我打算用 SSH 連到我的 Windows Server 2019，以便使用 GitLab CI/CD 部署我的網站，因此我安裝了 OpenSSH 伺服器，如果使用密碼登錄SSH，一切都正常使用。
但當我嘗試使用公鑰認證時，SSH無法正常連線並且會有錯誤訊息。
我該怎麼解決這個問題？

ssh: connect to host x.x.x.x port 22: Connection refused

如果我從 Powershell 中使用 Start-service sshd 或使用 services.msc 等 GUI 啟動服務，我無法連接，連接會關閉並顯示

debug3: recv - from CB ERROR:10054, io:0000018A0CABA2B0
debug3: send packet: type 1
debug3: send - WSASend() ERROR:10054, io:0000018A0CABA2B0

以下是在連接時使用 -vvv DEBUG輸出的關鍵LOG：

Authenticated to x.x.x.x ([x.x.x.x]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:950 to 65001
debug3: recv - from CB ERROR:10054, io:000001AE1C4C53E0
debug3: send packet: type 1
debug3: send - WSASend() ERROR:10054, io:000001AE1C4C53E0
client_loop: send disconnect: Connection reset
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 950

在伺服器端，事件檢視器也有一些錯誤LOG：

sshd: error: lookup_principal_name: User principal name lookup failed for user '_domain_\\_user_' (explicit: 5, implicit: 5)
sshd: error: get_user_token - unable to generate token on 2nd attempt for user _domain_\\_user_
sshd: error: unable to get security token for user _domain_\\_user_
sshd: fatal: fork of unprivileged child failed

我曾判斷這是由於 sshd 用戶的權限不足引起的，因此我嘗試將 sshd 加為管理員權限，但沒有幫助...

透過

net localgroup administrators

也確認SSHD有加入管理員權限

Alias name     administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
James
...(略)
sshd
The command completed successfully.

但如果我手動執行 C:\Windows\System32\OpenSSH\sshd.exe 啟動服務，一切都很正常...
大家有什麼idea嗎？

PS. 症狀和網路上有一篇2021年的問題一模一樣
https://learn.microsoft.com/en-us/answers/questions/644144/openssh-bug-can39t-ssh-when-running-34sshd34-as-a.html

但至今無人解答~~~

2023/1/13補充
https://github.com/PowerShell/Win32-OpenSSH/issues/1235
按照這篇說的

erinlah-ms commented on Jul 14, 2021
@NoMoreFood I'm hitting this as well on latest windows SSH. User account is Microsoft's Azure AD joined machine, but machine is workgroup (not domain joined / remote).

Is there any way to enable login of this sort of user, or do I need to create a local user to SSH in as instead?

於是我創了一個本地用戶來使用 SSH
可以連
但我有網域的帳號還是不行~~