You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/system-management-components/error-1053-1067-7034-after-update-openssh-doesnt-start.md
+9-11Lines changed: 9 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,25 +43,25 @@ The exact behavior and messages vary based on your situation. The following scen
43
43
44
44
-**Scenario 2**. OpenSSH 9.5 doesn't start. Windows generates a "Verify that you have sufficient privileges to start system services." message. The full text of this message resembles the following excerpt:
45
45
46
-
> Service 'OpenSSH SSH Server' (sshd) failed to start. Verify that you have sufficient privileges to start system services.
46
+
> Service 'OpenSSH SSH Server' (sshd) failed to start. Verify that you have sufficient privileges to start system services.
47
47
48
48
-**Scenario 3**. You try to manually start the OpenSSH 9.5 Server service by using the Services MMC (Microsoft Management Console) snap-in (Services.msc). The service doesn't start. You receive "Error 1067: The process terminated unexpectedly." The full text of this message resembles the following excerpt:
49
49
50
-
> Windows could not start the OpenSSH SSH Server service on Local computer. Error 1067. The process terminated unexpectedly.
50
+
> Windows could not start the OpenSSH SSH Server service on Local computer. Error 1067. The process terminated unexpectedly.
51
51
52
52
-**Scenario 4**. You try to manually start the OpenSSH 9.5 Server service by running `sc query ssh-agent` at the Windows command prompt. The service doesn't start. You receive the following message:
53
53
54
-
> StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion.
54
+
> StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion.
55
55
56
56
## Cause
57
57
58
58
This issue occurs when the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders have incorrect permissions. The permissions might be too limited or too open. OpenSSH version 9.5.2.1 requires these folders to have the permissions listed in the following table:
59
59
60
60
| Security principal | Allowed | Denied |
61
61
| - | - | - |
62
-
| SYSTEM | Read/Write | All other permissions. |
63
-
|Administrator (and other administrative accounts)| Read/Write | All other permissions. |
64
-
| All other accounts | Read | All other permissions. |
62
+
| SYSTEM account | Read/Write | All other permissions. |
63
+
|Administrators group| Read/Write | All other permissions. |
64
+
| All other accounts and groups | Read | All other permissions. |
### Method 3: Workaround: Install updates that allow the service to start when the permissions aren't correct
97
97
98
-
Install Windows updates that allow the OpenSSH service to start even if the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders don't have correct permissions. When you use this workaround, Windows logs Event ID 4. The following table shows an example of this event:
98
+
Install Windows updates that allow the OpenSSH service to start even if the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders don't have correct permissions. When you use this workaround, Windows logs Event ID 4. The description of Event ID 4 resembles the following excerpt:
99
99
100
-
| Event ID 4, in Event Viewer | Event description |
101
-
|----|----|
102
-
| :::image type="content" source="media/error-1053-1067-7034-after-update-openssh-doesnt-start/event-id-4-openssh-permissions-issue.png" alt-text="Screenshot of Windows Event Viewer showing an informational message about folder permissions for the ssh directory." lightbox="media/error-1053-1067-7034-after-update-openssh-doesnt-start/event-id-4-openssh-permissions-issue.png"::: | sshd: For '%programdata\\ssh' folder, write access is granted to the following users: NT AUTHORITY\\Authenticated Users. Consider reviewing users to ensure that only NT AUTHORITY\\SYSTEM, AND THE BUILTIN\\Administrators group and its members have write access. |
100
+
> For '%programdata\\ssh' folder, write access is granted to the following users: NT AUTHORITY\\Authenticated Users. Consider reviewing users to ensure that only NT AUTHORITY\\SYSTEM, AND THE BUILTIN\\Administrators group and its members have write access.
103
101
104
102
> [!NOTE]
105
103
> This message provides information only.
106
-
104
+
>
107
105
> - The list of users in this message might include users that belong to the local Administrators group. These users have valid reasons for having permissions for the C:\ProgramData\ssh folder.
108
106
> - The list of security principals that follows "granted to the following users:" (in the preceding example, "NT AUTHORITY\\Authenticated User) changes based on the actual folder permissions.
0 commit comments