install-sshlsa.ps1 does not work on Windows 2008 R2 Update 1 (64 bit)

[dodyg]

I am using release 4_5_2016

Method invocation failed because [Microsoft.Win32.RegistryKey] doesn't contain a method name 'OpenBaseKey'

[dodyg]

I think this is a related issue #142

[DarwinJS]

Looks like the install is only tested on Server 2012 R2 since the install wiki pages also uses New-NetFirewallRule - which is not available on Server 2008. This netsh command works on both: netsh advfirewall firewall add rule name='SSHD Port win32-openssh' dir=in action=allow protocol=TCP localport=22

I was going to suggest that you use the chocolatey package, however, Chocolatey will install .NET 4.0 as a pre-requisite, which also seems to be the version of .NET that contains OpenBaseKey: https://msdn.microsoft.com/en-us/library/microsoft.win32.registrykey.openbasekey(v=vs.110).aspx

[g1im2]

mark this problem, it was happened to me, and i use python to change the reg and it would be work well.
add "REG_MULTI_SZ" type values with "regedit" and add values with "ssh-lsa" to key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
"Authentication Packages"

[manojampalam]

WORKAROUNDS

Open regedit.exe
Navigate to HKLM\System\CurrentControlSet\Control\Lsa
Double click Authentication Packages
Add ssh-lsa (at the end of other listed packages)

==================
This earlier workaround worked for many but caused issues to some (don't really know why, I was not able to reproduce). Use with caution.
To install

• reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa -f

To uninstall

• reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0 -f

[fjaenal]

After doing what @manojampalam said about adding the reg and opening the port on the firewall (it was opened but did it again in case) I still get (server log):
1652 08:29:09 070 debug1: -> LsaLogon()...
1652 08:29:09 070 debug1: Checking args...
1652 08:29:09 070 debug1: Setting up LSA Strings...
1652 08:29:09 071 debug1: LsaRegisterLogonProcess()...
1652 08:29:09 071 debug1: Retrieving Authentification Package ID...
1652 08:29:09 071 debug1: SSH-LSA package not found. (err = 0, ntStat = c00000fe).
1652 08:29:09 071 debug1: <- LsaLogon()...

The dll has been copied to %windir%\System32 (I am using Windows Server 2008 r2)

[madhavanks26]

@manojampalam i have changed the steps which u have mentioned and now the pc display is not coming ,could please help me with that
process i did
step 1: opened regedit
step 2: traversed HKLM>system>current controlset >control>lsa
step 3: clicked Authentication packages
step 4: in that value data is ==> msv1_0
step 5: i have changed to /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f
Result :
PC is booting and display is not coming
reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f

[Jaybernater]

Hi,

I've found the same issue when installing on w2k3 32 bit also. Is the registry add safe to use?

[DarwinJS]

Keep in mind the all the commands given in the wiki and the scripts assume you only have the default msv1_0 in the key currently. The code in the chocolatey package preserves all values that might be in the key, both during install and uninstall.

[Jonpro03]

reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa -f

works for me (note .dll is missing).

[scherma]

If after applying the registry update you still experience the issue, try updating .NET and WMI, that fixed this error for me.

Immediately after fixing that, I found that I could not run the install-sshlsa.ps1 script because 'ssh-lsa.dll is in use by another process'. This was because adding the reg key and restarting appears to cause lsass.exe to use the DLL (confirmed with "tasklist /m ssh-lsa.dll"). To solve, remove the extra line from the reg key, reboot, THEN run install-sshlsa.ps1.

[RodTrevisan]

Does anyone have a solution to this problem?

[DarwinJS]

@RodTrevisan - can you try the latest chocolatey package? You can also run the install script of the chocolatey package without using chocolatey, see "complete offline install" here: https://github.com/DarwinJS/ChocoPackages/blob/master/openssh/readme.md

[SamuelOrlando]

@scherma I have recently run into the same issue installing on Server 2016, but I did not have to doing any registry edits to get there. However, looking at the registry, I do see that the Authentication Packages key with a value of msv1_0 ssh-lsa has been added after installation of the recent version of OpenSSH (v0.0.10.0 - March 14, 2017). So to complete the key-authorization package installation and get around the ssh-lsa.dll in use error, I can remove the entry, reboot, run the install-sshlsa.ps1 process, then re-add the registry entry for the Authentication Packages?

The SFTP is in use with domain accounts (username/password), but we are adding clients that require key authentication so I need to get it activated and working.

[DarwinJS]

The original problem was the script was using an API not available on Server 2008 R2.
@SamuelOrlando - the problem you are running into is that install-sshlsa.ps1 is not instrumented for an upgrade, which in this situation must queue up the file to be replaced on reboot.

The Chocolatey Package handles both of these situations.

The install script inside the Chocolatey Package can be run WITHOUT Chocolatey.

see here: https://github.com/DarwinJS/ChocoPackages/blob/master/openssh/readme.md#complete-offline-install-wout-chocolatey-nor-wow64-nor-powershell-5

The chocolatey package is at: https://chocolatey.org/packages/openssh

[SamuelOrlando]

@DarwinJS The package does not install due to the following error: ERROR: Method invocation failed because [System.Boolean] does not contain a method named 'split'. The install of openssh was NOT successful. Error while running 'C:\ProgramData\chocolatey\lib\openssh\tools\chocolateyinstall.ps1'.

[DarwinJS]

@SamuelOrlando - I just had a clean test on Server 2016 Core - but I am concerned about your error as it might affect others as well.

From a failing instance, could you please

1. Rerun the command
2. post the below listed files to https://gist.github.com/ (do not post full file contents here please) and
3. update this thread with a link to the files.

Files:
c:\programdata\chocolatey\logs\choco.summary.log
c:\programdata\chocolatey\logs\chocolatey.log

Thanks,
D.

[SamuelOrlando]

@DarwinJS Looks like we are going another route for SSH+FTP solutions. I will not be able to follow up.

[DarwinJS]

@SamuelOrlando - I know you mentioned you've moved on to other SSH - but wanted you to know your reported error with the chocolatey package was related to DarwinJS/ChocoPackages#23.

This bug is squashed in version 0.0.10.20170329 - which is in automated moderation.

[DarwinJS]

This issue and #142 (closed with reference back here) both seem to be tracking two independent issues.

The first one "[Microsoft.Win32.RegestryKey] doesn't contain a method named 'OpenBaseKey'" appears to be a problem with the original install-sshlsa.ps1 calling a registry api not available on a DEFAULT Server 2008 build (no .NET upgrades) ?

The second one is "Copy-Item : The process cannot access the file 'C:\Windows\system32\ssh-lsa.dll' because it is being used by another process." - which is when install-sshlsa.ps1 is attempted to be used when upgrading ssh-lsa.dll which cannot work because the dll is loaded in memory.

The manual work around would be to:

1. deconfigure the registry key (run uninstall-sshlsa.ps1 if not on server 2008),
2. reboot (to release ssh-lsa.dll from memory)
3. delete $env:windir\system32\ssh-lsa.dll
4. run install-sshlsa.ps1 (FYI does not contain "-force" on copy command to handle upgrade)
5. reboot (to load ssh-lsa.dll in memory)

The chocolatey package should handle both of these problems.

I think the first problem could be fixed in install-sshlsa.ps1 with this code (which appears to work on server 2008): https://github.com/DarwinJS/ChocoPackages/blob/master/openssh/tools/chocolateyinstall.ps1#L402-L414

[manojampalam]

ssh-lsa.dll has been deprecated, issues listed above are no longer applicable