diff --git a/contrib/win32/openssh/Win32-OpenSSH.sln b/contrib/win32/openssh/Win32-OpenSSH.sln
index 40732fe3b..14946f9d9 100644
--- a/contrib/win32/openssh/Win32-OpenSSH.sln
+++ b/contrib/win32/openssh/Win32-OpenSSH.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27027.1
+# Visual Studio Version 17
+VisualStudioVersion = 17.10.35027.167
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh", "ssh.vcxproj", "{74E69D5E-A1EF-46EA-9173-19A412774104}"
 	ProjectSection(ProjectDependencies) = postProject
@@ -180,6 +180,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-pkcs11-helper", "ssh-pk
 		{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
 	EndProjectSection
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sshd-session", "sshd-session.vcxproj", "{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|ARM = Debug|ARM
@@ -576,6 +578,22 @@ Global
 		{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x64.Build.0 = Release|x64
 		{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x86.ActiveCfg = Release|Win32
 		{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x86.Build.0 = Release|Win32
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM.ActiveCfg = Debug|ARM
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM.Build.0 = Debug|ARM
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM64.Build.0 = Debug|ARM64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x64.ActiveCfg = Debug|x64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x64.Build.0 = Debug|x64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x86.ActiveCfg = Debug|Win32
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x86.Build.0 = Debug|Win32
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM.ActiveCfg = Release|ARM
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM.Build.0 = Release|ARM
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM64.ActiveCfg = Release|ARM64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM64.Build.0 = Release|ARM64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x64.ActiveCfg = Release|x64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x64.Build.0 = Release|x64
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x86.ActiveCfg = Release|Win32
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -605,6 +623,7 @@ Global
 		{7D0A75FC-F366-4B60-B72F-B37C3EA07CCA} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
 		{7D0A75FC-F366-4B60-B72F-B37C3EA07CCB} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
 		{21D772C3-0EB0-47B7-A93C-FF624675A58D} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
+		{86D5F580-EFB0-4BEA-96B7-7181F9BC6171} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {0AC224E8-C215-4270-954A-A2ACEE06DE58}
diff --git a/contrib/win32/openssh/sshd-session.vcxproj b/contrib/win32/openssh/sshd-session.vcxproj
new file mode 100644
index 000000000..978040212
--- /dev/null
+++ b/contrib/win32/openssh/sshd-session.vcxproj
@@ -0,0 +1,483 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="paths.targets" />
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>keygen</RootNamespace>
+    <WindowsTargetPlatformVersion>$(WindowsSDKVersion)</WindowsTargetPlatformVersion>
+    <ProjectName>sshd-session</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>Spectre</SpectreMitigation>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
+    <IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level1</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>false</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level1</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>false</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level1</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>false</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm64-Path);$(ZLib-arm64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level1</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>false</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm-Path);$(ZLib-arm-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm64-Path);$(ZLib-arm64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm-Path);$(ZLib-arm-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
+      <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
+      <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)audit.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-options.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)loginrec.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)platform.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-null.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-rlimit.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)servconf.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)serverloop.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)session.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshd-session.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c" />
+    <ClCompile Include="..\..\..\auth2-pubkeyfile.c" />
+    <ClCompile Include="..\..\..\misc.c" />
+    <ClCompile Include="..\..\..\srclimit.c" />
+    <ClCompile Include="..\..\..\ssh-sk-client.c" />
+    <ClCompile Include="..\..\..\sshkey.c" />
+    <ClCompile Include="..\win32compat\win32-utf8.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="version.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/contrib/win32/openssh/sshd.vcxproj b/contrib/win32/openssh/sshd.vcxproj
index 36e751252..653eec523 100644
--- a/contrib/win32/openssh/sshd.vcxproj
+++ b/contrib/win32/openssh/sshd.vcxproj
@@ -428,28 +428,9 @@
     <ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)audit.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-options.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)loginrec.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)platform.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c" />
@@ -458,16 +439,12 @@
     <ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)servconf.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)serverloop.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)session.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sshd.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c" />
-    <ClCompile Include="..\..\..\auth2-pubkeyfile.c" />
     <ClCompile Include="..\..\..\misc.c" />
     <ClCompile Include="..\..\..\srclimit.c" />
     <ClCompile Include="..\..\..\ssh-sk-client.c" />
diff --git a/sshd-session.c b/sshd-session.c
index 6f1bc43ec..608600b17 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -70,6 +70,10 @@
 #include <prot.h>
 #endif
 
+#ifdef WINDOWS
+#include "sshTelemetry.h"
+#endif
+
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
@@ -116,6 +120,14 @@
 #define REEXEC_CONFIG_PASS_FD		(STDERR_FILENO + 3)
 #define REEXEC_MIN_FREE_FD		(STDERR_FILENO + 4)
 
+/* Privilege separation related spawn fds */
+#ifdef WINDOWS
+#define PRIVSEP_MONITOR_FD		(STDERR_FILENO + 1)
+#define PRIVSEP_LOG_FD			(STDERR_FILENO + 2)
+#define PRIVSEP_UNAUTH_MIN_FREE_FD	(PRIVSEP_LOG_FD + 1)
+#define PRIVSEP_AUTH_MIN_FREE_FD	(PRIVSEP_LOG_FD + 1)
+#endif /* WINDOWS */
+
 extern char *__progname;
 
 /* Server configuration options. */
@@ -138,9 +150,9 @@ static int inetd_flag = 0;
 /* debug goes to stderr unless inetd_flag is set */
 #ifdef WINDOWS
 int log_stderr = 0;
-#else
+#else /* WINDOWS */
 static int log_stderr = 0;
-#endif
+#endif /* WINDOWS */
 /* Saved arguments to main(). */
 static char **saved_argv;
 static int saved_argc;
@@ -149,6 +161,13 @@ static int saved_argc;
 int auth_sock = -1;
 static int have_agent = 0;
 
+#ifdef WINDOWS
+int privsep_unauth_child = 0;
+int privsep_auth_child = 0;
+int io_sock_in = 0;
+int io_sock_out = 0;
+#endif /* WINDOWS */
+
 /*
  * Any really sensitive data in the application is contained in this
  * structure. The idea is that this structure could be locked into memory so
@@ -199,6 +218,116 @@ void demote_sensitive_data(void);
 static void do_ssh2_kex(struct ssh *);
 
 #ifdef WINDOWS
+/* copied from sshd.c */
+static struct sshbuf*
+pack_hostkeys(void)
+{
+	struct sshbuf* keybuf = NULL, * hostkeys = NULL;
+	int r;
+	u_int i;
+
+	if ((keybuf = sshbuf_new()) == NULL ||
+		(hostkeys = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+
+	/* pack hostkeys into a string. Empty key slots get empty strings */
+	for (i = 0; i < options.num_host_key_files; i++) {
+		/* private key */
+		sshbuf_reset(keybuf);
+		if (sensitive_data.host_keys[i] != NULL &&
+			(r = sshkey_private_serialize(sensitive_data.host_keys[i],
+				keybuf)) != 0)
+			fatal_fr(r, "serialize hostkey private");
+		if ((r = sshbuf_put_stringb(hostkeys, keybuf)) != 0)
+			fatal_fr(r, "compose hostkey private");
+		/* public key */
+		if (sensitive_data.host_pubkeys[i] != NULL) {
+			if ((r = sshkey_puts(sensitive_data.host_pubkeys[i],
+				hostkeys)) != 0)
+				fatal_fr(r, "compose hostkey public");
+		}
+		else {
+			if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)
+				fatal_fr(r, "compose hostkey empty public");
+		}
+		/* cert */
+		if (sensitive_data.host_certificates[i] != NULL) {
+			if ((r = sshkey_puts(
+				sensitive_data.host_certificates[i],
+				hostkeys)) != 0)
+				fatal_fr(r, "compose host cert");
+		}
+		else {
+			if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)
+				fatal_fr(r, "compose host cert empty");
+		}
+	}
+
+	sshbuf_free(keybuf);
+	return hostkeys;
+}
+
+static void
+send_config_state(int fd, struct sshbuf* conf)
+{
+	/* copied from send_rexec_state in sshd.c */
+	struct sshbuf* m = NULL, * inc = NULL, * hostkeys = NULL;
+	struct include_item* item = NULL;
+	int r, sz;
+
+	debug3_f("entering fd = %d config len %zu", fd,
+		sshbuf_len(conf));
+
+	if ((m = sshbuf_new()) == NULL ||
+		(inc = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+
+	/* pack includes into a string */
+	TAILQ_FOREACH(item, &includes, entry) {
+		if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
+			(r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
+			(r = sshbuf_put_stringb(inc, item->contents)) != 0)
+			fatal_fr(r, "compose includes");
+	}
+
+	hostkeys = pack_hostkeys();
+
+	/*
+	 * Protocol from reexec master to child:
+	 *	string	configuration
+	 *	uint64	timing_secret
+	 *	string	host_keys[] {
+	 *		string private_key
+	 *		string public_key
+	 *		string certificate
+	 *	}
+	 *	string	included_files[] {
+	 *		string	selector
+	 *		string	filename
+	 *		string	contents
+	 *	}
+	 */
+	if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
+		(r = sshbuf_put_u64(m, options.timing_secret)) != 0 ||
+		(r = sshbuf_put_stringb(m, hostkeys)) != 0 ||
+		(r = sshbuf_put_stringb(m, inc)) != 0)
+		fatal_fr(r, "compose config");
+
+	/* We need to fit the entire message inside the socket send buffer */
+	sz = ROUNDUP(sshbuf_len(m) + 5, 16 * 1024);
+	if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &sz, sizeof sz) == -1)
+		fatal_f("setsockopt SO_SNDBUF: %s", strerror(errno));
+
+	if (ssh_msg_send(fd, 0, m) == -1)
+		error_f("ssh_msg_send failed");
+
+	sshbuf_free(m);
+	sshbuf_free(inc);
+	sshbuf_free(hostkeys);
+
+	debug3_f("done");
+}
+
 static void
 send_idexch_state(struct ssh *ssh, int fd)
 {
@@ -342,28 +471,29 @@ send_hostkeys_state(int fd)
 static char**
 privsep_child_cmdline(int authenticated)
 {
-	char** argv = rexec_argv ? rexec_argv : saved_argv;
+	//char** argv = rexec_argv ? rexec_argv : saved_argv;
+	char** argv = saved_argv;
 	int argc = 0;
 
