Latest Windows 11 Cumulative Update Breaks SSH Connectivity, Temporary Fix Provided
Brook.X
If you're using Windows 11 version 23H2 and have installed the latest cumulative update, you might have noticed that connections involving OpenSSH and SSH are currently not functioning as expected. Microsoft has acknowledged the existence of this issue.
After preliminary investigations, Microsoft confirmed that the installation of updates KB5044285 and KB5044380, along with subsequent updates, could lead to malfunctions with OpenSSH, preventing SSH connections.
The issue primarily affects Windows 11 versions designed for enterprise, education, and IoT (Internet of Things), though Microsoft is still investigating whether consumer editions, including Home and Professional, are also impacted.
It was also discovered that when SSH connections fail, no errors are logged by the logging service, necessitating manual intervention with the sshd.exe process to restore normal SSH protocol connectivity.
Here is a temporary solution:
1.Open PowerShell with administrator privileges.
2.Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for the SYSTEM and Administrators group, while also permitting authenticated users to read the directory.
3.The commands to update permissions should be executed separately.
$directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl
$directoryPath = "C:\ProgramData\ssh\logs" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $aclΩ
4. After completing the above operations, SSH should be able to restore the connection. Microsoft said that the problem will be completely fixed in the subsequent cumulative updates.
