Connection to Windows port 22 refused / closed after updating openSSH 9.5.0.0p1 to 9.8.1.0p1

[xhstengg]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest version
• Search the existing issues.

Steps to reproduce

Im using OpenSSH on Windows server 2022 to receive files via SFTP from remote servers. On the remote servers, I configured the IP address of the Windows server, username and password, and folder path in Windows that will receive the files. WIndows firewall has a rule to allow all incoming traffic on port 22. Windows server has joined domain.

It used to work fine, but after updating the openSSH version from 9.5 to 9.8, it stopped working. The remote servers give the error "peer reset the connection". Using WinSCP to access the Windows server also gives the error "connection abort". These are the logs produced in %programdata%\ssh\logs\sshd-session:

debug1: network sockets: 4, 4
debug3: server_process_channel_timeouts: setting 0 timeouts
debug3: channel_clear_timeouts: clearing
Connection from port 8162 on port 22
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.8 Win32-OpenSSH-Github
debug1: Remote protocol version 2.0, remote software version Ruby/Net::SSH_7.0.1 x86_64-freebsd13.3
debug1: compt_banner: no match: Ruby/Net::SSH_7.0.1 x86_64-freebsd13.3
debug2: fd 4 setting O_NONBLOCK
debug3: spawning "c:\users\administrator\desktop\openssh-win64-9.8/sshd-session.exe" -y as u
debug2: Network child is on pid 6056
debug3: send_config_state: entering fd = 6 config len 2211
debug3: ssh_msg_send: type 0 len 4474
debug3: write-ERROR from cb:109, io:00000176C04F7AA0
error: ssh_msg_send: write: Destination address required
error: send_config_state: ssh_msg_send failed
debug3: send_config_state: done
debug3: ssh_msg_send: type 0 len 110
debug3: write ERROR from cb(2):232, io:00000176C04F7AA0
error: ssh_msg_send: write: Unknown error
fatal: send_idexch_state: ssh_msg_send failed
debug1: do_cleanup
debug1: killing privsep child 6056

Expected behavior

Adding Windows server as SFTP server succeeds. Files sent from remote server will appear in folder on Windows Server.

Actual behavior

"Peer reset connection" on remote server. "Connection abort" on WinSCP. Files not sent to folder in Windows.

Error details

Did not retrieve this from the site

Environment data

- Did not retrive this from the site

Version

OpenSSH_for_Windows_9.8p1 Win32-OpenSSH-GitHub, LibreSSL 3.9.2

Visuals

No response

[tgauth]

I think this may be related to #2297

As mentioned in #2297 (comment), does using only ECDSA and ED25519 host keys change the behavior at all?
The relevant lines would look like this in sshd_config:
#HostKey PROGRAMDATA/ssh/ssh_host_rsa_key
#HostKey PROGRAMDATA/ssh/ssh_host_dsa_key
HostKey PROGRAMDATA/ssh/ssh_host_ecdsa_key
HostKey PROGRAMDATA/ssh/ssh_host_ed25519_key

[xhstengg]

Hey, thanks for your response.

Changing the ssh_config lines as suggested above did not work. I have reverted the lines back to the original.
Here are the changes that happened before the sftp stopped working:

1. Updated openSSH from 9.5 to 9.8
2. Hardened the Windows Server 2022 according to CIS benchmark
3. Joined a domain
4. Typed "ssh -vvv x.x.x.x" in command prompt, obtained this output:

C:\Users\Administrator>ssh -vvv x.x.x.x
OpenSSH_for_Windows_9.8p1 Win32-OpenSSH-GitHub, LibreSSL 3.9.2
debug3: Failed to open file:C:/Users/Administrator/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname x.x.x.x is address
debug3: expanded UserKnownHostsFile '/.ssh/known_hosts' -> 'C:\Users\Administrator/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '/.ssh/known_hosts2' -> 'C:\Users\Administrator/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_rsa error:2
debug1: identity file C:\Users\Administrator/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ecdsa error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa_sk type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ecdsa_sk-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa_sk-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ed25519 error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519_sk type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_ed25519_sk-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519_sk-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_xmss error:2
debug1: identity file C:\Users\Administrator/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert.pub error:2
debug3: failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert error:2
debug1: identity file C:\Users\Administrator/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.8 Win32-OpenSSH-GitHub
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.8 Win32-OpenSSH-GitHub
debug1: compat_banner: match: OpenSSH_for_Windows_9.8 Win32-OpenSSH-GitHub pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to x.x.x.x:22 as 'psa-admin'
debug3: Failed to open file:C:/Users/Administrator/.ssh/known_hosts2 error:2
debug1: load_hostkeys: fopen C:\Users\Administrator/.ssh/known_hosts2: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: recv - from CB ERROR:10054, io:000001EDF91F8D40
Connection reset by x.x.x.x port 22