-	if (rexec_argv)
-		argc = rexec_argc;
-	else {
-		if (rexeced_flag)
-			argc = saved_argc - 1; // override '-R'
-		else {
-			char **tmp = xcalloc(saved_argc + 1 + 1, sizeof(*saved_argv)); // 1 - extra argument "-y/-z", 1 - NULL
-			int i = 0;
-			for (i = 0; (int)i < saved_argc; i++) {
-				tmp[i] = xstrdup(saved_argv[i]);
-				free(saved_argv[i]);
-			}
-
-			free(saved_argv);
-			argv = saved_argv = tmp;
-			argc = saved_argc;
-		}
+	// if (rexec_argv)
+	// 	argc = rexec_argc;
+	//else {
+	//if (rexeced_flag)
+	//	argc = saved_argc - 1; // override '-R'
+	//else {
+	char **tmp = xcalloc(saved_argc + 1 + 1, sizeof(*saved_argv)); // 1 - extra argument "-y/-z", 1 - NULL
+	int i = 0;
+	for (i = 0; (int)i < saved_argc; i++) {
+		tmp[i] = xstrdup(saved_argv[i]);
+		free(saved_argv[i]);
 	}
 
+	free(saved_argv);
+	argv = saved_argv = tmp;
+	argc = saved_argc;
+	//}
+	//}
+
 	if (authenticated)
 		argv[argc] = "-z";
 	else
@@ -1212,8 +1342,13 @@ main(int ac, char **av)
 	initialize_server_options(&options);
 
 	/* Parse command-line arguments. */
+#ifdef WINDOWS
+	while ((opt = getopt(ac, av,
+		"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtVyz")) != -1) {
+#else /* WINDOWS */
 	while ((opt = getopt(ac, av,
 	    "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
+#endif /* WINDOWS */
 		switch (opt) {
 		case '4':
 			options.address_family = AF_INET;
@@ -1316,6 +1451,18 @@ main(int ac, char **av)
 			fprintf(stderr, "%s, %s\n",
 			    SSH_RELEASE, SSH_OPENSSL_VERSION);
 			exit(0);
+#ifdef WINDOWS
+		case 'y':
+			privsep_unauth_child = 1;
+			//rexec_flag = 0;
+			logfile = NULL;
+			break;
+		case 'z':
+			privsep_auth_child = 1;
+			//rexec_flag = 0;
+			logfile = NULL;
+			break;
+#endif /* WINDOWS */
 		default:
 			usage();
 			break;
@@ -1332,7 +1479,12 @@ main(int ac, char **av)
 
 	if (!rexeced_flag)
 		fatal("sshd-session should not be executed directly");
-
+#ifdef WINDOWS
+	if (privsep_unauth_child)
+		closefrom(PRIVSEP_UNAUTH_MIN_FREE_FD);
+	else if (privsep_auth_child)
+		closefrom(PRIVSEP_AUTH_MIN_FREE_FD);
+#endif /* WINDOWS */
 	closefrom(REEXEC_MIN_FREE_FD);
 
 	seed_rng();
diff --git a/sshd.c b/sshd.c
index cbe5e002c..4963f9af4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -857,13 +857,12 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
 				    posix_spawnattr_setflags(&attributes, POSIX_SPAWN_SETPGROUP) != 0 ||
 				    posix_spawnattr_setpgroup(&attributes, 0) != 0)
 					error("posix_spawn initialization failed");
-				else {
-					if (posix_spawn(&pid, rexec_argv[0], &actions, &attributes, rexec_argv, NULL) != 0)
-						error("%s, posix_spawn failed", __func__);
-					posix_spawn_file_actions_destroy(&actions);
-					posix_spawnattr_destroy(&attributes);
-				}
-
+				// else {
+				// 	if (posix_spawn(&pid, rexec_argv[0], &actions, &attributes, rexec_argv, NULL) != 0)
+				// 		error("%s, posix_spawn failed", __func__);
+				// 	posix_spawn_file_actions_destroy(&actions);
+				// 	posix_spawnattr_destroy(&attributes);
+				// }
 			}
 #else
 			/*
@@ -1041,13 +1040,8 @@ main(int ac, char **av)
 	initialize_server_options(&options);
 
 	/* Parse command-line arguments. */
-#ifdef WINDOWS
-	while ((opt = getopt(ac, av,
-		"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtVyz")) != -1) {
-#else
 	while ((opt = getopt(ac, av,
 		"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
-#endif /* WINDOWS */
 		switch (opt) {
 		case '4':
 			options.address_family = AF_INET;
@@ -1154,31 +1148,17 @@ main(int ac, char **av)
 			fprintf(stderr, "%s, %s\n",
 			    SSH_RELEASE, SSH_OPENSSL_VERSION);
 			exit(0);
-#ifdef WINDOWS
-		case 'y':
-			privsep_unauth_child = 1;
-			rexec_flag = 0;
-			logfile = NULL;
-			//Sleep(10 * 1000);
-			break;
-		case 'z':
-			privsep_auth_child = 1;
-			rexec_flag = 0;
-			logfile = NULL;
-			//Sleep(10 * 1000);
-			break;
-#endif /* WINDOWS */
 		default:
 			usage();
 			break;
 		}
 	}
-	if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
+	if (!test_flag && !do_dump_cfg && !path_absolute(av[0]))
 		fatal("sshd re-exec requires execution with an absolute path");
-	if (privsep_unauth_child)
-		closefrom(PRIVSEP_UNAUTH_MIN_FREE_FD);
-	else if (privsep_auth_child)
-		closefrom(PRIVSEP_AUTH_MIN_FREE_FD);
+	// if (privsep_unauth_child)
+	// 	closefrom(PRIVSEP_UNAUTH_MIN_FREE_FD);
+	// else if (privsep_auth_child)
+	// 	closefrom(PRIVSEP_AUTH_MIN_FREE_FD);
 
 	closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 
@@ -1275,12 +1255,13 @@ main(int ac, char **av)
 	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
 
 	if (do_dump_cfg)
-		print_config(ssh, connection_info);
+		print_config(&connection_info);
 
-	if (privsep_auth_child || privsep_unauth_child) {
-		recv_hostkeys_state(PRIVSEP_MONITOR_FD);
-		goto done_loading_hostkeys;
-	}
+	// TODO: does this need to be in ssh-session?
+	// if (privsep_auth_child || privsep_unauth_child) {
+	// 	recv_hostkeys_state(PRIVSEP_MONITOR_FD);
+	// 	goto done_loading_hostkeys;
+	// }
 
 	/* load host keys */
 	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
@@ -1305,7 +1286,7 @@ main(int ac, char **av)
 
 		if (options.host_key_files[i] == NULL)
 			continue;
-		if (privsep_unauth_child || privsep_auth_child) key = NULL; else /*TODO - remove this*/
+		//if (privsep_unauth_child || privsep_auth_child) key = NULL; else /*TODO - remove this*/
 		if ((r = sshkey_load_private(options.host_key_files[i], "",
 		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
@@ -1538,11 +1519,11 @@ main(int ac, char **av)
 			fatal("socketpair: %s", strerror(errno));
 		send_rexec_state(config_s[0], cfg);
 		close(config_s[0]);
-	} else if (privsep_unauth_child || privsep_auth_child) {
-		sock_in = sock_out = dup(STDIN_FILENO);
-		close(STDIN_FILENO);
-		close(STDOUT_FILENO);
-		startup_pipe = -1;
+	// } else if (privsep_unauth_child || privsep_auth_child) {
+	// 	sock_in = sock_out = dup(STDIN_FILENO);
+	// 	close(STDIN_FILENO);
+	// 	close(STDOUT_FILENO);
+	// 	startup_pipe = -1;
 	} else {
 		platform_pre_listen();
 		server_listen();
@@ -1600,7 +1581,6 @@ main(int ac, char **av)
 			debug3("dup2 config_s: %s", strerror(errno));
 		close(config_s[1]);
 	}
-#endif
 	if (startup_pipe == -1)
 		close(REEXEC_STARTUP_PIPE_FD);
 	else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
@@ -1613,6 +1593,7 @@ main(int ac, char **av)
 	execv(rexec_argv[0], rexec_argv);
 
 	fatal("rexec of %s failed: %s", rexec_argv[0], strerror(errno));
+#endif /* FORK_NOT_SUPPORTED */
 }
 
 /* server specific fatal cleanup */