diff --git a/auth.c b/auth.c
index 1c5633760..76e246a71 100644
--- a/auth.c
+++ b/auth.c
@@ -76,10 +76,11 @@
 #include "ssherr.h"
 #include "compat.h"
 #include "channels.h"
-#include "sshfileperm.h"
+
 #ifdef WINDOWS
 #include <Windows.h>
 #include "misc_internal.h"
+#include "sshfileperm.h"
 #endif // WINDOWS
 
 /* import */
@@ -613,6 +614,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 	ci->user = pw? xstrdup(pw->pw_name): user;
 #else
 	ci->user = user;
+#endif // WINDOWS
 	parse_server_match_config(&options, &includes, ci);
 	log_change_level(options.log_level);
 	log_verbose_reset();
diff --git a/authfile.c b/authfile.c
index e6a16a6f7..2919ddbaa 100644
--- a/authfile.c
+++ b/authfile.c
@@ -59,9 +59,13 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 	int r;
 	mode_t omask;
 
+#ifdef WINDOWS
+	r = sshbuf_write_file(filename, keybuf, 0600);
+#else
 	omask = umask(077);
 	r = sshbuf_write_file(filename, keybuf);
 	umask(omask);
+#endif
 	return r;
 }
 
diff --git a/contrib/win32/openssh/bash_tests_iterator.ps1 b/contrib/win32/openssh/bash_tests_iterator.ps1
index 7e2c17d09..1a50c0260 100644
--- a/contrib/win32/openssh/bash_tests_iterator.ps1
+++ b/contrib/win32/openssh/bash_tests_iterator.ps1
@@ -171,7 +171,7 @@ try
 	[string]$failed_testcases = [string]::Empty
 	
 	# These are the known failed testcases.
-	$known_failed_testcases = @("agent.sh", "key-options.sh", "forward-control.sh", "integrity.sh", "krl.sh", "cert-hostkey.sh", "cert-userkey.sh")
+	$known_failed_testcases = @("agent.sh", "key-options.sh", "forward-control.sh", "integrity.sh", "krl.sh", "cert-hostkey.sh", "cert-userkey.sh", "percent.sh")
 	$known_failed_testcases_skipped = @()
 
 	$start_time = (Get-Date)
diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs
index 9a883aac4..790c655fa 100644
--- a/contrib/win32/openssh/config.h.vs
+++ b/contrib/win32/openssh/config.h.vs
@@ -779,7 +779,7 @@
 /* #undef HAVE_READPASSPHRASE_H */
 
 /* Define to 1 if you have the `realpath' function. */
-/* #define HAVE_REALPATH 1 */
+#define HAVE_REALPATH 1
 
 /* Define to 1 if you have the `recvmsg' function. */
 /* #undef HAVE_RECVMSG */
@@ -915,7 +915,7 @@
 /* #undef HAVE_SO_PEERCRED */
 
 /* define if you have ssize_t data type */
-#define HAVE_SSIZE_T 1
+/* #define HAVE_SSIZE_T 1 */
 
 /* Fields in struct sockaddr_storage */
 #define HAVE_SS_FAMILY_IN_SS 1
@@ -1000,6 +1000,7 @@
 
 /* Define to 1 if the system has the type `struct timespec'. */
 /* #undef HAVE_STRUCT_TIMESPEC */
+#define HAVE_STRUCT_TIMESPEC 1
 
 /* define if you have struct timeval */
 #define HAVE_STRUCT_TIMEVAL 1
@@ -1711,3 +1712,6 @@
 #define FORK_NOT_SUPPORTED
 #define HAVE_FREEZERO
 #define FILESYSTEM_NO_BACKSLASH
+#define HAVE_LOCALTIME_R
+#define HAVE_DECL_MEMMEM 0
+#define WITH_ZLIB
\ No newline at end of file
diff --git a/contrib/win32/openssh/keygen.vcxproj b/contrib/win32/openssh/keygen.vcxproj
index ac3d58cfa..a4b06e459 100644
--- a/contrib/win32/openssh/keygen.vcxproj
+++ b/contrib/win32/openssh/keygen.vcxproj
@@ -402,6 +402,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)sshsig.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32-utf8.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc" />
diff --git a/contrib/win32/openssh/keygen.vcxproj.filters b/contrib/win32/openssh/keygen.vcxproj.filters
index 8c39fa3e6..012a334e4 100644
--- a/contrib/win32/openssh/keygen.vcxproj.filters
+++ b/contrib/win32/openssh/keygen.vcxproj.filters
@@ -24,6 +24,12 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32-utf8.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshsig.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc">
diff --git a/contrib/win32/openssh/libssh.vcxproj b/contrib/win32/openssh/libssh.vcxproj
index e347b5ed6..d75e24e63 100644
--- a/contrib/win32/openssh/libssh.vcxproj
+++ b/contrib/win32/openssh/libssh.vcxproj
@@ -344,6 +344,7 @@
     </Lib>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="$(OpenSSH-Src-Path)addr.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)atomicio.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)authfd.c" />
@@ -391,7 +392,7 @@
       <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)kexgen.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexsntrup4591761x25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexsntrup761x25519.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)krl.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)log.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)mac.c" />
@@ -408,7 +409,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)rijndael.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sc25519.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sntrup4591761.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sntrup761.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c">
       <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
     </ClCompile>
@@ -441,6 +442,12 @@
       <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)kexgexs.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-io.c" />
+    <ClCompile Include="..\..\..\cipher-chachapoly-libcrypto.c" />
+    <ClCompile Include="..\win32compat\spawn-ext.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)sshfileperm.h" />
@@ -448,4 +455,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/contrib/win32/openssh/libssh.vcxproj.filters b/contrib/win32/openssh/libssh.vcxproj.filters
index 75d16994a..6f00d47f3 100644
--- a/contrib/win32/openssh/libssh.vcxproj.filters
+++ b/contrib/win32/openssh/libssh.vcxproj.filters
@@ -1,317 +1,286 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)atomicio.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)authfd.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)authfile.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)bitmap.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)canohost.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)chacha.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)channels.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aes.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aesctr.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-chachapoly.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-ctr.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)cleanup.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)compat.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)crc32.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)dh.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)digest-libc.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)dispatch.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)dns.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ed25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)entropy.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)fatal.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)fe25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ge25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)gss-genr.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)hash.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)hmac.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)hostfile.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kex.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexdh.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexecdh.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexgex.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexgexc.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)krl.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)log.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)mac.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor_fdpass.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)msg.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)nchan.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)packet.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)poly1305.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sc25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-pkcs11.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-rsa.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-basic.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-crypto.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-misc.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssherr.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sshkey.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh_api.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)umac.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)platform-pledge.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)platform-tracing.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)platform.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-pledge.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\ttymodes_windows.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-sshfileperm.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)digest-openssl.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)match.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)misc.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)moduli.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)progressmeter.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)readpass.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)rijndael.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)uuencode.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)verify.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)xmalloc.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)kexgexs.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)platform-misc.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)atomicio.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)authfd.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)authfile.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)bitmap.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)bufaux.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)bufbn.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)bufec.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)buffer.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)canohost.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)chacha.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)channels.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aes.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aesctr.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-chachapoly.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher-ctr.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cipher.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)cleanup.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)compat.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)crc32.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)dh.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)digest-libc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)dispatch.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)dns.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ed25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)entropy.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)fatal.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)fe25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ge25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)gss-genr.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)hash.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)hmac.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)hostfile.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kex.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519c.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519s.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexdh.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexdhc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexdhs.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexecdh.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexecdhc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexecdhs.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexgex.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)kexgexc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)key.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)krl.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)log.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)mac.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor_fdpass.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)msg.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)nchan.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)opacket.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)packet.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)poly1305.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sc25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-pkcs11.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh-rsa.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-basic.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-crypto.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-misc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssherr.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshkey.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)ssh_api.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)umac.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)platform-pledge.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)platform-tracing.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)platform.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-pledge.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\ttymodes_windows.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)digest-openssl.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-sshfileperm.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="$(OpenSSH-Src-Path)sshfileperm.h" />
-  </ItemGroup>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)atomicio.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)authfd.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)authfile.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)bitmap.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)canohost.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)chacha.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)channels.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aes.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aesctr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-chachapoly.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-ctr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)cleanup.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)compat.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)dh.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)digest-libc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)dispatch.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)dns.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ed25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)entropy.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)fatal.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)fe25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ge25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-genr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)hash.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)hmac.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)hostfile.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kex.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexdh.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexecdh.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgex.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgexc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)krl.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)log.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)mac.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor_fdpass.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)msg.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)nchan.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)packet.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)poly1305.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sc25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-pkcs11.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-rsa.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-basic.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-crypto.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-misc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssherr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshkey.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh_api.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)umac.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)platform-pledge.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)platform-tracing.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)platform.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-pledge.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\ttymodes_windows.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-sshfileperm.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)digest-openssl.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)match.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)misc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)moduli.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)progressmeter.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)readpass.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)rijndael.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)verify.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)xmalloc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgexs.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)platform-misc.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)addr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgen.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)kexsntrup761x25519.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sntrup761.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-io.c" />
+    <ClCompile Include="..\win32compat\spawn-ext.c" />
+    <ClCompile Include="..\..\..\cipher-chachapoly-libcrypto.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)atomicio.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)authfd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)authfile.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)bitmap.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)canohost.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)chacha.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)channels.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aes.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-aesctr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-chachapoly.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher-ctr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cipher.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)cleanup.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)compat.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)dh.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)digest-libc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)dispatch.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)dns.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ed25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)entropy.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)fatal.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)fe25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ge25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-genr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)hash.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)hmac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)hostfile.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kex.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kexc25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kexdh.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kexecdh.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgex.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)kexgexc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)krl.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)log.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)mac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor_fdpass.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)msg.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)nchan.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)packet.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)poly1305.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sc25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-ed25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-pkcs11.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-rsa.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-basic.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-getput-crypto.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf-misc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshbuf.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssherr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshkey.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh_api.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)umac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)platform-pledge.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)platform-tracing.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)platform.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-pledge.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\ttymodes_windows.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)digest-openssl.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-sshfileperm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="$(OpenSSH-Src-Path)sshfileperm.h" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj b/contrib/win32/openssh/openbsd_compat.vcxproj
index 6b986b107..ef642da2c 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj
@@ -82,7 +82,6 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\readpassphrase.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\reallocarray.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\recallocarray.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\rmd160.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\rresvport.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\setenv.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\setproctitle.c" />
@@ -131,7 +130,6 @@
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\port-net.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\port-uw.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\readpassphrase.h" />
-    <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\rmd160.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sha1.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sha2.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sys-queue.h" />
diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj.filters b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
index 64c4bda99..a817932a9 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj.filters
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
@@ -138,9 +138,6 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\reallocarray.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\rmd160.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\rresvport.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -207,6 +204,15 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strndup.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\bsd-getline.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\libressl-api-compat.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\memmem.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h">
@@ -287,9 +293,6 @@
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\readpassphrase.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\rmd160.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sha1.h">
       <Filter>Header Files</Filter>
     </ClInclude>
diff --git a/contrib/win32/openssh/sftp-server.vcxproj b/contrib/win32/openssh/sftp-server.vcxproj
index 9a86437a1..720fa62e1 100644
--- a/contrib/win32/openssh/sftp-server.vcxproj
+++ b/contrib/win32/openssh/sftp-server.vcxproj
@@ -37,7 +37,6 @@
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)sftp-realpath.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sftp-server-main.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)sftp-server.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c" />
diff --git a/contrib/win32/openssh/ssh-add.vcxproj b/contrib/win32/openssh/ssh-add.vcxproj
index d1e80e777..e6438c3ca 100644
--- a/contrib/win32/openssh/ssh-add.vcxproj
+++ b/contrib/win32/openssh/ssh-add.vcxproj
@@ -38,6 +38,8 @@
   <ItemGroup>
     <ClCompile Include="$(OpenSSH-Src-Path)ssh-add.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
+    <ClCompile Include="..\win32compat\win32-utf8.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc" />
diff --git a/contrib/win32/openssh/ssh-add.vcxproj.filters b/contrib/win32/openssh/ssh-add.vcxproj.filters
index 12e01f9c0..f4c969964 100644
--- a/contrib/win32/openssh/ssh-add.vcxproj.filters
+++ b/contrib/win32/openssh/ssh-add.vcxproj.filters
@@ -21,6 +21,12 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\win32compat\win32-utf8.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc">
diff --git a/contrib/win32/openssh/ssh-agent.vcxproj b/contrib/win32/openssh/ssh-agent.vcxproj
index 390416289..26a3cd297 100644
--- a/contrib/win32/openssh/ssh-agent.vcxproj
+++ b/contrib/win32/openssh/ssh-agent.vcxproj
@@ -398,7 +398,6 @@
     </Manifest>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\ssh-pubkey\ssh-pubkeydefs.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\agent-request.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\agent.h" />
   </ItemGroup>
@@ -407,6 +406,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\agent.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\connection.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\keyagent-request.c" />
+    <ClCompile Include="..\..\..\ssh-sk-client.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="openssh-events.rc" />
diff --git a/contrib/win32/openssh/ssh-keyscan.vcxproj b/contrib/win32/openssh/ssh-keyscan.vcxproj
index 3d214e240..b2360bbeb 100644
--- a/contrib/win32/openssh/ssh-keyscan.vcxproj
+++ b/contrib/win32/openssh/ssh-keyscan.vcxproj
@@ -395,6 +395,7 @@
   <ItemGroup>
     <ClCompile Include="$(OpenSSH-Src-Path)ssh-keyscan.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc" />
diff --git a/contrib/win32/openssh/ssh-keyscan.vcxproj.filters b/contrib/win32/openssh/ssh-keyscan.vcxproj.filters
index 1e2adadc6..1f1364b37 100644
--- a/contrib/win32/openssh/ssh-keyscan.vcxproj.filters
+++ b/contrib/win32/openssh/ssh-keyscan.vcxproj.filters
@@ -21,6 +21,9 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc">
diff --git a/contrib/win32/openssh/ssh.vcxproj b/contrib/win32/openssh/ssh.vcxproj
index 5ffdab851..494b10951 100644
--- a/contrib/win32/openssh/ssh.vcxproj
+++ b/contrib/win32/openssh/ssh.vcxproj
@@ -506,6 +506,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshtty.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32-utf8.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc" />
diff --git a/contrib/win32/openssh/ssh.vcxproj.filters b/contrib/win32/openssh/ssh.vcxproj.filters
index a4dcf6b95..a6aed6932 100644
--- a/contrib/win32/openssh/ssh.vcxproj.filters
+++ b/contrib/win32/openssh/ssh.vcxproj.filters
@@ -311,6 +311,9 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32-utf8.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc">
diff --git a/contrib/win32/openssh/sshd.vcxproj b/contrib/win32/openssh/sshd.vcxproj
index cc7f5ed04..ca56b7556 100644
--- a/contrib/win32/openssh/sshd.vcxproj
+++ b/contrib/win32/openssh/sshd.vcxproj
@@ -428,7 +428,6 @@
     <ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-skey.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)auth.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c" />
@@ -460,8 +459,10 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\spawn-ext.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c" />
+    <ClCompile Include="..\..\..\srclimit.c" />
+    <ClCompile Include="..\..\..\ssh-sk-client.c" />
+    <ClCompile Include="..\win32compat\win32-utf8.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="version.rc" />
@@ -469,4 +470,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/contrib/win32/openssh/sshd.vcxproj.filters b/contrib/win32/openssh/sshd.vcxproj.filters
index 5a1edde84..26e06a6e4 100644
--- a/contrib/win32/openssh/sshd.vcxproj.filters
+++ b/contrib/win32/openssh/sshd.vcxproj.filters
@@ -1,159 +1,162 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)audit.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-options.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth-skey.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)auth2.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)loginrec.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)md5crypt.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)platform.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-null.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-rlimit.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)servconf.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)serverloop.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)session.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshd.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\spawn-ext.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ResourceCompile Include="version.rc">
-      <Filter>Resource Files</Filter>
-    </ResourceCompile>
-  </ItemGroup>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)audit.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-options.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)auth2.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)loginrec.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)md5crypt.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)platform.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-null.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-rlimit.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)servconf.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)serverloop.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)session.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_sshd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\win32compat\win32-utf8.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\srclimit.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\ssh-sk-client.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="version.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/contrib/win32/openssh/unittest-hostkeys.vcxproj b/contrib/win32/openssh/unittest-hostkeys.vcxproj
index 02ca03473..f4e276768 100644
--- a/contrib/win32/openssh/unittest-hostkeys.vcxproj
+++ b/contrib/win32/openssh/unittest-hostkeys.vcxproj
@@ -414,6 +414,8 @@
     <ClCompile Include="$(OpenSSH-Src-Path)regress\unittests\hostkeys\test_iterate.c">
       <ExcludedFromBuild Condition="$(UseOpenSSL)=='false'">true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
+    <ClCompile Include="..\win32compat\win32-utf8.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
diff --git a/contrib/win32/openssh/unittest-kex.vcxproj b/contrib/win32/openssh/unittest-kex.vcxproj
index 757bbf8ca..e62bbc153 100644
--- a/contrib/win32/openssh/unittest-kex.vcxproj
+++ b/contrib/win32/openssh/unittest-kex.vcxproj
@@ -398,6 +398,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c">
       <ExcludedFromBuild Condition="$(UseOpenSSL)=='false'">true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
diff --git a/contrib/win32/openssh/unittest-sshkey.vcxproj b/contrib/win32/openssh/unittest-sshkey.vcxproj
index 48524e639..d2ea79e35 100644
--- a/contrib/win32/openssh/unittest-sshkey.vcxproj
+++ b/contrib/win32/openssh/unittest-sshkey.vcxproj
@@ -426,6 +426,8 @@
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\wmain_common.c">
       <ExcludedFromBuild Condition="$(UseOpenSSL)=='false'">true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)ssh-sk-client.c" />
+    <ClCompile Include="..\win32compat\win32-utf8.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
diff --git a/contrib/win32/openssh/win32iocompat.vcxproj.filters b/contrib/win32/openssh/win32iocompat.vcxproj.filters
index 2313d24c7..1ed3e9307 100644
--- a/contrib/win32/openssh/win32iocompat.vcxproj.filters
+++ b/contrib/win32/openssh/win32iocompat.vcxproj.filters
@@ -22,8 +22,8 @@
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\spawn.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\w32api_proxies.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\win32_usertoken_utils.c" />
-    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\conhost_conpty.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\gss-sspi.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\win32_pty.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\w32fd.h" />
diff --git a/contrib/win32/win32compat/Debug.h b/contrib/win32/win32compat/Debug.h
index 69a3af49e..9b0baf52b 100644
--- a/contrib/win32/win32compat/Debug.h
+++ b/contrib/win32/win32compat/Debug.h
@@ -1,12 +1,10 @@
 #pragma once
+#ifndef __attribute__
+#define __attribute__(A)
+#endif
 
-void     __declspec(noreturn) fatal(const char *, ...);
-void     error(const char *, ...);
-void     verbose(const char *, ...);
-void     debug(const char *, ...);
-void     debug2(const char *, ...);
-void     debug3(const char *, ...);
-
+#include "..\..\..\log.h"
+#include "..\..\..\ssherr.h"
 /* Enable the following for verbose logging */
 #if (0)
 #define debug4 debug2
diff --git a/contrib/win32/win32compat/inc/pwd.h b/contrib/win32/win32compat/inc/pwd.h
index 21ec26fda..c2e6b16be 100644
--- a/contrib/win32/win32compat/inc/pwd.h
+++ b/contrib/win32/win32compat/inc/pwd.h
@@ -23,7 +23,7 @@ struct passwd {
 };
 
 /*start - declarations not applicable in Windows */
-uid_t getuid(void);
+uid_t w32_getuid(void);
 gid_t getgid(void);
 uid_t geteuid(void);
 gid_t getegid(void);
@@ -44,5 +44,6 @@ void endpwent(void);
 
 #define getpwuid w32_getpwuid
 #define getpwnam w32_getpwnam
+#define getuid w32_getuid
 
 #endif
diff --git a/contrib/win32/win32compat/inc/signal.h b/contrib/win32/win32compat/inc/signal.h
index 220d732ac..ebf7c4fa0 100644
--- a/contrib/win32/win32compat/inc/signal.h
+++ b/contrib/win32/win32compat/inc/signal.h
@@ -51,6 +51,7 @@ typedef int sigset_t;
 #define W32_SIG_DFL		((sighandler_t)0)
 #define W32_SIG_IGN		((sighandler_t)1)
 
+#define signal(a, b) mysignal(a, b)
 sighandler_t w32_signal(int signum, sighandler_t handler);
 sighandler_t mysignal(int signum, sighandler_t handler);
 char* strsignal(int);
diff --git a/contrib/win32/win32compat/inc/syslog.h b/contrib/win32/win32compat/inc/syslog.h
index 28e67fbed..6d8fd9a46 100644
--- a/contrib/win32/win32compat/inc/syslog.h
+++ b/contrib/win32/win32compat/inc/syslog.h
@@ -22,7 +22,7 @@
 
 #define LOG_PID		0x01			/* log the pid */
 
-void openlog	(char *, unsigned int, int);
+void openlog	(const char *, unsigned int, int);
 void closelog	(void);
 void syslog		(int, const char *, const char *);
 
diff --git a/contrib/win32/win32compat/pwd.c b/contrib/win32/win32compat/pwd.c
index 5d866a246..0f9463abd 100644
--- a/contrib/win32/win32compat/pwd.c
+++ b/contrib/win32/win32compat/pwd.c
@@ -394,7 +394,7 @@ user_from_uid(uid_t uid, int nouser)
 }
 
 uid_t
-getuid(void)
+w32_getuid(void)
 {
 	return 1;
 }
diff --git a/contrib/win32/win32compat/ssh-agent/agent-main.c b/contrib/win32/win32compat/ssh-agent/agent-main.c
index 7b4522c93..20733ee00 100644
--- a/contrib/win32/win32compat/ssh-agent/agent-main.c
+++ b/contrib/win32/win32compat/ssh-agent/agent-main.c
@@ -113,9 +113,6 @@ fix_cwd()
 	_wchdir(path);
 }
 
-/* TODO - get rid of this dependency */
-void log_init(char*, int, int, int);
-
 int 
 wmain(int argc, wchar_t **argv) 
 {
diff --git a/contrib/win32/win32compat/ssh-agent/agent-request.h b/contrib/win32/win32compat/ssh-agent/agent-request.h
index 7367ddade..f0dcbb978 100644
--- a/contrib/win32/win32compat/ssh-agent/agent-request.h
+++ b/contrib/win32/win32compat/ssh-agent/agent-request.h
@@ -3,8 +3,9 @@ typedef unsigned short u_int16_t;
 typedef unsigned int u_int32_t;
 typedef unsigned __int64 u_int64_t;
 #define __attribute__(a)
-#include "sshbuf.h"
+#include <stdint.h>
 #include "sshkey.h"
+#include "sshbuf.h"
 #include <openssl/bn.h>
 #include "authfd.h"
 #include "digest.h"
diff --git a/contrib/win32/win32compat/ssh-agent/keyagent-request.c b/contrib/win32/win32compat/ssh-agent/keyagent-request.c
index 7a3428762..9d7dfce77 100644
--- a/contrib/win32/win32compat/ssh-agent/keyagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/keyagent-request.c
@@ -231,7 +231,7 @@ static int sign_blob(const struct sshkey *pubkey, u_char ** sig, size_t *siglen,
 		algo = "rsa-sha2-512";
 
 	if (sshkey_private_deserialize(tmpbuf, &prikey) != 0 ||
-	    sshkey_sign(prikey, sig, siglen, blob, blen, algo, 0) != 0) {
+	    sshkey_sign(prikey, sig, siglen, blob, blen, algo, NULL, NULL, 0) != 0) {
 		debug("cannot sign using retrieved key");
 		goto done;
 	}
diff --git a/contrib/win32/win32compat/utf.c b/contrib/win32/win32compat/utf.c
index 340de7bc5..0aecff79a 100644
--- a/contrib/win32/win32compat/utf.c
+++ b/contrib/win32/win32compat/utf.c
@@ -41,7 +41,6 @@ utf8_to_utf16(const char *utf8)
 	if ((needed = MultiByteToWideChar(CP_UTF8, 0, utf8, -1, NULL, 0)) == 0 ||
 	    (utf16 = malloc(needed * sizeof(wchar_t))) == NULL ||
 	    MultiByteToWideChar(CP_UTF8, 0, utf8, -1, utf16, needed) == 0) {
-		debug3("failed to convert utf8 payload:%s error:%d", utf8, GetLastError());
 		errno = ENOMEM;
 		return NULL;
 	}
diff --git a/contrib/win32/win32compat/w32fd.c b/contrib/win32/win32compat/w32fd.c
index dace55258..ed1c1c4d3 100644
--- a/contrib/win32/win32compat/w32fd.c
+++ b/contrib/win32/win32compat/w32fd.c
@@ -1071,6 +1071,10 @@ spawn_child_internal(const char* cmd, char *const argv[], HANDLE in, HANDLE out,
 	if (strstr(cmd, "sshd.exe")) {
 		flags |= DETACHED_PROCESS;
 	}
+
+	if (is_bash_test_env()) {
+		flags |= CREATE_NO_WINDOW;
+	}
 	
