2

I've been using the internal-sftp subsystem approach since 2021 without problem to allow SFTP but disallow SSH.

My ssh_config file code is:

ForceCommand internal-sftp
Subsystem  sftp   sftp-server.exe -d \%
ChrootDirectory \%

PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
AllowUsers sftpuser

As others, over the weekend following October 2024 Windows updates, I can't connect to the server via SSH.

On the server, the OpenSSH SSH server won't start and I get a 1067 error.

As recommended, when I delete the \ssh folder, the service can now be restarted successfully but the new ssh folder automatically created has the default ssh_config file code:

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

When I replace this code with the internal-sftp code above I again get a 1067 error.

Wondering what makes this code incompatible with the new updates.

ell3zamb
  • 23

1 Answers1

1

I had the same issue with a similar setup. I ran sshd -D -ddd and saw an error that was encountered on Subsystem line in the config file. I had a full path to a folder and it was in quotes. It did not like the quotes for some reason and started right up.

To make sure you have all the info of things I tried beforehand:

Hopefully this helps you or at least gives you more info to put you in the right direction!

theRealChad
  • 26