Unable to SSH into Windows Domain server using Domain User

Question

On our Windows Server 2019 is Open SSH Installed
Versions used/tested:

• OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
• OpenSSH_for_Windows_8.1p1, LibreSSL 2.9.2

Logon to the Server with a local account (the account exists on the server) works well:
ssh user@host

Logon to the Server with a domain account (the account exists on the domain) is not possible:
ssh domain\\user@host
or
ssh user@domain@host

Message on the client is:
Connection reset by 10.70.108.76 port 22

Anybody an idea how to fix or at least debug this issue ???

I read guides about installing OpenSSH-Server :
e.g. Install OpenSSH | Microsoft Docs

On the Server I noticed these Logs
Server -> Event-Viewer -> Windows Logs -> Security :
Audit Failure
Failure Reason: Unknown user name or bad password

Server -> Event-Viewer -> Applications and Services logs > OpenSSH > Admin

sshd: fatal: ga_init, unable to resolve user domain\\user
sshd: error: get_user_token - unable to generate token on 2nd attempt for user domain\\user

Verbose output -vvv prints this message before disconnecting :

debug3: recv - from CB ERROR:10054, io:0000026B5723BCD0
Connection reset by 192.168.0.1 port 22

Answer 1

The problem was caused by missing AD (Active Directory) Groups / AD Privileges

After granting the Computer to read all properties of the user which wants to connect via SSH :
Open ActiveDirectory > User > Properties > Add > (OpenSSH)Server > Read (is already checked after adding)

it works!

Also there is another thread describing something very similar : Domain user authentication fails with Connection Reset by Peer

Answer 2

Try:

ssh -l [email protected] hostname

Answer 3

I believe you have to enter the username like this:

ssh user:domain@host

Bare in mind: case sensitive!