Mail Archives: cygwin/2004/05/20/22:06:09
Hello,
I just noticed that I am also using this problem.
For example:
$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)
w: on /w type system (binmode,noumount)
z: on /z type system (binmode,noumount)
$ ssh rsiklos AT localhost
rsiklos AT localhost's password:
Last login: Thu May 20 22:00:01 2004 from localhost
You are successfully logged in to this server!!!
$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)
I have no idea why this is happening. I know I had it working with sshd on
win2k, but I'm running XP now. Other than the o/s change, and updating
cygwin every once in a while (including today), I haven't done anything
different. I just reinstalled cygwin from scratch (wanted to do it anyways)
and the problem is still there.
Anything I can do to to figure out what the problem is?
Thanks a million,
Rob.
----- Original Message -----
From: "Larry Hall" <cygwin-lh AT cygwin DOT com>
To: "Brindl Ronald" <rbrindl AT gmx DOT at>; <cygwin AT cygwin DOT com>
Sent: Wednesday, May 12, 2004 10:53 PM
Subject: Re: AW: Inaccessible remote volumes when logged in via ssh
> At 09:01 AM 5/11/2004, you wrote:
> >I am logging in using password (i already heard of troubles using
> >publickey, altough i can log in as normal user using public key)
> >The volume is mounted using the explorer menu (extra -> connect drive, i
> >dont know if thats correct because i have a german version), and it is
> >configured to mount automatically at startup.
>
>
> Well, something is wrong with your password authentication then because
> the behavior you're getting is exactly the same as with public key
> authentication.
>
>
> >I just tried to use "net use" in my ssh-session and noticed it doesnt
> >work (system error 1312)
> >It is the same case as in
> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
> >And in
> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
> >
> >And
> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
> >
> >It has something to do with user-privileges and that the sshd runs as
> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
> >not as user which logged in.
>
>
> No, that's not quite right. *If* you use password authentication when you
> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows
and
> have full access to whatever resource (including shares) Windows allows
you.
> *If* you use public key authentication, you can access any resource that
does
> not require Windows authentication (including public shares). Either way,
> you are running the 'ssh' session as the user you specify (or default to)
> for that session. Only 'sshd' runs as SYSTEM (by default). Running
'sshd'
> allows switching the user context from SYSTEM to the requested user for
> the 'ssh' session.
>
>
> >What i dont understand is, why it works when i log in locally via ssh
> >(ssh localhost -l bpc).
>
>
> It "works" because you're already authenticated with Windows on that
machine
> as the user you're shelling in as. So Windows knows this user and
therefore
> will provide access to the restricted resources.
>
>
> >It should also run as user system without
> >network-privileges.
>
>
> No that's incorrect.
>
>
> >I tried the following:
> >At <current-time + 1> /INTERACTIVE cmd
> >
> >Which should open a cmd-shell in one minute which runs as SYSTEM.
> >The shell opens and i also have no access to the network.
>
>
> That's expected.
>
>
> >So i tried to start the sshd service as user "sshd" (changed owner of
> >all files, adjusted the security policies etc). The service starts but
> >the strange result is, that i cant login with password anymore, only
> >with public key !!! And i still dont have acces to network .
> >When i do a ps -W -f i get:
> >
> > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv
> > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd
> > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe
> > bpc 1716 1680 1 14:11:46 /usr/bin/ps
> > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe
>
>
> Don't know why you tried this but as you can see, it doesn't buy you
> anything.
>
>
> >So i assume, the shell still run under SYSTEM account
>
>
> No. Now it would be run as user 'sshd', with whatever privileges the
'sshd'
> user has. By default, this user has no ability to switch user contexts so
> no matter who you log in as, you will always be 'sshd'.
>
>
> >Trying around with UsePrivilegeSeperation i had trouble starting the
> >service at all. (complained about wrong privileges of /var/empty)
>
>
> If you start changing the user that 'sshd' runs as, you're going to need
> to be careful about resetting file ownership on many files and directories
> that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as
> any user other than SYSTEM (unless you're running on W2K3 - see the
openssh
> README for details on running on that platform). At this point, you're
> probably best off removing 'openssh' from your system, cleaning up any
> leftover files, and reinstalling, using the install scripts and directions
> provided with the package. If you're still have problems, we need to know
> the steps you took, any messages you got, log files generated,
configuration
> file settings, etc. But keep in mind you can find out allot about what
> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
> on. See the man pages for details.
>
>
>
> --
> Larry Hall http://www.rfk.com
> RFK Partners, Inc. (508) 893-9779 - RFK Office
> 838 Washington Street (508) 893-9889 - FAX
> Holliston, MA 01746
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -