Microsoft testing fix for Windows 11 bug breaking SSH connections

Microsoft is now testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems.

On Tuesday, Microsoft started rolling Windows 11 Build 26100.3321 (KB5052093) Insiders in the Release Preview Channel on Windows 11 24H2 (Build 26100) with a fix for this bug.

When it first acknowledged the issue in November, the company explained it affects a "limited number" of devices running Windows 11 enterprise, IOT, and education editions. However, Redmond is also investigating whether consumer customers using Windows 11 Home or Pro editions are affected.

"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections," the company said in support documents issued for October's Patch Tuesday KB5044285 cumulative and KB5044380 preview updates.

"The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process."

Until a fix is generally available, Redmond says affected users can temporarily fix these SSH connection issues by updating access control list (ACL) permissions on affected directories using the following steps:

1. Open PowerShell as an Administrator.

2. Update the permissions for the "C:\ProgramData\ssh and C:\ProgramData\ssh\logs" folder (and repeat these steps for "C:\ProgramData\ssh\logs") to allow full control for SYSTEM and the Administrators group while allowing read access for Authenticated Users. If needed, you can restrict read access to specific users or groups by modifying the permissions string.

3. Use the following Powershell script to update the permissions:

   $directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl

4. Repeat the above steps for C:\ProgramData\ssh\logs.

Over the last week, Microsoft also started rolling out a BIOS update provided by ASUS that resolves blue screen of death (BSOD) issues acknowledged in October, and it fixed a known issue causing "boot device inaccessible" errors on some Windows Server 2025 systems using iSCSI.

In related news, the OpenSSH project has released security updates for two vulnerabilities: a man-in-the-middle (MitM) flaw (CVE-2025-26465) and a denial-of-service bug (CVE-2025-26466).

The former was introduced more than ten years ago, and it's impacting OpenSSH clients when the 'VerifyHostKeyDNS' option is enabled. Successful exploitation allows attackers to hijack SSH sessions to steal credentials, inject commands, and exfiltrate data.