Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-Id:	<5.2.0.9.2.20030204135959.01b8f160@127.0.0.1>
X-Sender:	(Unverified)
Date:	Wed, 05 Feb 2003 12:15:43 -0800
To:	"Igor Pechtchanski" <pechtcha AT cs DOT nyu DOT edu>
From:	Marc Bejarano <beej AT alum DOT mit DOT edu>
Subject:	Re: sshd can't do publickey auth with .ssh linked to
	/cygdrive/c/rest/of/path
Cc:	cygwin AT cygwin DOT com
In-Reply-To:	<Pine.GSO.4.44.0302041434240.24195-100000@slinky.cs.nyu.edu
	>
References:	<5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030204105352 DOT 034ad8d0 AT 127 DOT 0 DOT 0 DOT 1>
Mime-Version:	1.0

i'm still not subscribed to this list so i would be grateful if i could be 
left on the cc: line of this thread.

igor: thanks for you help.  i appreciate you working through this with me :)

At 12:03 PM 2/4/2003, Igor Pechtchanski wrote:
 >On Tue, 4 Feb 2003, Marc Bejarano wrote:
 >> At 04:26 PM 2/3/2003, Igor Pechtchanski wrote:
 >>  >On Mon, 3 Feb 2003, Marc Bejarano wrote:
 >>  >> i tried to link my ~/.ssh to "/cygdrive/c/Documents and
 >>  >> Settings/<username>/Application Data/Van Dyke Technologies/SecureCRT/"
 >>  >> because i thought it was the most straight-forward way to share my
 >identity
 >>  >> files.  this breaks incoming publickey auth to cygwin openssh sshd.
 >>
 >>  >> Authentication refused: bad ownership or modes for directory 
/cygdrive/c
 >>
 >>  >> d---------   15 65535    65535           0 Feb  3 04:11 /cygdrive/c/
 >>
 >>  >> so my question: is there a way to make this work?  can i change the
 >>  >> mode/ownership bits on a /cygdrive mountpoint?  or can i tell the 
sshd to
 >>  >> be less security-conscious?

 >> sshd thinks /cygdrive/c
 >> is a directory.  it is worried about the modes of the dir,
 >> itself.  unfortunately, even when i'm logged in as user Administrator, i
 >> can't seem to make any changes to it:
 >> [Administrator AT beej-lap]/:{1}:$ chmod 755 /cygdrive/c
 >> chmod: changing permissions of `/cygdrive/c': Permission denied
 >>
 >> and on the windoze side of things, i don't know how to set permissions for
 >> a drive.

 >Looks like Administrator is not the owner of that directory (and it is a
 >directory, namely 'C:\').
 >
 >Sorry, mea culpa.  I have a guess that the owner of 'C:\' is not
 >Administrator, but rather the Administrators group (which Windows treats
 >as a user).  Please try regenerating /etc/passwd using
 >
 >$ mkpasswd -l -g > /etc/passwd
 >
 >(this will also add local groups as users to /etc/passwd) and post the
 >output of 'ls -ld /cygdrive/c' again.

still no dice:
d---------   15 65535    65535           0 Feb  4 04:49 /cygdrive/c/

 >There's nothing magical about it...

 >Once
 >you see the correct owner/group names for the relevant directories, you
 >can start tackling your sshd problem.

ok.  no magic. :)  but i'm still mystified, here.

 >P.S. As long as your user has appropriate privileges, you should be able
 >to change permissions with Cygwin tools (chown, chmod) just as easily as
 >with Windows tools.

that's what i was hoping.

 >FYI, however, to change Windows permissions,
 >right-click on the directory name in Explorer and select Properties ->
 >Security -> Advanced.

ahh.. that was what i should have done all along.  i was looking in the 
wrong place, so thought that there was no ownership for the root directory 
of a drive in windows.  obviously i should lay off the hard drugs ;)

 >Once there, the Owner tab will show you the current
 >owner, and the Permissions tab will let you change permissions.

righto.  i didn't get as far as checking the owner tab before being tempted 
to make changes on the permissions tab.  i didn't see "Full Control" for my 
username, so i clicked on "Add" and gave my local user "Full Control" and 
told it to "Apply onto: This folder and files".  it took forever to 
complete what it was doing, but now cygwin can grok the perms:
drwxrwxr-x+  15 Administ SYSTEM          0 Feb  4 04:49 /cygdrive/c/

and now that i finally check the owner tab, i see that the owner is indeed 
the Adminstrators group.  since i gave by username "Full Control", i could 
change ownership to my username, so i did.  i then had:
drwxrwxr-x+  15 <user>   SYSTEM          0 Feb  5 11:33 /cygdrive/c/

still no dice :(  so i did a "chmod g-w /cygdrive/c" and then had:
drwxr-xr-x+  15 <user>   SYSTEM          0 Feb  5 11:33 /cygdrive/c/

new error:
Authentication refused: bad ownership or modes for directory /

perms:
drwxrwxr-x+  10 Administ Administ        0 Feb  4 13:58 //

ok.  that's ridiculous.  i'm not changing the owner of / just so it'll be 
more convenient to share the default key directory that scrt uses.

the real problem is that openssh checks ownership and modes up the tree 
from the authorized_keys2 file until it hits your home dir.  since my home 
dir is under /home, it never hits that.

one trick that was immensely helpful was to install a separate sshd service 
for use in debugging.  i did:
cygrunsrv -I sshdtest -t manual -o -p /usr/sbin/sshd -a "-d -d -d -e -p 222"

this allowed me to "tail -f /var/log/sshdtest.log" and see what was going 
on.  my normal sshd service logs to the windoze event log which is much 
less friendly to read.

oh well... at least i learned a thing or two along the way.  i'm back to 
just having a real .ssh dir and copying key files around between the 
windoze world and the cygwin world.

thanks, again!
marc


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -