Pasquale 'sid' Fiorillo

How to workaround a 2017’s Win32-OpenSSH bug by using a 1980’s unix util 😉

If you run ssh in a non-real TTY (like a popen() from mod_php, or cron) against a windows host running Win32-OpenSSH, you may receive a “read failed”.

To easily reproduce the problem you can run ssh through “nohup”:

nohup ssh -vvv user@windows-host whoami

Here’s the log:

[...]
debug1: Sending command: whoami
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: read<=0 rfd 4 len 0 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 3888, received 2748 bytes, in 0.1 seconds
Bytes per second: sent 75340.2, received 53249.7
debug1: Exit status 0

A workaround which can be used to solve this issue is the running of the ssh through “script”, a 1980’s utility to log an interactive session to a file:

script makes a typescript of everything displayed on your terminal.
It is useful for students who need a hardcopy record of an
interactive session as proof of an assignment, as the typescript file
can be printed out later with lpr(1).

So, for example:

script -q -c "ssh user@windows-host whoami"

There is an open issue on GitHub.

After you have configured “sshd_config” in Win32-OpenSSH to enable key authentication feature and have copied your public key to “%systemdrive%\users\user\.ssh\authorized_keys” as written on their Wiki, the publickey authentication still does not work.

The missing step, not well documented, consists in copying “ssh_lsa.dll” to “%WINDIR%/System32” directory, and adding “ssh-lsa” string to the “HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages” registry key.

Hey man, you’re on windows, don’t forget to reboot! 😉