 	wchar_t * t = cmdline_utf16;
 	do {
diff --git a/contrib/win32/win32compat/w32log.c b/contrib/win32/win32compat/w32log.c
index 4d230ebbd..93ef08213 100644
--- a/contrib/win32/win32compat/w32log.c
+++ b/contrib/win32/win32compat/w32log.c
@@ -40,7 +40,7 @@
 
 #define MSGBUFSIZ 1024
 static int logfd = -1;
-char* identity = NULL;
+const char* identity = NULL;
 int log_facility = 0;
 
 void openlog_etw()
@@ -150,7 +150,7 @@ syslog_file(int priority, const char *format, const char *formatBuffer)
 }
 
 void
-openlog(char *ident, unsigned int option, int facility)
+openlog(const char *ident, unsigned int option, int facility)
 {
 	identity = ident;
 	log_facility = facility;
diff --git a/contrib/win32/win32compat/win32-utf8.c b/contrib/win32/win32compat/win32-utf8.c
index 738167737..dd104130f 100644
--- a/contrib/win32/win32compat/win32-utf8.c
+++ b/contrib/win32/win32compat/win32-utf8.c
@@ -62,6 +62,36 @@ snmprintf(char *buf, size_t len, int *written, const char *fmt, ...)
 	return ret;
 }
 
+/* TODO - Make windows implementation insync with Unix */
+int
+vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
+{
+	int ret;
+	size_t sz;
+
+	if((sz = vsnprintf(NULL, 0, fmt, ap)) < 0)
+		return -1;
+
+	*str = (char *) malloc(sizeof(char) * (sz + 1));
+	ret = vsnprintf_s(*str, sz + 1, _TRUNCATE, fmt, ap);		
+	if (wp != NULL && ret != -1)
+		*wp = ret;
+
+	return ret;
+}
+
+int
+asmprintf(char **outp, size_t sz, int *written, const char *fmt, ...)
+{
+	int ret;
+	va_list valist;
+	va_start(valist, fmt);
+	ret = vasnmprintf(outp, sz, written, fmt, valist);
+	va_end(valist);
+
+	return ret;
+}
+
 void
 msetlocale(void)
 {
diff --git a/contrib/win32/win32compat/wmain_common.c b/contrib/win32/win32compat/wmain_common.c
index 73623331d..9f96ca7ce 100644
--- a/contrib/win32/win32compat/wmain_common.c
+++ b/contrib/win32/win32compat/wmain_common.c
@@ -33,6 +33,7 @@
 #include <Windows.h>
 #include "inc\utf.h"
 #include "misc_internal.h"
+#include "Debug.h"
 
 int
 main(int, char **);
diff --git a/contrib/win32/win32compat/wmain_sshd.c b/contrib/win32/win32compat/wmain_sshd.c
index 9c7dfcbe8..1f4c196b6 100644
--- a/contrib/win32/win32compat/wmain_sshd.c
+++ b/contrib/win32/win32compat/wmain_sshd.c
@@ -39,6 +39,7 @@
 
 #include "inc\utf.h"
 #include "misc_internal.h"
+#include "Debug.h"
 
 int main(int, char **);
 extern HANDLE main_thread;
diff --git a/misc.c b/misc.c
index 8380b4866..36c221ed7 100644
--- a/misc.c
+++ b/misc.c
@@ -2499,6 +2499,9 @@ opt_array_append(const char *file, const int line, const char *directive,
 sshsig_t
 ssh_signal(int signum, sshsig_t handler)
 {
+#ifdef WINDOWS
+	return signal(signum, handler);
+#else
 	struct sigaction sa, osa;
 
 	/* mask all other signals while in handler */
@@ -2514,6 +2517,7 @@ ssh_signal(int signum, sshsig_t handler)
 		return SIG_ERR;
 	}
 	return osa.sa_handler;
+#endif // WINDOWS
 }
 
 int
@@ -2633,6 +2637,7 @@ subprocess(const char *tag, const char *command,
 			fatal("posix_spawn initialization failed");
 		else {
 #ifdef WINDOWS
+			extern PSID get_sid(const char*);
 			/* If the user's SID is the System SID and sshd is running as system,
 			 * launch as a child process.
 			 */
diff --git a/monitor.c b/monitor.c
index eac7c70c7..32c507ae2 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1700,6 +1700,11 @@ monitor_send_keystate(struct monitor *pmonitor) {
 
 	if ((m = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
+
+	if ((r = sshbuf_put_u32(m, session_id2_len)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	if ((r = sshbuf_put_cstring(m, session_id2)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if ((r = sshbuf_put_stringb(m, child_state)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
@@ -1727,6 +1732,10 @@ monitor_recv_keystate(struct monitor*pmonitor) {
 	if (ver != 0)
 		fatal("%s: rexec version mismatch", __func__);
 
+	if ((r = sshbuf_get_u32(m, &session_id2_len)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	if ((r = sshbuf_get_cstring(m, &session_id2, NULL)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if ((r = sshbuf_get_string_direct(m, &cp, &len)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
@@ -1807,9 +1816,11 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
 		fatal_f("incorrect session id length %zu (expected %u)",
 		    sshbuf_len(ssh->kex->session_id), session_id2_len);
 	}
+
 	if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2,
-	    session_id2_len) != 0)
+	    strlen(sshbuf_ptr(ssh->kex->session_id))) != 0)
 		fatal_f("session ID mismatch");
+
 	/* XXX set callbacks */
 #ifdef WITH_OPENSSL
 	kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
diff --git a/readpass.c b/readpass.c
index 54541fd03..b82100a3b 100644
--- a/readpass.c
+++ b/readpass.c
@@ -70,12 +70,15 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
 	fcntl(p[0], F_SETFD, FD_CLOEXEC);
 	fcntl(p[1], F_SETFD, FD_CLOEXEC);
 	{
+		if (env_hint != NULL)
+			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
+
 		posix_spawn_file_actions_t actions;
 		pid = -1;
 		if (posix_spawn_file_actions_init(&actions) != 0 ||
 		    posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0 ) {
 			error("posix_spawn initialization failed");
-			signal(SIGCHLD, osigchld);
+			ssh_signal(SIGCHLD, osigchld);
 			return NULL;
 		} else {
 			const char* spawn_argv[3];
@@ -85,7 +88,7 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
 			if (posix_spawnp(&pid, spawn_argv[0], &actions, NULL, (char* const*) spawn_argv, NULL) != 0) {
 				posix_spawn_file_actions_destroy(&actions);
 				error("ssh_askpass: posix_spawnp: %s", strerror(errno));
-				signal(SIGCHLD, osigchld);
+				ssh_signal(SIGCHLD, osigchld);
 				return NULL;
 			}
 			posix_spawn_file_actions_destroy(&actions);
diff --git a/regress/connect.sh b/regress/connect.sh
index 46f12b7b3..cf83da64c 100644
--- a/regress/connect.sh
+++ b/regress/connect.sh
@@ -11,8 +11,10 @@ if [ $? -ne 0 ]; then
 	fail "ssh direct connect failed"
 fi
 
-trace "proxy connect"
-${SSH} -F $OBJ/ssh_config -o "proxycommand $NC %h %p" somehost true
-if [ $? -ne 0 ]; then
-	fail "ssh proxycommand connect failed"
-fi
+if [ "$os" != "windows" ]; then
+	trace "proxy connect"
+	${SSH} -F $OBJ/ssh_config -o "proxycommand $NC %h %p" somehost true
+	if [ $? -ne 0 ]; then
+		fail "ssh proxycommand connect failed"
+	fi
+fi
\ No newline at end of file
diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh
index af571d390..57c2c10ca 100644
--- a/regress/keygen-comment.sh
+++ b/regress/keygen-comment.sh
@@ -11,7 +11,7 @@ check_fingerprint () {
 	if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
 		fail "ssh-keygen -l failed for $t-key"
 	fi
-	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
+	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} (.*)\$" \
 	    $OBJ/$t-fgp >/dev/null 2>&1 ; then
 		fail "comment is not correctly recovered for $t-key"
 	fi
diff --git a/regress/knownhosts-command.sh b/regress/knownhosts-command.sh
index f15df670b..412515818 100644
--- a/regress/knownhosts-command.sh
+++ b/regress/knownhosts-command.sh
@@ -10,7 +10,11 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_orig
     grep -vi UserKnownHostsFile;
   echo "GlobalKnownHostsFile none" ;
   echo "UserKnownHostsFile none" ;
+if [ "$os" == "windows" ]; then
+  echo "KnownHostsCommand ${TEST_SHELL_PATH} $OBJ/knownhosts_command '%t' '%K' '%u'" ;
+else
   echo "KnownHostsCommand $OBJ/knownhosts_command '%t' '%K' '%u'" ;
+fi
 ) > $OBJ/ssh_proxy
 
 verbose "simple connection"
diff --git a/regress/pesterTests/AuthorizedKeysCommand.Tests.ps1 b/regress/pesterTests/AuthorizedKeysCommand.Tests.ps1
index 59626f146..fb58b113b 100644
--- a/regress/pesterTests/AuthorizedKeysCommand.Tests.ps1
+++ b/regress/pesterTests/AuthorizedKeysCommand.Tests.ps1
@@ -53,5 +53,20 @@ Describe "E2E scenarios for AuthorizedKeysCommand" -Tags "CI" {
             (gc $kcOutFile).Contains($ssouser) | Should Be $true
         }
 
+        It "$tC.$tI - keys command with %k argument AuthorizedKeysCommandUser as SYSTEM" {
+            #override authorizedkeysfile location to an unknown location, so AuthorizedKeysCommand gets executed
+            $kcOutFile = Join-Path $testDir "$tC.$tI.kcout.txt"
+            Remove-Item -Force $kcOutFile -ErrorAction SilentlyContinue
+            $sshdArgs = "-ddd -f $sshdconfig  -E $logFile -o `"AuthorizedKeysFile .fake/authorized_keys`""
+            $sshdArgs += " -o `"AuthorizedKeysCommand=$env:windir\system32\cmd.exe /c echo ssh-ed25519 %k & whoami > $kcOutFile`""
+            $sshdArgs += " -o `"AuthorizedKeysCommandUser=system`""
+            $sshdArgs += " -o PasswordAuthentication=no"
+            Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments $sshdArgs -Port $port
+            $o = ssh -p $port test_target echo 12345
+            Stop-SSHDTestDaemon -Port $port
+            $o | Should Be "12345"
+            #check the command is run as AuthorizedKeysCommandUser
+            (gc $kcOutFile).Contains("nt authority\system") | Should Be $true
+        }
     }
 }
diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
index b6a9a248f..f97e08b24 100644
--- a/regress/servcfginclude.sh
+++ b/regress/servcfginclude.sh
@@ -90,6 +90,9 @@ trial() {
 	    -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
 		fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
 	_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+	if [ "$os" == "windows" ]; then
+		_got=`echo $_got | tr -d '\r'`  # remove \r
+	fi
 	if test "x$_exp" != "x$_got" ; then
 		fail "$desc_ host $_host include fail: expected $_exp got $_got"
 	fi
@@ -180,6 +183,11 @@ ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
     -C "host=x,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || \
 	fail "failed to parse Port after included files"
 _port=`grep -i '^port ' $OBJ/sshd_config.out | awk '{print $2}'`
+
+if [ "$os" == "windows" ]; then
+	_port=`echo $_port | tr -d '\r','\n'`  # remove \r\n
+fi
+
 if test "x7722" != "x$_port" ; then
 	fail "The Port in included file was intertepretted wrongly. Expected 7722, got $_port"
 fi
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
index bc1eb8cb2..ff8cefe53 100644
--- a/regress/sshcfgparse.sh
+++ b/regress/sshcfgparse.sh
@@ -144,12 +144,24 @@ fi
 
 verbose "agentforwarding"
 f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "no"
 f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "no"
 f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "yes"
 f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "SSH_AUTH_SOCK.forward"
 
 # cleanup
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 79fed1ca7..abc9e9781 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -372,8 +372,15 @@ fi
 
 make_tmpdir ()
 {
-	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
-	    fatal "failed to create temporary directory"
+	if [ "$os" == "windows" ]; then
+		powershell.exe /c "New-Item -Path $OBJ\openssh-XXXXXXXX -ItemType Directory -Force" >/dev/null 2>&1
+		if [ $? -ne 0 ]; then
+			fatal "failed to create temporary directory"
+		fi
+	else
+		SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
+			fatal "failed to create temporary directory"
+	fi
 }
 # End of portable specific functions
 
@@ -413,22 +420,6 @@ stop_sshd ()
 	fi
 }
 
-<<<<<<< HEAD
-make_tmpdir ()
-{
-	if [ "$os" == "windows" ]; then
-		powershell.exe /c "New-Item -Path $OBJ\openssh-XXXXXXXX -ItemType Directory -Force" >/dev/null 2>&1
-		if [ $? -ne 0 ]; then
-			fatal "failed to create temporary directory"
-		fi
-	else
-		SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
-			fatal "failed to create temporary directory"
-	fi
-}
-
-=======
->>>>>>> e86968280e358e62649d268d41f698d64d0dc9fa
 # helper
 cleanup ()
 {
@@ -531,6 +522,7 @@ cat << EOF > $OBJ/sshd_config
 	Subsystem	sftp	$SFTPSERVER
 EOF
 
+if [ "$os" != "windows" ]; then
 # This may be necessary if /usr/src and/or /usr/obj are group-writable,
 # but if you aren't careful with permissions then the unit tests could
 # be abused to locally escalate privileges.
@@ -562,6 +554,7 @@ bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
 EOD
 	fi
 fi
+fi
 
 if [ ! -z "$TEST_SSH_MODULI_FILE" ]; then
 	trace "adding modulifile='$TEST_SSH_MODULI_FILE' to sshd_config"
@@ -752,6 +745,8 @@ fi
 (
 	cat $OBJ/ssh_config
 	if [ "$os" == "windows" ]; then
+		# TODO - having SSH_SK_HELPER is causing issues. Need to find a way.
+		# This is fine for now as we don't have FIDO enabled.
 		echo proxycommand  `windows_path ${SSHD}` -i -f $OBJ_WIN_FORMAT/sshd_proxy
 	else
 		echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index 06bd001ae..9d49743bd 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -202,6 +202,9 @@ kex_tests(void)
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
+#ifdef USE_SNTRUP761X25519
 	do_kex("sntrup761x25519-sha512@openssh.com");
+#endif
+
 #endif /* WITH_OPENSSL */
 }
diff --git a/regress/unittests/win32compat/socket_tests.c b/regress/unittests/win32compat/socket_tests.c
index 7279f243d..8169cf4b0 100644
--- a/regress/unittests/win32compat/socket_tests.c
+++ b/regress/unittests/win32compat/socket_tests.c
@@ -27,7 +27,7 @@ int their_addr_len = sizeof(their_addr);
 char *send_buf, *recv_buf;
 
 int
-unset_nonblock(int fd)
+w32_unw32_set_nonblock(int fd)
 {
 	int val;
 
@@ -46,7 +46,7 @@ unset_nonblock(int fd)
 }
 
 int
-set_nonblock(int fd)
+w32_set_nonblock(int fd)
 {
 	int val;
 
@@ -389,19 +389,19 @@ socket_nonblocking_io_tests()
 	{
 		TEST_START("non blocking accept and connect");
 
-		retValue = set_nonblock(listen_fd);
+		retValue = w32_set_nonblock(listen_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		accept_fd = accept(listen_fd, NULL, NULL);
 		ASSERT_INT_EQ(accept_fd, -1);
 		ASSERT_INT_EQ(errno, EAGAIN);
-		retValue = set_nonblock(connect_fd);
+		retValue = w32_set_nonblock(connect_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		retValue = connect(connect_fd, servinfo->ai_addr, servinfo->ai_addrlen);
 		/* connect is too fast to block
 		ASSERT_INT_EQ(ret, -1);
 		ASSERT_INT_EQ(errno, EINPROGRESS); */
 		ASSERT_INT_EQ(retValue, 0);
-		retValue = unset_nonblock(listen_fd);
+		retValue = w32_unw32_set_nonblock(listen_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		accept_fd = accept(listen_fd, NULL, NULL);
 		ASSERT_INT_NE(accept_fd, -1);
@@ -414,16 +414,16 @@ socket_nonblocking_io_tests()
 	{
 		TEST_START("non blocking recv");
 
-		retValue = set_nonblock(connect_fd);
+		retValue = w32_set_nonblock(connect_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		retValue = recv(connect_fd, small_recv_buf, SMALL_RECV_BUF_SIZE, 0);
 		ASSERT_INT_EQ(retValue, -1);
 		ASSERT_INT_EQ(errno, EAGAIN);
-		retValue = unset_nonblock(accept_fd);
+		retValue = w32_unw32_set_nonblock(accept_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		retValue = send(accept_fd, small_send_buf, strlen(small_send_buf), 0);
 		ASSERT_INT_EQ(retValue, strlen(small_send_buf));
-		retValue = unset_nonblock(connect_fd);
+		retValue = w32_unw32_set_nonblock(connect_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		retValue = recv(connect_fd, small_recv_buf, SMALL_RECV_BUF_SIZE, 0);
 		ASSERT_INT_EQ(retValue, strlen(small_send_buf));
@@ -439,7 +439,7 @@ socket_nonblocking_io_tests()
 		
 		send_buf = malloc(10 * 1024);
 		ASSERT_PTR_NE(send_buf, NULL);
-		retValue = set_nonblock(connect_fd);
+		retValue = w32_set_nonblock(connect_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		retValue = 1;
 		while (retValue > 0) {
@@ -485,7 +485,7 @@ socket_select_tests() {
 		ASSERT_INT_NE(connect_fd, -1);
 		retValue = connect(connect_fd, servinfo->ai_addr, servinfo->ai_addrlen);
 		ASSERT_INT_EQ(retValue, 0);
-		retValue = set_nonblock(listen_fd);
+		retValue = w32_set_nonblock(listen_fd);
 		ASSERT_INT_EQ(retValue, 0);
 		time_val.tv_sec = 60;
 		time_val.tv_usec = 0;
@@ -507,9 +507,9 @@ socket_select_tests() {
 
 		s = accept_fd;
 		r = connect_fd;
-		retValue = set_nonblock(s);
+		retValue = w32_set_nonblock(s);
 		ASSERT_INT_EQ(retValue, 0);
-		retValue = set_nonblock(r);
+		retValue = w32_set_nonblock(r);
 		ASSERT_INT_EQ(retValue, 0);
 		send_buf = malloc(num_bytes);
 		recv_buf = malloc(num_bytes + 1);
@@ -607,9 +607,9 @@ socket_typical_ssh_payload_tests() {
 
 		r = accept_fd;
 		s = connect_fd;
-		retValue = set_nonblock(s);
+		retValue = w32_set_nonblock(s);
 		ASSERT_INT_EQ(retValue, 0);
-		retValue = set_nonblock(r);
+		retValue = w32_set_nonblock(r);
 		ASSERT_INT_EQ(retValue, 0);
 		send_buf = malloc(max_bytes);
 		recv_buf = malloc(max_bytes + 1);
diff --git a/sftp-server.c b/sftp-server.c
index dbfdc2776..7809e19f8 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.127 2021/04/03 06:18:41 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.127 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -1506,12 +1506,10 @@ process_extended_limits(u_int32_t id)
 #endif
 
 	debug("request %u: limits", id);
-
 #ifdef HAVE_GETRLIMIT
 	if (getrlimit(RLIMIT_NOFILE, &rlim) != -1 && rlim.rlim_cur > 5)
 		nfiles = rlim.rlim_cur - 5; /* stdio(3) + syslog + spare */
 #endif
-
 	if ((msg = sshbuf_new()) == NULL)
 		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 ||
diff --git a/sftp.c b/sftp.c
index 99ed5439e..43805cb14 100644
--- a/sftp.c
+++ b/sftp.c
@@ -2363,7 +2363,7 @@ connect_to_server(char *path, char **args, int *in, int *out)
 		fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
 		_exit(1);
 	}
-
+#endif
 	ssh_signal(SIGTERM, killchild);
 	ssh_signal(SIGINT, killchild);
 	ssh_signal(SIGHUP, killchild);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9789d1b2d..fc6c21a53 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -2419,7 +2419,11 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
 		fatal("sshbuf_new failed");
 	if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
 		fatal("Couldn't generate KRL");
+#ifdef WINDOWS
+	if ((r = sshbuf_write_file(identity_file, kbuf, 0644)) != 0)
+#else
 	if ((r = sshbuf_write_file(identity_file, kbuf)) != 0)
+#endif
 		fatal("write %s: %s", identity_file, strerror(errno));
 	sshbuf_free(kbuf);
 	ssh_krl_free(krl);
@@ -3052,9 +3056,13 @@ save_attestation(struct sshbuf *attest, const char *path)
 		return; /* nothing to do */
 	if (attest == NULL || sshbuf_len(attest) == 0)
 		fatal("Enrollment did not return attestation data");
+#ifdef WINDOWS
+	r = sshbuf_write_file(path, attest, 0644);
+#else
 	omask = umask(077);
 	r = sshbuf_write_file(path, attest);
 	umask(omask);
+#endif
 	if (r != 0)
 		fatal_r(r, "Unable to write attestation data \"%s\"", path);
 	if (!quiet)
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index e93259009..2c66bcbfe 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -46,6 +46,12 @@
 static int
 start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
 {
+#ifndef ENABLE_SK
+	/* TODO - This is added temporarily to resolve build errors.
+	 * The below logic has to be converted using posix_internal() APIs as windows doesn't support fork.
+	 */
+	return SSH_ERR_SYSTEM_ERROR;
+#else
 	void (*osigchld)(int);
 	int oerrno, pair[2];
 	pid_t pid;
@@ -106,6 +112,7 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
 	*pidp = pid;
 	*osigchldp = osigchld;
 	return 0;
+#endif
 }
 
 static int
diff --git a/sshbuf-io.c b/sshbuf-io.c
index 13ef40e7d..18a819612 100644
--- a/sshbuf-io.c
+++ b/sshbuf-io.c
@@ -98,11 +98,19 @@ sshbuf_load_file(const char *path, struct sshbuf **bufp)
 }
 
 int
+#ifdef WINDOWS
+sshbuf_write_file(const char *path, struct sshbuf *buf, mode_t mode)
+#else
 sshbuf_write_file(const char *path, struct sshbuf *buf)
+#endif
 {
 	int fd, oerrno;
 
+#ifdef WINDOWS
+	if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1)
+#else
 	if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1)
+#endif
 		return SSH_ERR_SYSTEM_ERROR;
 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(buf),
 	    sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
diff --git a/sshbuf.h b/sshbuf.h
index 2ad0e61be..ab2b16f0f 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -306,8 +306,14 @@ int sshbuf_load_file(const char *, struct sshbuf **)
  * Write a buffer to a path, creating/truncating as needed (mode 0644,
  * subject to umask). The buffer contents are not modified.
  */
+ #ifdef WINDOWS
+ /* umask doesn't work the same on windows. so pass the mode instead. */
+int sshbuf_write_file(const char *path, struct sshbuf *buf, mode_t mode)
+__attribute__((__nonnull__(2)));
+ #else
 int sshbuf_write_file(const char *path, struct sshbuf *buf)
     __attribute__((__nonnull__ (2)));
+#endif
 
 /* Macros for decoding/encoding integers */
 #define PEEK_U64(p) \
diff --git a/sshd.c b/sshd.c
index 12d8bfa6e..8f0ee04b9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2626,7 +2626,7 @@ done_loading_hostkeys:
 	if ((r = kex_exchange_identification(ssh, -1,
 	    options.version_addendum)) != 0)
 		sshpkt_fatal(ssh, r, "banner exchange");
-
+idexch_done:
 	ssh_packet_set_nonblocking(ssh);
 
 	/* allocate authentication context */