You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/system-management-components/error-1053-1067-7034-after-update-openssh-doesnt-start.md
+12-22Lines changed: 12 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Error 1053, Error 1067, or Event ID 7034 and OpenSSH Server Service Doesn't Start after You Install a Windows Update
3
3
description: Explains how to resolve an issue that prevents the OpenSSH Server service from starting after you install specific Windows updates.
4
-
ms.date: 11/14/2025
4
+
ms.date: 11/24/2025
5
5
manager: dcscontentpm
6
6
audience: itpro
7
7
ms.topic: troubleshooting
@@ -55,27 +55,9 @@ The exact behavior and messages vary based on your situation. The following scen
55
55
56
56
## Cause
57
57
58
-
This issue occurs when the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders have incorrect permissions. The permissions might be too limited or too open. OpenSSH version 9.5.2.1 requires these folders to have the permissions listed in the following table:
58
+
This issue occurs when the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders have incorrect permissions. The permissions might be too limited or too open. For example, the SYSTEM account or the Administrators group might not have write permissions. On the other hand, regular users might have write or full control permissions.
59
59
60
-
| Security principal | Allowed | Denied |
61
-
| - | - | - |
62
-
| SYSTEM account | Read/Write | All other permissions. |
63
-
| Administrators group | Read/Write | All other permissions. |
64
-
| All other accounts and groups | Read | All other permissions. |
65
-
66
-
## Resolution
67
-
68
-
On devices that this issue affects, use one of the following three methods to set up the correct permissions or work around the issue.
69
-
70
-
### Method 1: Use File Explorer to configure permissions
71
-
72
-
| Allowed permissions for SYSTEM and Administrators security principals | Allowed permissions for all other security principals |
73
-
|-----|-----|
74
-
| :::image type="content" source="media/error-1053-1067-7034-after-update-openssh-doesnt-start/openssh-administrative-permissions.png" alt-text="Screenshot of Windows permissions dialog that shows full control access for SYSTEM and Administrators accounts."::: | :::image type="content" source="media/error-1053-1067-7034-after-update-openssh-doesnt-start/openssh-nonadministrative-permissions.png" alt-text="Screenshot of Windows permissions dialog that shows read and execute permissions for non-administrator accounts."::: |
75
-
76
-
### Method 2: Use Windows PowerShell to configure permissions
77
-
78
-
Open a Windows PowerShell Command Prompt window, and then run the following commands:
60
+
You can use Windows PowerShell to review the permissions in the current access control list (ACL) configuration. Open a PowerShell Command Prompt window, and then run the following commands:
### Method 3: Workaround: Install updates that allow the service to start when the permissions aren't correct
78
+
## Resolution
79
+
80
+
On devices that this issue affects, in File Explorer, open the **Properties** dialog boxes for each of the ssh folders (C:\ProgramData\ssh and C:\ProgramData\ssh\logs). In each dialog box, select **Security** and set the permissions shown in the following table:
81
+
82
+
| Allowed permissions for SYSTEM and Administrators security principals | Allowed permissions for all other security principals |
83
+
|-----|-----|
84
+
| :::image type="content" source="media/error-1053-1067-7034-after-update-openssh-doesnt-start/openssh-administrative-permissions.png" alt-text="Screenshot of Windows permissions dialog that shows full control access for SYSTEM and Administrators accounts."::: | :::image type="content" source="media/error-1053-1067-7034-after-update-openssh-doesnt-start/openssh-nonadministrative-permissions.png" alt-text="Screenshot of Windows permissions dialog that shows read and execute permissions for non-administrator accounts."::: |
85
+
86
+
## Workaround: Install updates that allow the service to start when the permissions aren't correct
97
87
98
88
Install Windows updates that allow the OpenSSH service to start even if the C:\ProgramData\ssh and C:\ProgramData\ssh\logs folders don't have correct permissions. When you use this workaround, Windows logs Event ID 4. The description of Event ID 4 resembles the following excerpt:
0 commit comments