Mail Archives: cygwin/2004/08/31/22:45:08
At 03:02 PM 8/31/2004, you wrote:
>If I add sshd_server to the Administrators group, I can auto logon via
>ssh (using authorized_keys). Even though this is supposed to happen via
>ssh-host-config.
From '/usr/share/doc/Cygwin/openssh.README':
2003 Server has a funny new feature. When starting services under SYSTEM
account, these services have nearly all user rights which SYSTEM holds...
except for the "Create a token object" right, which is needed to allow
public key authentication :-(
There's no way around this, except for creating a substitute account which
has the appropriate privileges. Basically, this account should be member
of the administrators group, plus it should have the following user rights:
Create a token object
Logon as a service
Replace a process level token
Increase Quota
The ssh-host-config script asks you, if it should create such an account,
called "sshd_server". If you say "no" here, you're on your own. Please
follow the instruction in ssh-host-config exactly if possible. Note that
ssh-user-config sets the permissions on 2003 Server machines dependent of
whether a sshd_server account exists or not.
So your 'sshd_server' user should be a member of the administrators group if
it's going to work. Did you use 'ssh-host-config' to create it in the first
place? Does rerunning it make it any better?
>But I still do not have access to /dev/st0, but if I disable auto-logon
>and type in my password, all works.
>
>The interesting thing is that the id command returns a different set of
>groups for me when I log on automatically or I specify the password.
>
>The uid and gid are the same, but the list of groups is different: For
>the automatic logon I only get Domain Admins and Users
>
>Any suggestions would be appreciated.
Beyond what I already suggested (below), which I still think is
valid/worthwhile advice, you might also review your '/etc/passwd'
and '/etc/group' too.
>Thanks.
>
>-----Original Message-----
>From: Larry Hall [mailto:blah blah blah]
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>
>
>Sent: Tuesday, August 31, 2004 12:36 PM
>To: Cary Lewis; blah AT blah DOT blah
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>
>Subject: RE: ssh - no access to /dev/st0
>
>At 12:24 PM 8/31/2004, you wrote:
>>The issue is that during command line execution of a tar command, sshd
>>has not set the environment properly, namely the mount points are not
>>there, so /dev/st0 does not exist, and the PATH variable does not point
>>to the correct cygwin files either.
>>
>>What might be causing this.
>>
>>It works fine with an interactive ssh session (providing auto logon is
>>not set up).
>>
>
>
>I think it's time to start over on this one too:
>
>>Problem reports: http://cygwin.com/problems.html
>
>
>You might want to run your server in debug mode and see if you can
>spot the problem here. My WAG is permissions problems on ~/.ssh and/or
>log files/directories and/or 'sshd' isn't running with all the
>permissions
>it needs. But that's just guessing. The debug output should help
>ferret
>out the real answer.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -