Mail Archives: cygwin/2005/05/05/21:19:12
Hi All,
Thanks for the suggestions. They look like exactly what we need as we will
only require this for one user to run 3 commands. Two of them already work
as intended, it's just the 3rd that seems to rely on this token.
I have run into problems though, and it's most likely my ignorance. Is there
a document that explains the process of logging in as the user running the
service? I have attempted to login using the sshd_server user, but this
fails even after all the policies that deny it access in "Default Domain
Controller Security Policy" are removed.
These are:
> "Deny Access to this Computer from the network"
> "Deny logon locally"
These ones I left alone and then removed them when the above two didn't give
me results:
> "Replace a process level token"
> "Create a token object"
This I figured was essential and never modified it.
> "Log on as a service"
I do understand some of this may compromise security, but at this stage I am
not concerned as this will run in a trusted and firewalled environment.
I also can't run the service as administrator. Any attempts to change this
hang the service until the cygrunsrv process is killed. Any ideas on what I
am doing wrong? The administrator service is allowed to log on as a service
by default.
What exactly is the prerequisite for logging into a cygwin sshd server on
the user side? I have found that any new accounts I add to our active
directory don't seem to appear in /etc/passwd? Should they? Also, it seems
that only administrator accounts created prior to the cygwin install are
allowed a login to the server. Is this normal?
Thanks again for all your suggestions so far folks,
Stuart
-----Original Message-----
From: Igor Pechtchanski [mailto:pechtcha AT cs DOT nyu DOT edu]
Sent: Thursday, 5 May 2005 1:32 PM
To: Stuart Westbury
Cc: cygwin AT cygwin DOT com
Subject: RE: SSHD key based authentication hangs cscript
On Thu, 5 May 2005, Stuart Westbury wrote:
> Thanks for the prompt response Corinna.
>
> At least I now know.
>
> Can anybody suggest a way of doing this? Can the runas service be used
> to gain a new token or will it suffer the same problem? I have attempted
> to use it, but the results were unusual. It prompted me for a password
> and just drops me back to the shell without the opportunity to even
> enter one.
>
> On a similar note, can anyone who may have had this issue suggest any
> alternative way to run remote commands on a windows box from linux with
> some form of transparent authentication, or am I dreaming? :)
Well, if you only ever log in as one user, you can run sshd as that
particular user (maybe on a special port if you need a regular sshd daemon
as well). That way, even if public key auth is used, the token will be
valid. See the --user option to cygrunsrv.
If you need multiple users to log in, you can try to get runas to prompt
you for a password properly, but that may be tricky. Try playing with the
"tty" value in the CYGWIN variable (see
<http://cygwin.com/cygwin-ug-net/using-cygwinenv.html>).
HTH,
Igor
> [snip]
>
> -----Original Message-----
> From: cygwin-owner AT XXXXXX DOT XXX [mailto:cygwin-owner AT XXXXXX DOT XXX] On Behalf
Of Corinna Vinschen
> Sent: Wednesday, 4 May 2005 7:03 PM
> To: cygwin AT XXXXXX DOT XXX
> Subject: Re: SSHD key based authentication hangs cscript
Oh, and <http://cygwin.com/acronyms/#PCYMTNQREAIYR>. Thanks.
> On May 4 11:15, Stuart Westbury wrote:
> > "There are actually two problems here: 1) a problem with CygWin/OpenSSH
> > (after public key authentication GetUserName() returns incorrect
> > value)..........."
> >
> > Is this my problem?
>
> No, that's our problem. There's nothing we can do about it, I'm sorry.
> [snip]
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -