_dispatch
4696 2024-08-01 11:17:13.902 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
4696 2024-08-01 11:17:13.902 debug3: pselect_notify_setup: initializing
4696 2024-08-01 11:17:13.902 debug2: fd 10 setting O_NONBLOCK
4696 2024-08-01 11:17:13.902 debug2: fd 8 setting O_NONBLOCK
4696 2024-08-01 11:17:13.902 debug3: pselect_notify_setup: pid 3152 saved 3152 pipe0 10 pipe1 8
4696 2024-08-01 11:17:13.902 debug3: receive packet: type 90
4696 2024-08-01 11:17:13.902 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
4696 2024-08-01 11:17:13.902 debug1: input_session_request
4696 2024-08-01 11:17:13.902 debug1: channel 0: new session [server-session] (inactive timeout: 0)
4696 2024-08-01 11:17:13.902 debug2: session_new: allocate (allocated 0 max 10)
4696 2024-08-01 11:17:13.902 debug3: session_unused: session id 0 unused
4696 2024-08-01 11:17:13.902 debug1: session_new: session 0
4696 2024-08-01 11:17:13.902 debug1: session_open: channel 0
4696 2024-08-01 11:17:13.902 debug1: session_open: session 0: link with channel 0
4696 2024-08-01 11:17:13.902 debug1: server_input_channel_open: confirm session
4696 2024-08-01 11:17:13.902 debug3: send packet: type 91
4696 2024-08-01 11:17:13.902 debug3: receive packet: type 80
4696 2024-08-01 11:17:13.902 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
4696 2024-08-01 11:17:13.949 debug3: receive packet: type 98
4696 2024-08-01 11:17:13.949 debug1: server_input_channel_req: channel 0 request env reply 0
4696 2024-08-01 11:17:13.949 debug1: session_by_channel: session 0 channel 0
4696 2024-08-01 11:17:13.949 debug1: session_input_channel_req: session 0 req env
4696 2024-08-01 11:17:13.949 debug2: Ignoring env request LANG: disallowed name
4696 2024-08-01 11:17:13.949 debug3: receive packet: type 98
4696 2024-08-01 11:17:13.949 debug1: server_input_channel_req: channel 0 request exec reply 1
4696 2024-08-01 11:17:13.949 debug1: session_by_channel: session 0 channel 0
4696 2024-08-01 11:17:13.949 debug1: session_input_channel_req: session 0 req exec
4696 2024-08-01 11:17:13.949 debug2: channel_set_xtype: labeled channel 0 as session:command (inactive timeout 0)
4696 2024-08-01 11:17:13.949 Starting session: command for 2022testing\\\\rstrom from 192.168.42.1 port 38324 id 0
4696 2024-08-01 11:17:13.949 debug2: fd 9 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug2: fd 11 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug2: fd 12 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug2: fd 13 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug2: fd 14 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug2: fd 15 setting O_NONBLOCK
4696 2024-08-01 11:17:13.949 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4696 2024-08-01 11:17:13.949 debug3: shell_option: -c
4696 2024-08-01 11:17:13.949 debug3: exec_command: scp.exe -f C:\\\\ProgramData\\\\ssh\\\\logs\\\\sshd.log
4696 2024-08-01 11:17:13.949 debug3: arg escape option: TRUE
4696 2024-08-01 11:17:13.949 debug3: spawn_argv[0]: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4696 2024-08-01 11:17:13.949 debug3: spawning "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe" -c "scp.exe -f C:\\\\ProgramData\\\\ssh\\\\logs\\\\sshd.log" as subprocess
4696 2024-08-01 11:17:13.965 debug2: fd 5 setting TCP_NODELAY
4696 2024-08-01 11:17:13.965 debug3: fd 12 is O_NONBLOCK
4696 2024-08-01 11:17:13.965 debug3: fd 11 is O_NONBLOCK
4696 2024-08-01 11:17:13.965 debug3: fd 14 is O_NONBLOCK
4696 2024-08-01 11:17:13.965 debug3: send packet: type 99
4696 2024-08-01 11:17:14.215 debug3: receive packet: type 96
4696 2024-08-01 11:17:14.215 debug2: channel 0: rcvd eof
4696 2024-08-01 11:17:14.215 debug2: channel 0: output open -> drain
4696 2024-08-01 11:17:14.215 debug2: channel 0: obuf empty
4696 2024-08-01 11:17:14.215 debug2: chan_shutdown_write: channel 0: (i0 o1 sock -1 wfd 11 efd 14 [read])
4696 2024-08-01 11:17:14.215 debug2: channel 0: output drain -> closed
4696 2024-08-01 11:17:14.371 debug2: channel 0: read failed rfd 12 maxlen 32768: Broken pipe
4696 2024-08-01 11:17:14.371 debug2: channel 0: read failed
4696 2024-08-01 11:17:14.371 debug2: chan_shutdown_read: channel 0: (i0 o3 sock -1 wfd 12 efd 14 [read])
4696 2024-08-01 11:17:14.371 debug2: channel 0: input open -> drain
4696 2024-08-01 11:17:14.371 debug2: channel 0: read 0 from efd 14
4696 2024-08-01 11:17:14.371 debug2: channel 0: closing read-efd 14
4696 2024-08-01 11:17:14.371 debug2: channel 0: ibuf empty
4696 2024-08-01 11:17:14.371 debug2: channel 0: send eof
4696 2024-08-01 11:17:14.371 debug3: send packet: type 96
4696 2024-08-01 11:17:14.371 debug2: channel 0: input drain -> closed
4696 2024-08-01 11:17:14.387 debug2: pselect_notify_done: reading
4696 2024-08-01 11:17:14.387 debug1: Received SIGCHLD.
4696 2024-08-01 11:17:14.387 debug1: session_by_pid: pid 1376
4696 2024-08-01 11:17:14.387 debug2: channel 0: request exit-status confirm 0
4696 2024-08-01 11:17:14.387 debug3: send packet: type 98
4696 2024-08-01 11:17:14.387 debug1: session_exit_message: session 0 channel 0 pid 1376 exit 1
4696 2024-08-01 11:17:14.387 debug1: session_exit_message: release channel 0
4696 2024-08-01 11:17:14.387 debug2: channel 0: send close
4696 2024-08-01 11:17:14.387 debug3: send packet: type 97
4696 2024-08-01 11:17:14.387 debug3: channel 0: will not send data after close
4696 2024-08-01 11:17:14.387 debug3: receive packet: type 97
4696 2024-08-01 11:17:14.387 debug2: channel 0: rcvd close
4696 2024-08-01 11:17:14.387 debug3: channel 0: will not send data after close
4696 2024-08-01 11:17:14.387 debug2: channel 0: is dead
4696 2024-08-01 11:17:14.387 debug2: channel 0: gc: notify user
4696 2024-08-01 11:17:14.387 debug1: session_by_channel: session 0 channel 0
4696 2024-08-01 11:17:14.387 debug1: session_close_by_channel: channel 0 child 0
4696 2024-08-01 11:17:14.387 Close session: user 2022testing\\\\rstrom from 192.168.42.1 port 38324 id 0
4696 2024-08-01 11:17:14.387 debug3: session_unused: session id 0 unused
4696 2024-08-01 11:17:14.387 debug2: channel 0: gc: user detached
4696 2024-08-01 11:17:14.387 debug2: channel 0: is dead
4696 2024-08-01 11:17:14.387 debug2: channel 0: garbage collecting
4696 2024-08-01 11:17:14.387 debug1: channel 0: free: server-session, nchannels 1
4696 2024-08-01 11:17:14.387 debug3: channel 0: status: The following connections are open:\\r\\n  #0 server-session (t4 [session:command] r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1 io 0x00/0x00)\\r\\n
4696 2024-08-01 11:17:14.387 debug3: receive packet: type 1
4696 2024-08-01 11:17:14.387 Received disconnect from 192.168.42.1 port 38324:11: disconnected by user
4696 2024-08-01 11:17:14.387 Disconnected from 192.168.42.1 port 38324
4696 2024-08-01 11:17:14.387 debug1: do_cleanup
4696 2024-08-01 11:17:14.387 debug3: mm_request_receive: entering
4696 2024-08-01 11:17:14.387 debug1: do_cleanup
3660 2024-08-01 11:17:14.402 debug2: pselect_notify_done: reading
3660 2024-08-01 11:17:31.493 debug3: fd 6 is not O_NONBLOCK
3660 2024-08-01 11:17:31.493 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
3660 2024-08-01 11:17:31.493 debug3: send_rexec_state: entering fd = 10 config len 2367
3660 2024-08-01 11:17:31.493 debug3: ssh_msg_send: type 0
3660 2024-08-01 11:17:31.493 debug3: send_rexec_state: done
4612 2024-08-01 11:17:31.509 debug1: inetd sockets after dupping: 4, 4
4612 2024-08-01 11:17:31.509 debug3: process_channel_timeouts: setting 0 timeouts
4612 2024-08-01 11:17:31.509 debug3: channel_clear_timeouts: clearing
4612 2024-08-01 11:17:31.509 Connection from 192.168.42.1 port 46218 on 192.168.42.141 port 22
4612 2024-08-01 11:17:31.509 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
4612 2024-08-01 11:17:31.509 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
4612 2024-08-01 11:17:31.509 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
4612 2024-08-01 11:17:31.509 debug2: fd 4 setting O_NONBLOCK
4612 2024-08-01 11:17:31.524 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
4612 2024-08-01 11:17:31.524 debug2: Network child is on pid 3596
4612 2024-08-01 11:17:31.524 debug3: send_rexec_state: entering fd = 6 config len 2367
4612 2024-08-01 11:17:31.524 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:31.524 debug3: send_rexec_state: done
4612 2024-08-01 11:17:31.524 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:31.524 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:31.524 debug3: preauth child monitor started
4612 2024-08-01 11:17:31.540 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
4612 2024-08-01 11:17:31.540 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4612 2024-08-01 11:17:31.540 debug3: send packet: type 20 [preauth]
4612 2024-08-01 11:17:31.540 debug1: SSH2_MSG_KEXINIT sent [preauth]
4612 2024-08-01 11:17:31.540 debug3: receive packet: type 20 [preauth]
4612 2024-08-01 11:17:31.540 debug1: SSH2_MSG_KEXINIT received [preauth]
4612 2024-08-01 11:17:31.540 debug2: local server KEXINIT proposal [preauth]
4612 2024-08-01 11:17:31.540 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
4612 2024-08-01 11:17:31.540 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4612 2024-08-01 11:17:31.540 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
4612 2024-08-01 11:17:31.540 debug2: compression ctos: none,zlib@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: compression stoc: none,zlib@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: languages ctos:  [preauth]
4612 2024-08-01 11:17:31.540 debug2: languages stoc:  [preauth]
4612 2024-08-01 11:17:31.540 debug2: first_kex_follows 0  [preauth]
4612 2024-08-01 11:17:31.540 debug2: reserved 0  [preauth]
4612 2024-08-01 11:17:31.540 debug2: peer client KEXINIT proposal [preauth]
4612 2024-08-01 11:17:31.540 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
4612 2024-08-01 11:17:31.540 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
4612 2024-08-01 11:17:31.540 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4612 2024-08-01 11:17:31.540 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
4612 2024-08-01 11:17:31.540 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
4612 2024-08-01 11:17:31.540 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
4612 2024-08-01 11:17:31.540 debug2: languages ctos:  [preauth]
4612 2024-08-01 11:17:31.540 debug2: languages stoc:  [preauth]
4612 2024-08-01 11:17:31.540 debug2: first_kex_follows 0  [preauth]
4612 2024-08-01 11:17:31.540 debug2: reserved 0  [preauth]
4612 2024-08-01 11:17:31.540 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
4612 2024-08-01 11:17:31.540 debug1: kex: algorithm: curve25519-sha256 [preauth]
4612 2024-08-01 11:17:31.540 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
4612 2024-08-01 11:17:31.540 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4612 2024-08-01 11:17:31.540 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
4612 2024-08-01 11:17:31.540 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
4612 2024-08-01 11:17:31.540 debug3: receive packet: type 30 [preauth]
4612 2024-08-01 11:17:31.540 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_sshkey_sign: entering [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_request_send: entering, type 6 [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_request_receive_expect: entering, type 7 [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:31.540 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.540 debug3: monitor_read: checking request 6
4612 2024-08-01 11:17:31.540 debug3: mm_answer_sign: entering
4612 2024-08-01 11:17:31.540 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
4612 2024-08-01 11:17:31.540 debug3: mm_request_send: entering, type 7
4612 2024-08-01 11:17:31.540 debug2: monitor_read: 6 used once, disabling now
4612 2024-08-01 11:17:31.540 debug3: send packet: type 31 [preauth]
4612 2024-08-01 11:17:31.540 debug3: send packet: type 21 [preauth]
4612 2024-08-01 11:17:31.540 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
4612 2024-08-01 11:17:31.540 debug2: ssh_set_newkeys: mode 1 [preauth]
4612 2024-08-01 11:17:31.540 debug1: rekey out after 134217728 blocks [preauth]
4612 2024-08-01 11:17:31.540 debug1: SSH2_MSG_NEWKEYS sent [preauth]
4612 2024-08-01 11:17:31.540 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
4612 2024-08-01 11:17:31.540 debug3: send packet: type 7 [preauth]
4612 2024-08-01 11:17:31.540 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
4612 2024-08-01 11:17:31.556 debug3: receive packet: type 21 [preauth]
4612 2024-08-01 11:17:31.556 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
4612 2024-08-01 11:17:31.556 debug1: SSH2_MSG_NEWKEYS received [preauth]
4612 2024-08-01 11:17:31.556 debug2: ssh_set_newkeys: mode 0 [preauth]
4612 2024-08-01 11:17:31.556 debug1: rekey in after 134217728 blocks [preauth]
4612 2024-08-01 11:17:31.556 debug1: KEX done [preauth]
4612 2024-08-01 11:17:31.572 debug3: receive packet: type 5 [preauth]
4612 2024-08-01 11:17:31.572 debug3: send packet: type 6 [preauth]
4612 2024-08-01 11:17:31.572 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:31.572 debug1: userauth-request for user rstrom service ssh-connection method none [preauth]
4612 2024-08-01 11:17:31.572 debug1: attempt 0 failures 0 [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_getpwnamallow: entering [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_request_send: entering, type 8 [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_request_receive_expect: entering, type 9 [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:31.572 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.572 debug3: monitor_read: checking request 8
4612 2024-08-01 11:17:31.572 debug3: mm_answer_pwnamallow: entering
4612 2024-08-01 11:17:31.572 debug2: parse_server_config_depth: config reprocess config len 2367
4612 2024-08-01 11:17:31.572 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
4612 2024-08-01 11:17:31.587 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4612 2024-08-01 11:17:31.587 debug3: LsaLogonUser Succeeded (Impersonation: 0)
4612 2024-08-01 11:17:31.587 debug1: user 2022testing\\rstrom matched group list administrators at line 92
4612 2024-08-01 11:17:31.587 debug3: match found
4612 2024-08-01 11:17:31.587 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4612 2024-08-01 11:17:31.587 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
4612 2024-08-01 11:17:31.587 debug3: mm_request_send: entering, type 9
4612 2024-08-01 11:17:31.587 debug2: monitor_read: 8 used once, disabling now
4612 2024-08-01 11:17:31.587 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
4612 2024-08-01 11:17:31.587 debug3: channel_clear_timeouts: clearing [preauth]
4612 2024-08-01 11:17:31.587 debug2: input_userauth_request: setting up authctxt for rstrom [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_inform_authserv: entering [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_send: entering, type 4 [preauth]
4612 2024-08-01 11:17:31.587 debug2: input_userauth_request: try method none [preauth]
4612 2024-08-01 11:17:31.587 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4612 2024-08-01 11:17:31.587 debug3: send packet: type 51 [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.587 debug3: monitor_read: checking request 4
4612 2024-08-01 11:17:31.587 debug3: mm_answer_authserv: service=ssh-connection, style=
4612 2024-08-01 11:17:31.587 debug2: monitor_read: 4 used once, disabling now
4612 2024-08-01 11:17:31.587 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:31.587 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4612 2024-08-01 11:17:31.587 debug1: attempt 1 failures 0 [preauth]
4612 2024-08-01 11:17:31.587 debug2: input_userauth_request: try method publickey [preauth]
4612 2024-08-01 11:17:31.587 debug2: userauth_pubkey: valid user rstrom querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABgQCXvGKoIjdvag4QYh2nA7cWRCwIhhq5sZhBm0oLeUz4ezSN67L5Yj/zAAgGoBcYVoaeTEejb2ZkzzrAd7WPkFpZsp72KKAjeoTR099fvvWNv5sLJA+GaUVQG24e6/+Ivx2UAX9II6TnxsK+NR+UdjwzSXA25VgdL5iUvdeXv0qGuO6rIgHI3NflZG95e3/0+ye/e1ZuQ53D6259RMfQkJSiZUmS0kaES7TgaNygl+97uomSNLJq3/tzlr1/ABVHq1UqdaQF8EDr7w1SfABGmJD1a7KDko2a+W19Sp53UCKCHiAMH7kRt30GVyy7KNSsrtlVzW5IGrseTgbXLXepY53DadilEq8mvMNT4uAFt62fbUfP5h7t/vTnf/JsXedOiGIDLyVfUyh5lnes0rUAsX0ECRT8eeckBd9WzBoMfO0SdES/952mN8/whYHy5nf6Bb6MvIy8Nt1zkks3s+nfxBYWZHFXgmzoG92SXvN20Nv223ivUDFRBql2XOnmABtZ2n0= [preauth]
4612 2024-08-01 11:17:31.587 debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_key_allowed: entering [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_send: entering, type 22 [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:31.587 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.587 debug3: monitor_read: checking request 22
4612 2024-08-01 11:17:31.587 debug3: mm_answer_keyallowed: entering
4612 2024-08-01 11:17:31.587 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4612 2024-08-01 11:17:31.587 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4612 2024-08-01 11:17:31.587 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4612 2024-08-01 11:17:31.587 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4612 2024-08-01 11:17:31.587 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
4612 2024-08-01 11:17:31.587 Failed publickey for rstrom from 192.168.42.1 port 46218 ssh2: RSA SHA256:BOp0Qwtdl2V1rgjXYP2P6YD4vax6ewlh6PCsCQAW4UM
4612 2024-08-01 11:17:31.587 debug3: mm_request_send: entering, type 23
4612 2024-08-01 11:17:31.587 debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
4612 2024-08-01 11:17:31.587 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4612 2024-08-01 11:17:31.587 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4612 2024-08-01 11:17:31.603 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4612 2024-08-01 11:17:31.603 debug3: send packet: type 51 [preauth]
4612 2024-08-01 11:17:31.603 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:31.603 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4612 2024-08-01 11:17:31.603 debug1: attempt 2 failures 1 [preauth]
4612 2024-08-01 11:17:31.603 debug2: input_userauth_request: try method publickey [preauth]
4612 2024-08-01 11:17:31.603 debug2: userauth_pubkey: valid user rstrom querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPESjHdmvcmvmFLFCDdVqtK5OokwC5DNHgzDdLx6Pva0 [preauth]
4612 2024-08-01 11:17:31.603 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_key_allowed: entering [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_request_send: entering, type 22 [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:31.603 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.603 debug3: monitor_read: checking request 22
4612 2024-08-01 11:17:31.603 debug3: mm_answer_keyallowed: entering
4612 2024-08-01 11:17:31.603 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4612 2024-08-01 11:17:31.603 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4612 2024-08-01 11:17:31.603 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4612 2024-08-01 11:17:31.603 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4612 2024-08-01 11:17:31.603 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
4612 2024-08-01 11:17:31.603 Failed publickey for rstrom from 192.168.42.1 port 46218 ssh2: ED25519 SHA256:sncsDdqwrVLV7Cx8/Us9AqxJecPvUvSy4DxIqFDuYUA
4612 2024-08-01 11:17:31.603 debug3: mm_request_send: entering, type 23
4612 2024-08-01 11:17:31.603 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
4612 2024-08-01 11:17:31.603 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4612 2024-08-01 11:17:31.603 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4612 2024-08-01 11:17:31.618 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4612 2024-08-01 11:17:31.618 debug3: send packet: type 51 [preauth]
4612 2024-08-01 11:17:31.618 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:31.618 debug1: userauth-request for user rstrom service ssh-connection method publickey [preauth]
4612 2024-08-01 11:17:31.618 debug1: attempt 3 failures 2 [preauth]
4612 2024-08-01 11:17:31.618 debug2: input_userauth_request: try method publickey [preauth]
4612 2024-08-01 11:17:31.618 debug2: userauth_pubkey: valid user rstrom querying public key sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODUWSYLsX2lMWrAlbguU3jHZRO5g6Oo5Fk/kZieyYXMCGkXFVRF7+O57B7bVsyNHSNf944fjyiEOPF3RKtma+AAAAAEc3NoOg== [preauth]
4612 2024-08-01 11:17:31.618 debug1: userauth_pubkey: publickey test pkalg sk-ecdsa-sha2-nistp256@openssh.com pkblob ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_key_allowed: entering [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_request_send: entering, type 22 [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_request_receive_expect: entering, type 23 [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:31.618 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:31.618 debug3: monitor_read: checking request 22
4612 2024-08-01 11:17:31.618 debug3: mm_answer_keyallowed: entering
4612 2024-08-01 11:17:31.618 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
4612 2024-08-01 11:17:31.618 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: check options: '��s'
4612 2024-08-01 11:17:31.618 debug2: __PROGRAMDATA__/ssh/administrators_authorized_keys:1: advance: ''
4612 2024-08-01 11:17:31.618 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/3 lines
4612 2024-08-01 11:17:31.618 debug3: mm_answer_keyallowed: publickey authentication test: ECDSA-SK key is not allowed
4612 2024-08-01 11:17:31.618 Failed publickey for rstrom from 192.168.42.1 port 46218 ssh2: ECDSA-SK SHA256:PHRutEDdZfixmHCtLN4hLQU3KqpisQx3J+XXWEJN8Go
4612 2024-08-01 11:17:31.618 debug3: mm_request_send: entering, type 23
4612 2024-08-01 11:17:31.618 debug2: userauth_pubkey: authenticated 0 pkalg sk-ecdsa-sha2-nistp256@openssh.com [preauth]
4612 2024-08-01 11:17:31.618 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4612 2024-08-01 11:17:31.618 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4612 2024-08-01 11:17:31.634 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4612 2024-08-01 11:17:31.634 debug3: send packet: type 51 [preauth]
4612 2024-08-01 11:17:31.634 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:31.634 debug1: userauth-request for user rstrom service ssh-connection method keyboard-interactive [preauth]
4612 2024-08-01 11:17:31.634 debug1: attempt 4 failures 3 [preauth]
4612 2024-08-01 11:17:31.634 debug2: input_userauth_request: try method keyboard-interactive [preauth]
4612 2024-08-01 11:17:31.634 debug1: keyboard-interactive devs  [preauth]
4612 2024-08-01 11:17:31.634 debug1: auth2_challenge: user=rstrom devs= [preauth]
4612 2024-08-01 11:17:31.634 debug1: kbdint_alloc: devices '' [preauth]
4612 2024-08-01 11:17:31.634 debug2: auth2_challenge_start: devices  [preauth]
4612 2024-08-01 11:17:31.634 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4612 2024-08-01 11:17:31.634 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 7.381ms (requested 7.381ms) [preauth]
4612 2024-08-01 11:17:31.650 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
4612 2024-08-01 11:17:31.650 debug3: send packet: type 51 [preauth]
4612 2024-08-01 11:17:34.947 debug3: receive packet: type 50 [preauth]
4612 2024-08-01 11:17:34.947 debug1: userauth-request for user rstrom service ssh-connection method password [preauth]
4612 2024-08-01 11:17:34.947 debug1: attempt 5 failures 4 [preauth]
4612 2024-08-01 11:17:34.947 debug2: input_userauth_request: try method password [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_auth_password: entering [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_request_send: entering, type 12 [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_request_receive_expect: entering, type 13 [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_request_receive: entering [preauth]
4612 2024-08-01 11:17:34.947 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:34.947 debug3: monitor_read: checking request 12
4612 2024-08-01 11:17:34.962 debug3: lookup_principal_name: Successfully discovered explicit principal name: '2022testing\\rstrom'=>'rstrom@2022TESTING.local'
4612 2024-08-01 11:17:34.962 debug3: mm_answer_authpassword: sending result 1
4612 2024-08-01 11:17:34.962 debug3: mm_answer_authpassword: sending result 1
4612 2024-08-01 11:17:34.962 debug3: mm_request_send: entering, type 13
4612 2024-08-01 11:17:34.962 Accepted password for rstrom from 192.168.42.1 port 46218 ssh2
4612 2024-08-01 11:17:34.962 debug1: monitor_child_preauth: user rstrom authenticated by privileged process
4612 2024-08-01 11:17:34.962 debug3: mm_get_keystate: Waiting for new keys
4612 2024-08-01 11:17:34.962 debug3: mm_request_receive_expect: entering, type 26
4612 2024-08-01 11:17:34.962 debug3: mm_request_receive: entering
4612 2024-08-01 11:17:34.978 debug3: mm_get_keystate: GOT new keys
4612 2024-08-01 11:17:34.978 debug3: mm_auth_password: user authenticated [preauth]
4612 2024-08-01 11:17:34.978 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
4612 2024-08-01 11:17:34.978 debug3: ensure_minimum_time_since: elapsed 15.000ms, delaying 14.526ms (requested 7.381ms) [preauth]
4612 2024-08-01 11:17:34.978 debug3: send packet: type 52 [preauth]
4612 2024-08-01 11:17:34.978 debug3: mm_request_send: entering, type 26 [preauth]
4612 2024-08-01 11:17:34.978 debug3: mm_send_keystate: Finished sending state [preauth]
4612 2024-08-01 11:17:34.978 debug1: monitor_read_log: child log fd closed
4612 2024-08-01 11:17:34.978 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -z as user
4612 2024-08-01 11:17:34.978 User child is on pid 148
4612 2024-08-01 11:17:34.978 debug3: send_rexec_state: entering fd = 5 config len 2367
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:34.978 debug3: send_rexec_state: done
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
4612 2024-08-01 11:17:34.978 debug3: ssh_msg_send: type 0
148 2024-08-01 11:17:34.994 debug3: process_channel_timeouts: setting 0 timeouts
148 2024-08-01 11:17:34.994 debug3: channel_clear_timeouts: clearing
148 2024-08-01 11:17:34.994 debug3: recv_idexch_state: entering fd = 3
148 2024-08-01 11:17:34.994 debug3: ssh_msg_recv entering
148 2024-08-01 11:17:34.994 debug3: recv_idexch_state: done
148 2024-08-01 11:17:34.994 debug2: fd 5 setting O_NONBLOCK
148 2024-08-01 11:17:34.994 debug3: recv_autxctx_state: entering fd = 3
148 2024-08-01 11:17:34.994 debug3: ssh_msg_recv entering
148 2024-08-01 11:17:34.994 debug3: recv_autxctx_state: done
148 2024-08-01 11:17:34.994 debug2: parse_server_config_depth: config reprocess config len 2367
148 2024-08-01 11:17:34.994 debug3: checking match for 'Group administrators' user 2022testing\\rstrom host 192.168.42.1 addr 192.168.42.1 laddr 192.168.42.141 lport 22
148 2024-08-01 11:17:34.994 debug3: get_user_token - i am running as 2022testing\\rstrom, returning process token
148 2024-08-01 11:17:34.994 debug1: user 2022testing\\rstrom matched group list administrators at line 92
148 2024-08-01 11:17:34.994 debug3: match found
148 2024-08-01 11:17:34.994 debug3: reprocess config:93 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
4612 2024-08-01 11:17:34.994 debug3: monitor_recv_keystate: entering 
4612 2024-08-01 11:17:34.994 debug3: ssh_msg_recv entering
4612 2024-08-01 11:17:34.994 debug3: monitor_recv_keystate: done
4612 2024-08-01 11:17:34.994 debug3: monitor_apply_keystate: packet_set_state
4612 2024-08-01 11:17:34.994 debug2: ssh_set_newkeys: mode 0
4612 2024-08-01 11:17:34.994 debug1: rekey in after 134217728 blocks
4612 2024-08-01 11:17:34.994 debug2: ssh_set_newkeys: mode 1
4612 2024-08-01 11:17:34.994 debug1: rekey out after 134217728 blocks
4612 2024-08-01 11:17:34.994 debug1: ssh_packet_set_postauth: called
4612 2024-08-01 11:17:34.994 debug3: ssh_packet_set_state: done
4612 2024-08-01 11:17:34.994 debug3: monitor_recv_authopt: entering 
4612 2024-08-01 11:17:34.994 debug3: ssh_msg_recv entering
4612 2024-08-01 11:17:34.994 debug3: monitor_recv_authopt: done
4612 2024-08-01 11:17:34.994 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:numCwkaALcEhk7C2WOF02nBKXRLXYQyObMxrvyXuLx0
4612 2024-08-01 11:17:34.994 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:xWgp34YI629m3KKifDP7vnOPhtPRY1vD5B3F9sDpxv8
4612 2024-08-01 11:17:34.994 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:cr0h50S7ktZueOJZc+1t7Mj1mZ9VKeOQ91ySSyC8fdY
4612 2024-08-01 11:17:34.994 debug3: notify_hostkeys: sent 3 hostkeys
4612 2024-08-01 11:17:34.994 debug3: send packet: type 80
4612 2024-08-01 11:17:34.994 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
4612 2024-08-01 11:17:34.994 debug1: Entering interactive session for SSH2.
4612 2024-08-01 11:17:34.994 debug1: server_init_dispatch
4612 2024-08-01 11:17:34.994 debug3: pselect: installing signal handler for 3, previous 00007FF7B439FCF0
4612 2024-08-01 11:17:34.994 debug3: pselect_notify_setup: initializing
4612 2024-08-01 11:17:34.994 debug2: fd 10 setting O_NONBLOCK
4612 2024-08-01 11:17:34.994 debug2: fd 8 setting O_NONBLOCK
4612 2024-08-01 11:17:34.994 debug3: pselect_notify_setup: pid 148 saved 148 pipe0 10 pipe1 8
4612 2024-08-01 11:17:34.994 debug3: receive packet: type 90
4612 2024-08-01 11:17:34.994 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
4612 2024-08-01 11:17:34.994 debug1: input_session_request
4612 2024-08-01 11:17:34.994 debug1: channel 0: new session [server-session] (inactive timeout: 0)
4612 2024-08-01 11:17:34.994 debug2: session_new: allocate (allocated 0 max 10)
4612 2024-08-01 11:17:34.994 debug3: session_unused: session id 0 unused
4612 2024-08-01 11:17:34.994 debug1: session_new: session 0
4612 2024-08-01 11:17:34.994 debug1: session_open: channel 0
4612 2024-08-01 11:17:34.994 debug1: session_open: session 0: link with channel 0
4612 2024-08-01 11:17:34.994 debug1: server_input_channel_open: confirm session
4612 2024-08-01 11:17:34.994 debug3: send packet: type 91
4612 2024-08-01 11:17:34.994 debug3: receive packet: type 80
4612 2024-08-01 11:17:34.994 debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
4612 2024-08-01 11:17:35.025 debug3: receive packet: type 98
4612 2024-08-01 11:17:35.025 debug1: server_input_channel_req: channel 0 request env reply 0
4612 2024-08-01 11:17:35.025 debug1: session_by_channel: session 0 channel 0
4612 2024-08-01 11:17:35.025 debug1: session_input_channel_req: session 0 req env
4612 2024-08-01 11:17:35.025 debug2: Ignoring env request LANG: disallowed name
4612 2024-08-01 11:17:35.025 debug3: receive packet: type 98
4612 2024-08-01 11:17:35.025 debug1: server_input_channel_req: channel 0 request exec reply 1
4612 2024-08-01 11:17:35.025 debug1: session_by_channel: session 0 channel 0
4612 2024-08-01 11:17:35.025 debug1: session_input_channel_req: session 0 req exec
4612 2024-08-01 11:17:35.025 debug2: channel_set_xtype: labeled channel 0 as session:command (inactive timeout 0)
4612 2024-08-01 11:17:35.025 Starting session: command for 2022testing\\\\rstrom from 192.168.42.1 port 46218 id 0
4612 2024-08-01 11:17:35.025 debug2: fd 9 setting O_NONBLOCK
4612 2024-08-01 11:17:35.025 debug2: fd 11 setting O_NONBLOCK
4612 2024-08-01 11:17:35.025 debug2: fd 12 setting O_NONBLOCK
4612 2024-08-01 11:17:35.025 debug2: fd 13 setting O_NONBLOCK
4612 2024-08-01 11:17:35.025 debug2: fd 14 setting O_NONBLOCK
4612 2024-08-01 11:17:35.025 debug2: fd 15 setting O_NONBLOCK
4612 2024-08-01 11:17:35.041 debug3: shell: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4612 2024-08-01 11:17:35.041 debug3: shell_option: -c
4612 2024-08-01 11:17:35.041 debug3: exec_command: scp.exe -f /ProgramData/ssh/logs/sshd.log
4612 2024-08-01 11:17:35.041 debug3: arg escape option: TRUE
4612 2024-08-01 11:17:35.041 debug3: spawn_argv[0]: "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe"
4612 2024-08-01 11:17:35.041 debug3: spawning "c:\\\\program files\\\\powershell\\\\7\\\\pwsh.exe" -c "scp.exe -f /ProgramData/ssh/logs/sshd.log" as subprocess
4612 2024-08-01 11:17:35.041 debug2: fd 5 setting TCP_NODELAY
4612 2024-08-01 11:17:35.041 debug3: fd 12 is O_NONBLOCK
4612 2024-08-01 11:17:35.041 debug3: fd 11 is O_NONBLOCK
4612 2024-08-01 11:17:35.041 debug3: fd 14 is O_NONBLOCK
4612 2024-08-01 11:17:35.041 debug3: send packet: type 99

[jborean93]

3724 2024-08-01 11:08:26.663 debug2: PROGRAMDATA/ssh/administrators_authorized_keys:1: check options: '��s'

I think I see what the problem is, I think something has either created the file with Unicode/UTF-16-LE encoding or you have a default parameter value set for Add-Content to do -Encoding Unicode. This line indicates that potentially it's reading non-ASCII bytes and failing to parse the file properly. You can see in your notepad screenshot it's reading the bytes as UTF-16 LE as well.

You can prove it by doing Format-Hex -Path C:\ProgramData\ssh\administrators_authorized_keys, it should be looking like this

           Path: C:\ProgramData\ssh\administrators_authorized_keys

           00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000   73 73 68 2D 65 64 32 35 35 31 39 20 41 41 41 41  ssh-ed25519 AAAA
00000010   43 33 4E 7A 61 43 31 6C 5A 44 49 31 4E 54 45 35  C3NzaC1lZDI1NTE5
00000020   41 41 41 41 49 4E 53 52 73 58 33 55 32 51 61 69  AAAAINSRsX3U2Qai
00000030   66 33 71 62 4B 59 46 49 49 6E 67 77 39 6B 6A 35  f3qbKYFIIngw9kj5
00000040   49 45 32 49 76 72 57 4E 57 35 62 72 68 4E 6D 45  IE2IvrWNW5brhNmE
00000050   20 6A 62 6F 72 65 61 6E 40 6A 62 6F 72 65 61 6E   jborean@jborean
00000060   2D 64 65 76 0D 0A                                -dev..

But in your case it's probably looking like this with 00 after every second char (and . shown on the text column)

           Path: C:\ProgramData\ssh\administrators_authorized_keys

           00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000   FF FE 73 00 73 00 68 00 2D 00 65 00 64 00 32 00  .þs.s.h.-.e.d.2.
00000010   35 00 35 00 31 00 39 00 20 00 41 00 41 00 41 00  5.5.1.9. .A.A.A.
00000020   41 00 43 00 33 00 4E 00 7A 00 61 00 43 00 31 00  A.C.3.N.z.a.C.1.
00000030   6C 00 5A 00 44 00 49 00 31 00 4E 00 54 00 45 00  l.Z.D.I.1.N.T.E.
00000040   35 00 41 00 41 00 41 00 41 00 49 00 4E 00 53 00  5.A.A.A.A.I.N.S.
00000050   52 00 73 00 58 00 33 00 55 00 32 00 51 00 61 00  R.s.X.3.U.2.Q.a.
00000060   69 00 66 00 33 00 71 00 62 00 4B 00 59 00 46 00  i.f.3.q.b.K.Y.F.
00000070   49 00 49 00 6E 00 67 00 77 00 39 00 6B 00 6A 00  I.I.n.g.w.9.k.j.
00000080   35 00 49 00 45 00 32 00 49 00 76 00 72 00 57 00  5.I.E.2.I.v.r.W.
00000090   4E 00 57 00 35 00 62 00 72 00 68 00 4E 00 6D 00  N.W.5.b.r.h.N.m.
000000A0   45 00 20 00 6A 00 62 00 6F 00 72 00 65 00 61 00  E. .j.b.o.r.e.a.
000000B0   6E 00 40 00 6A 00 62 00 6F 00 72 00 65 00 61 00  n.@.j.b.o.r.e.a.
000000C0   6E 00 2D 00 64 00 65 00 76 00 0D 00 0A 00        n.-.d.e.v.....

Adding -Encoding ASCII or -Encoding UTF8 to Add-Content will ensure that the key is being added without those 00 bytes per char. The default should not be -Encoding Unicode here but potentially your PowerShell profile is changing the default parameter set value for this cmdlet. If there are existing entries in the file you might have mixed encodings, best to start again from scratch to ensure there's nothing Unicode/UTF-16-LE about it.

[robertstrom]

You are correct ... the issue is solved. I believe that I know why it happened. I do not believe that any documentation changes need to be made on the Microsoft side for the -Encoding Ascii (but it could not hurt).

I do want to reiterate that this crazy PowerShell command to copy a key from a remote system (essentially a replacement for the ssh-copy-id command) is insane ... IMHO.

There are so many problems with the administrators_authorized_key file.

• It doesn't exist by default
• If you create a text file Notepad adds the .txt extension by default (and if you don't have view extensions turned on you don't see it)
• When you create the file you need to dork with the permissions
• and ... the crazy, insane PowerShell command to do it remotely
• And now this issue where, if you do not create the file using the crazy PowerShell command, you can get a file that is not read properly by the system and will not do key based authentication (where is the emoji for ripping my hair out ... wait ... I already don't have any)

I am pretty well versed in SSH on Linux and Mac systems and have been a Windows security engineer for over 20 years and I am very well versed and comfortable at the command line. When I compare the experience of copying keys from a remote Linux system to another Linux system it is a piece of cake. When doing this from a Windows system ... not so much.

I have a goal of transitioning our environment to using PowerShell remoting over SSH as much as possible so I am going to have to train a bunch of Windows admins, many of whom have zero to very little experience with SSH, to understand and use this.

In the end it should make things easier and more secure but this SSH key stuff .... grrrrrrrrrrrrrrrrrrrrrr ... this is kludgy at best!

IMHO

I am going to ask for another meeting with Danny to discuss this.

@jborean93 - Thanks very much!

[jborean93]

Agreed on all points there :) Glad it's starting to work for you though.

[robertstrom]

So here is what happened:

• Create blank administrators_authorized_keys file like this

echo "" > .\testing1234

Had no idea that the result would be anything but a normal blank file. But you (@jborean93) noticed that the file was not UTF-8

This seems kind of crazy to me since echoing something to a file is about as old school as it gets.

So, if you do this instead you get a file that is acceptable, one that works without issues with Windows OpenSSH

Add-Content -Force -Path .\testing123 -Value "is this UTF-8?"

All I am trying to do here is figure out the best way of populating large numbers of SSH public keys for administrators (probably in an automated manner so it would not be using the documented PowerShell command). Right now this is just testing to develop a possible method.

Ultimately we need to be able to manage these keys as new users (administrators or otherwise) need to be added and also removed. As a large enterprise, we do not want users to be spewing SSH keys all over the place without there being some kind of management of them.

[maertendMSFT]

We will discuss adding the encoding ASCII to the docs, or other solutions with creating the file automatically. Closing this as answered.