Share via

Unable to log into SSH server using Microsoft account

Bhuvan 0 Reputation points
2023-07-18T11:59:00.56+00:00

Setup

I have created 2 users on my Windows 11, namely naras and bhuva. naras is associated with a Microsoft account. Whereas, bhuva is a local account.

I have installed SSHD on Windows 11 and configured the SSHD as listed below following this blog:

Enabled Firewall rule to accept SSH connection Added the following lines to sshd_config

PasswordAuthentication yes
SyslogFacility LOCAL0
LogLevel Debug3

Issue

When I tried to establish a ssh connection either from my Windows system or from a remote Linux system using the Microsoft account naras, I am getting an error "windows authentication failed. error 1326" in sshd_config log and "Permission Denied" in the CLI.

C:\Windows\System32>whoami
computer1\naras

C:\ProgramData\ssh>ssh localhost
naras@localhost's password:
Permission denied, please try again.

C:\Windows\System32>ssh naras@computer1
naras@computer1's password:
Permission denied, please try again.

Problem Isolation

The issue is not seen with the local account.

ssh bhuva@localhost
ssh bhuva@computer1

The sshd.log file is uploaded here.

How can I resolve this issue?

Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
662 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,971 Reputation points
    2023-07-19T12:25:54.01+00:00

    Hello Bhuvan,

    Thank you for your question and for reaching out with your question today.

    The error "windows authentication failed. error 1326" and "Permission denied" suggest that there might be an issue with the authentication mechanism when trying to connect to SSH on Windows using the Microsoft account (naras). By default, Windows SSH server (sshd) uses the user's Windows credentials for authentication. Let's try a few troubleshooting steps to resolve this issue:

    1. Check Password Authentication: In your sshd_config file, you have set PasswordAuthentication yes, which should allow password-based authentication. However, let's ensure that there are no typos or other issues in the configuration file.
    2. Verify Password for Microsoft Account (naras): Confirm that you are entering the correct password for the Microsoft account (naras) when attempting to connect via SSH. Sometimes, typos or password mistakes can lead to authentication failures.
    3. Restart the SSH Server: After making changes to the sshd_config file, restart the SSH server to apply the changes. Open PowerShell as an administrator and run: 
      
   net stop sshd

   net start sshd
    4. Use Windows Credentials for Authentication: By default, Windows SSH server uses Windows credentials for authentication. Try connecting using the Windows account format DOMAIN\username instead of naras@computer1: 
      
   ssh DOMAIN\naras@computer1
    5. Check Windows Security Policies: Make sure that Windows Security Policies are not interfering with SSH authentication. Open the Local Security Policy application (secpol.msc) and navigate to "Local Policies" > "User Rights Assignment." Ensure that the user group containing naras (e.g., "Administrators") has the "Allow log on through Remote Desktop Services" and "Access this computer from the network" rights.
    6. Verify User Directory and Permissions: Ensure that the user directory for naras exists and has the necessary permissions for SSH access. The user directory should be located at C:\Users\naras.
    7. Check Event Viewer Logs: Open Event Viewer (eventvwr.msc) and check the "Windows Logs" > "Security" and "Application" logs for any related SSH authentication errors or issues.
    8. Windows User Password Expiration: If the password for the naras Microsoft account has expired or requires a change, that could be causing the authentication failure. Try changing the password and attempt the SSH connection again.

    If the issue persists, you might consider using SSH key-based authentication instead of password-based authentication. SSH key-based authentication is more secure and may help avoid issues with password authentication. To set up SSH key-based authentication, you can generate an SSH key pair on the client machine and add the public key to the ~/.ssh/authorized_keys file on the Windows SSH server.

    Remember to keep your SSH server and system updated with the latest patches and security updates.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

  2. Bhuvan 0 Reputation points
    2023-07-27T08:20:05.37+00:00

    Each Microsoft account has 2 passwords; an online password and a Windows pin (more details in password_vs_pin). We need to use the online password.

    If we use a Windows pin, it fails with an error "Permission denied, please try again" in the CLI and an error "windows authentication failed. error 1326" in the sshd logs.

    0 comments