Hi rimono,
Thanks for your post. Based on my research, the Windows OpenSSH server logs to the event log by default. Generally speaking, we can look in the Event Log Viewer under Applications and Services Logs -> OpenSSH. The Admin log shows errors, the Operational log shows Informational messages.
The OpenSSH logging is controlled by your C:\ProgramData\ssh\sshd_config file. The entry SyslogFacility determines the log location.
I got the answer from here: https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities.
The event log may miss some extra lines that would otherwise be show in a log file (e.g. the reason why authorized_keys is ignored). To see them, edit C:\ProgramData\ssh\sshd_config (e.g. with notepad.exe run as an administrator), then set:
SyslogFacility LOCAL0
LogLevel Debug3
Restart the OpenSSH SSH Server service and expect logs to appear in C:\ProgramData\ssh\logs\sshd.log
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.