OpenSSH SSH Server won't start on Windows Server 2019 after Windows Updates

Same problem here.

turns out, the security policy on the LOG directory was 'wrong'? i ended up removing the LOG folder, restarted the service and everything started working again. The LOG folder was automatically re-created.

But.. if you enter the logfile (as admin user), and after accepting "you need admin priv. to access this folder", your username end up in the list op users with read permissions. after that, the deamon won't start again. removing the user from the security list of the LOG folder solves this, and the service starts again. :(

Acording to CVE-2024-43615, the KB5044277 also adresses te mentioned OpenSSH vulnerability.

Might be worth to have a look at it.

However, explicit information about the update in connection with OpenSSH is still rare. Maybe more information will follow but I am pretty sure that your problem has something to do with that.

I tested this out, and logs directory permissions seems to be the problem as Wig-B found out. I can add groups with Read&execute, List folder contents and Read permissions to logs directory security and thighs seems to work.

Default permissions are SYSTEM (full control) Administrators (full control)

tl;dr: delete or rename %programData%/ssh (for example: C:\ProgramData\ssh)

When I try net start sshd, I get the error as below

The OpenSSH Server service is starting.
The OpenSSH Server service could not be started.
A system error has occurred.
System error 1067 has occurred.
The process terminated unexpectedly.

I tried many methods, including restarting the service,

checking read and write permissions, and even considered reinstalling.

However, I finally discovered that simply deleting (or renaming) the %programData%/ssh directory and running net start sshd again could solve the problem.

Same issue, but on windows 10. To solve it:

1. rename the C:\ProgramData\ssh\logs folder to logs2.
2. restart service.....

That will create a new logs folder and it will work fine

I encountered this on Server 2022. With help from this StackOverflow answer and Gustavo's comment there, to fix this:

1. Right-click on the C:\ProgramData\ssh\logs folder and select Properties.
2. Click on the Security tab, Advanced button and remove all users except SYSTEM and Administrators. Alternatively, downgrade other users to read-only.

The OpenSSH service should start now.

What happened (how to break it again)

If you're logged in as an administrator and double-click on the "logs" folder, you'll be offered the option to "Click Continue to permanently get access to this folder":

If you click Continue, the user you are logged in as is granted Full Control permissions on the logs folder. Apparently the October 2024 update makes a change that will refuse to start the OpenSSH service if any "extra" users have write permissions to the logs folder. However as @Kivioja Antti's answer reports, downgrading that user to read-only (Read & execute, List folder contents, Read) also fixes the problem.

I just solved this.

1. Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
2. Rename C:\ProgramData\ssh to C:\ProgramData\_ssh
3. Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
4. Start-Service sshd
5. Stop-Service sshd
6. Delete c:\ProgramData\ssh\sshd_config
7. Copy C:\ProgramData\_ssh\sshd_config to c:\ProgramData\ssh\sshd_config
8. Start-Service sshd

Not sure if 1 and 3 are needed.