Unable to use scp or sftp when using PowerShell as the subsystem unless the profile is basically blank

[robertstrom]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest version
• Search the existing issues.

Steps to reproduce

I am working on configuring an enterprise to have Windows OpenSSH installed on all systems that support the feature.

At that time I am also ensuring that PowerShell v7 is installed and that the SSH subsystem is pwsh.

I have that all working. What I have an issue with is if there is a PowerShell profile of any significance neither scp or sftp will work.

I have spent significant time "talking" with AI about this and it says (and I have basically proved it out) that the PowerShell profile needs to be "clean"

"When sftp or scp connects, it starts a session to initialize the subsystem. If your PowerShell profile contains commands that produce visual output (like a custom prompt, a "Welcome" banner, or a tool update check), that text is sent over the data stream. The SFTP client expects a specific binary protocol header; when it receives "Welcome to PowerShell" instead, it chokes and terminates the connection."

Subsystem       powershell      C:\PROGRA~1\POWERS~1\7\pwsh.exe -SSHS -NoProfile -NoLogo
Subsystem	sftp	C:\Windows\System32\OpenSSH\sftp-server.exe

So I either have to:

• Use CMD.EXE as the shell ... that IS NOT going to happen
• Use a totally neutered, or ZERO PowerShell profile - That is not going to happen either. I want all users to have a prompt that has the time, the domain, the user, the computer name, and the directory that they are in
• Or, jump through hoops to get scp and sftp to work and have a real profile

Expected behavior

scp and sftp work when the shell is PowerShell and you have an actual profile

Preference #1 - fix it and make it just work ... always ... like *nix
Preference #2 - document that it doesn't work, why it doesn't work, and example(s) on how to fix it

Actual behavior

connection closed

Error details

Environment data

This is from the most recent machine that I was doing this on but I have happened on Server 2019 and Server 2022 also


Name                           Value
----                           -----
PSVersion                      7.5.4
PSEdition                      Core
GitCommitId                    7.5.4
OS                             Microsoft Windows 10.0.26200
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Version

OpenSSH_for_Windows_9.5p2, LibreSSL 3.8.2

Visuals

No response

[jborean93]

I'm honestly surprised that calling a subsystem would invoke the shell at all as the config has the full executable and args that can be invoked directly but low and behold

Would be nice to avoid it altogether so things like this wouldn't happen and we don't have the overhead of starting yet another executable to just invoke a single exe specified by the subsystem.