Mail Archives: cygwin/2001/11/14/20:50:26
Hello,
Let me start with a simple question: can multiple users using RSA authentication log into a single Windows 2000 box running sshd? It seems like this is implied by the README files in /usr/doc.
Assuming this is true then here is my problem:
I am trying to log onto a Windows 2000 (sp2) box using ssh with rsa authentication with different accounts. While I have no problems logging in as different users using passwords, I can only seem to use rsa authentication when I'm logging on as the user starting the sshd process. I'm running Cygwin version 1.3.5. In addition, I have specified "CYGWIN=ntsec" as a system variable.
When I run sshd as LocalSystem, it seems like sshd is happy I've entered the correct rsa passphrase, but then it tries to make me the correct user and dies saying:
"Received disconnect from my.ip.address.here: Authentication rejected for uid 1004."
If I give my user account the following privelages:
"Act as part of the operating system"
"Replace process level token"
"Increase quotas"
"Logon as a service"
and start the sshd server under my account nwilson, I can then ssh into my machine using RSA authentication.
In a little more detail, I did the following:
bash% chown SYSTEM /etc/ssh*
bash% cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd"
bash% cygrunsrv --start sshd
bash% ssh -l nwilson my_machine_name_here
tried to log in as user nwilson using RSA with failure log below
bash% cygrunsrv --stop sshd
bash% cygrunsrv --remove sshd
bash% chown nwilson /etc/ssh*
bash% cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd" -u nwilson
bash% cygrunsrv --start sshd
bash% ssh -l nwilson my_machine_name_here
tried to log in as user nwilson with success (log below)
So the heart of my question is what can cause ssh/sshd to agree I'm a given user but be unable to switch the user context properly? I feel like I've tried nearly everything (file permissions and user on ~/.ssh, /etc/ssh*, /etc/passwd, /etc/group).
I'm basically running out of ideas. Hopefully someone can help. Thanks,
Nathan
running sshd under LocalSystem:
debug1: Seeding random number generator
/etc/sshd_config line 49: Deprecated option CheckMail
debug1: sshd version OpenSSH_3.0p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from my.ip.address.here port 1116
debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1
debug1: match: OpenSSH_3.0p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_3.0p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for nwilson.
debug1: temporarily_use_uid: 1004/513 (e=18)
debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys
debug1: restore_uid
Disconnecting: Authentication rejected for uid 1004.
debug1: Calling cleanup 0x4169cc(0x0)
running sshd under nwilson:
debug1: Seeding random number generator
/etc/sshd_config line 49: Deprecated option CheckMail
debug1: sshd version OpenSSH_3.0p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from my.ip.address.here port 1142
debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1
debug1: match: OpenSSH_3.0p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_3.0p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for nwilson.
debug1: temporarily_use_uid: 1004/513 (e=1004)
debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys
debug1: restore_uid
Accepted rsa for nwilson from my.ip.address.here port 1142
debug1: session_new: init
debug1: session_new: session 0
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty0
... additional lines deleted but connection was successful ...
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -