This error occurs when the SSH daemon fails to start the requested subsystem (like SFTP or SCP) for your connection. Common causes include misconfigured subsystem paths, missing binaries, corrupted user profiles, or authentication issues.
The SSH subsystem error means the server-side SSH daemon received your request to use a specific subsystem (typically SFTP for file transfers or internal-sftp for chroot), but failed to launch it. The SSH service intentionally doesn't reveal the exact failure reason to the client for security purposes, so the generic 'subsystem request failed on channel 0' message appears instead. The 'channel 0' designation refers to the SSH protocol's first communication channel for your session.
First, check your sshd_config file for syntax errors and confirm the Subsystem directive is present and uncommented.
On Windows:
C:\ProgramData\ssh\sshd_configOn Linux/macOS:
/etc/ssh/sshd_configLook for the line:
Subsystem sftp /usr/libexec/openssh/sftp-serveror on Windows:
Subsystem sftp sftp-server.exeTo validate the configuration syntax:
# Linux/macOS
sshd -t
# Windows (PowerShell as admin)
C:\Windows\System32\OpenSSH\sshd.exe -tConfirm the sftp-server binary is present at the path specified in sshd_config.
On Linux/macOS:
ls -la /usr/libexec/openssh/sftp-server
# or try the alternative location
ls -la /usr/lib/openssh/sftp-serverOn Windows (PowerShell as admin):
Test-Path C:\Windows\System32\OpenSSH\sftp-server.exeIf the binary is missing, reinstall or repair OpenSSH on your system.
On Windows, ensure the SSH user account has a valid user profile.
# Check if user profile exists
Test-Path C:\Users\username
# Verify SSH service runs as Local System or correct account
Get-Service sshd | Select-Object StartType, StatusIf the user profile is missing, create it:
# Log in as that user once locally or via RDP to initialize the profileIf you still have issues, try connecting with a different local admin account to isolate whether it's user-specific.
After making any changes to sshd_config, restart the SSH daemon for changes to take effect.
On Windows (PowerShell as admin):
Restart-Service -Name sshd -ForceOn Linux/macOS:
sudo systemctl restart sshd
# or
sudo service ssh restartUse verbose SSH flags to see detailed error messages during the subsystem request.
# SFTP verbose test
sftp -vvv username@hostname
# SCP verbose test
scp -vvv file.txt username@hostname:/tmp/Verbose output often reveals whether the subsystem path is wrong, permissions are denied, or the binary is missing.
Ensure the SSH daemon can execute the subsystem binary.
On Linux/macOS:
# Check file exists and is executable
ls -la /usr/libexec/openssh/sftp-server
# If not executable, fix it
sudo chmod 755 /usr/libexec/openssh/sftp-serverOn Windows:
Temporarily disable Windows Defender or antivirus software and retry. Some security software blocks sftp-server.exe. If that fixes it, add an exclusion for:
C:\Windows\System32\OpenSSH\sftp-server.exeIf you're using chroot with SFTP, the traditional sftp-server path won't work inside the chroot jail. Instead, use internal-sftp:
In sshd_config:
Match User sftpuser
ChrootDirectory /var/sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
EndMatchThen restart sshd. The internal-sftp subsystem doesn't require an external binary.
If the above steps don't resolve the issue, uninstall and reinstall the OpenSSH feature.
On Windows (PowerShell as admin):
# Uninstall
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Reinstall
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Start the service
Start-Service sshd
Set-Service -Name sshd -StartupType AutomaticOn Linux (example for Ubuntu/Debian):
sudo apt remove openssh-server openssh-client
sudo apt install openssh-server openssh-client
sudo systemctl restart sshdOn Linux systems with SELinux enabled, ensure the sftp-server binary has the correct SELinux context. Run ls -Z /usr/libexec/openssh/sftp-server and check that it has the system_u:object_r:ssh_exec_t:s0 context or similar. If not, run sudo restorecon /usr/libexec/openssh/sftp-server to restore the default context.
For Teleport SSH proxy users, this error often means the agent needs restarting or re-registering with the cluster. Check agent logs with journalctl -u teleport for details.
Some managed SSH services (like AWS Systems Manager Session Manager) use proprietary subsystems. The 'subsystem request failed' error there indicates a different root cause and requires checking service-specific documentation.
Duplicate Subsystem entries in sshd_config (e.g., two 'Subsystem sftp' lines) will prevent the SSH daemon from starting entirely. Remove all but one and ensure no trailing whitespace after the line.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
How to fix SSH man-in-the-middle attack warning in SSH
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
How to fix "WARNING: UNPROTECTED PRIVATE KEY FILE!" in SSH
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
Bad owner or permissions on /home/user/.ssh/known_hosts
How to fix "Bad owner or permissions on known_hosts" in SSH
It is required that your private key files are NOT accessible by others.
How to fix "private key files are NOT accessible by others" in SSH