View Windows OpenSSH Active Settings

I was trying to view Windows OpenSSH Active Settings, while working on the configuration of OpenSSH on Windows.

I found references to using the -T parameter to see what configuration settings were active, but it was giving an error. 

PS C:\windows\system32> C:\windows\System32\OpenSSH\sshd.exe -T
'Match Group' in configuration but 'user' not in connection test specification.

Which did not make any sense, but I did some searching and found a suggestion of using another parameter with it

PS C:\windows\system32> C:\windows\System32\OpenSSH\sshd.exe -T -C user=thowden

Which gave me the result I wanted with all or at least a lot of parameter settings displayed based on either the sshd_config settings or any defaults not already set.

Of interest was that this function of -T not working is also addressed by the same issue that messes with the access control permissions. See Windows OpenSSH Allow Deny Settings for related info.

This setting is there by default with OpenSSH on Windows. It is the cause of this grief. Comment the lines out:

#Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Restart OpenSSH and this command

PS C:\windows\system32> C:\windows\System32\OpenSSH\sshd.exe -T

Will now work as expected without needing to add the -C etc…

An update, only minutes later. It appears that the ‘Match’ setting is the issue, and not specifically the Match Group Administrators. Adding a different Match instruction to sshd_config triggered the same error:

PS C:\windows\system32> C:\windows\System32\OpenSSH\sshd.exe -T
'Match User' in configuration but 'user' not in connection test specification.

The Win32-OpenSSH at GitHub is the source of many questions and some answers with sorting out an installation of OpenSSH on Windows.

https://github.com/PowerShell/Win32-OpenSSH

Note that the version installed for Windows Server 2019 is version 7.7p1 while Windows 10 users will get a later version. Much later at version 8.x. For the server users, you will need to wait for Windows Server 2022 to get an updated version.

Leave a Reply

Your email address will not be published. Required fields are marked *