Mail Archives: cygwin/2002/07/05/18:26:41
I'm testing an upgrade to latest versions and hope I've just got a
configuration problem...
Configuration
Cygwin 1.3.12-1 and OpenSSH 3.4p2
Freshly installed Windows 2000 Server + all the hotfix rot.
Default settings from ssh-host-config
Password Auth works, Pubkey Auth does not.
------------------------------
Problem 1: StrictModes on == Cannot log on.
If the ACLs on the ~/.ssh/authorized_keys have SYSTEM:Read, then
authentication fails with improper ownership or mode.
If the ACL on the file do not have SYSTEM:READ, then authentication fails
because the SSHD cannot open the file.
I look at the Application event log on the system and Cygwin does record
that the userid is switching to the user logging in before opening the
authorized_keys file, but the Security log shows failed file accesses by
SYSTEM when the call comes to open the file.
So, I turned off StrictModes and set <user> and SYSTEM to have perms on the
file and ran into the second problem.
------------------------------------
Problem2: Successful RSA authentication is ignored?
To make a long story short, after the thread running the PubKey PAM auths
the user, the next message is an auth failure
Client:
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/administrator/.ssh/identity
debug3: no such identity: /home/administrator/.ssh/identity
debug1: try privkey: /home/administrator/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
Server:
debug1: userauth-request for user administrator service ssh-connection
method publickey.
debug1: attempt 1 failures 1.
debug2: input_userauth_request: try method publickey.
debug3: mm_key_allowed entering.
debug3: mm_request_send entering: type 20.
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED.
debug3: mm_request_receive_expect entering: type 21.
debug3: mm_request_receive entering.
debug3: monitor_read: checking request 20.
debug3: mm_answer_keyallowed entering.
debug3: mm_answer_keyallowed: key_from_blob: 0x100b3a78.
debug1: temporarily_use_uid: 500/513 (e=18).
debug1: trying public key file /home/Administrator/.ssh/authorized_keys.
debug1: matching key found: file /home/Administrator/.ssh/authorized_keys,
line 1.
Found matching RSA key: eb:36:79:4c:fa:63:b4:41:96:7d:07:7d:ff:d0:7b:2f.
debug1: restore_uid.
debug3: mm_answer_keyallowed: key 0x100b3a78 is allowed.
debug3: mm_request_send entering: type 21.
debug3: mm_request_receive entering.
debug3: mm_key_verify entering.
debug3: mm_request_send entering: type 22.
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY.
debug3: mm_request_receive_expect entering: type 23.
debug3: mm_request_receive entering.
debug3: monitor_read: checking request 22.
debug1: ssh_rsa_verify: signature correct.
debug3: mm_answer_keyverify: key 0x100b3a78 signature verified.
debug3: mm_request_send entering: type 23.
Accepted publickey for administrator from 171.64.x.x port 2373 ssh2.
debug1: monitor_child_preauth: administrator has been authenticated by
privileged process.
debug3: mm_get_keystate: Waiting for new keys.
debug3: mm_request_receive_expect entering: type 24.
debug3: mm_request_receive entering.
debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa.
Failed publickey for administrator from 171.64.x.x port 2373 ssh2.
-Ross Wilper
Stanford University
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -