Mail Archives: cygwin/2003/09/17/12:41:04
Following Mark J de Jong 's step by step howto (see end of mail for some
add-ons), I can now effectively log in with pkey method (that is, no
password) using the 'administrator' user name.
'whoami' returns 'administrator', however asking for a command such as
IISRESET returns the error 'you are not a local administrator of this
machine...', which means the rights management has failed somewhere.
What shall I do to be able tu run IISreset from ssh pkey under
administrator ?
note : suing to 'administrator' returns 'wrong password' after correct
pass input, and loging via sshd with the 'local system sshd' method
acknowledges the administrator to execute IISRESET..
that's why I wonder if adding the 'create token' n co stuff to the user
SYSTEM wouldn't help, but I feel this is not a right thing to do ...
> Hello,
> I've looked and couldn't find decent docs on this so for those of you
> who are lookin', this is a quick howto on how to setup the
> Cygwin/OpenSSH daemon on M$ Windows 2003. This will fix the passwordless
> (ssh key) login issue.
>
> 1. Install Cygwin with the openssh binaries....
add the c:\cygwin\bin to the path
add cygwin=ntsec tty environment variable
>
> 2. After completing the Cygwin setup, goto the cygwin command prompt and
> type 'ssh-host-config'
> 3. Answer 'y' when asked if you want to sshd with privilege separation.
> 4. Answer 'y' when asked if user sshd should be created by the script.
> 5. Answer 'y' when asked if you want sshd to be created as a service.
> 6. Create a new windows user named "sshdproc" or whatever you wish the
> sshd process account username to be. If you happen to notice the sshd
> user being disabled, don't enable it!
> 7. Place the sshdproc user in the "Administrators" group.
> 8. Give the sshdproc user the following system rights:
> * Create a token object
> * Log on as a service
> * Replace a process level token
>
> And for security.....
> * Deny log on locally
> * Deny access to this computer from the network
>
> 9. Reconfigure the "CYGWIN sshd service" to run as the new "sshdproc"
> user.
> 10. At the cygwin command prompt type 'mkpasswd -l |grep sshdproc >>
> /etc/passwd <enter>'
> 11. Type 'touch /var/log/sshd.log <enter>'
> 12. Type 'chmod 644 /var/log/sshd.log <enter>'
> 11. Type 'chown sshdproc /var/empty /var/log/sshd.log /etc/ssh_*
> <enter>'
> 12. Type 'cygrunsrv --start sshd <enter>'
also ssh-user-config
>
> That should be it.. Hope this helps!
it helps, but not enough :)
>
>
> Best,
> Mark J. de Jong
>
>
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -