Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Subject:	RE: Connection closed message when trying to connect with sftp using public key authentication to OpenSSH 3.7.1p2 on Windows 2003 Server
MIME-Version:	1.0
Date:	Fri, 24 Jun 2005 15:45:35 +0100
Message-ID:	<34D62E65D54FDF49B7B4DDDC87BF2F2A482F79@hera.internal.metron.co.uk>
From:	"Des Atkinson" <Des AT metron DOT co DOT uk>
To:	"Cygwin List" <cygwin AT cygwin DOT com>
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id j5OEhs2r008582

I have downloaded and tested 4.1p1-1 and all is now working just fine.
The key lessons for me were:

1. Yes, use privilege separation as that seems to work just fine. It
creates a user called sshd to run the non-privileged operations.
2. If you want to use a pre-existing user to own the sshd service,
ensure that it has the following privileges:

* Adjust memory quotas for a process
* Create a token object
* Logon as a service
* Replace a process level token

These privileges should be set using the "Domain Controller Security
Settings" utility (go to Local Policies -> User Rights Assignment). 

The user must also have Administrator rights on the server. It should
also have ownership of the following files:

/etc/ssh_host*
/var/empty

Many thanks for your help.


-----Original Message-----
From: Larry Hall [mailto:lh-no-personal-replies-please AT cygwin DOT com] 
Sent: 15 June 2005 15:51
To: Cygwin List; Des Atkinson; cygwin AT cygwin DOT com
Subject: Re: Connection closed message when trying to connect with sftp
using public key authentication to OpenSSH 3.7.1p2 on Windows 2003
Server

At 10:39 AM 6/15/2005, you wrote:
>At 10:14 AM 6/15/2005, you wrote:
>>I have been trying to connect to OpenSSH on my Windows 2003 Server
system using public key authentication. I have tried using both sftp and
ssh. In both cases the verbose output shows that the authentication
succeeded okay, but the session itself just seems to die with an "Exit
status 255" message (followed by "Connection closed" for sftp).
>>
>
>
><snip>
>
>
>>Is there some additional configuration I need to attempt on my server
to make this all work? I am running the CYGWIN sshd service under the
Local System account on the server. 
>
>
>The Local System account does not have the permissions necessary to
permit
>pubkey authentication to work on W2K3.  Did you install with
ssh-host-config
>and ssh-user-config?  ssh-host-config will ask you if you want to
create the 
>"sshd_server" user that will have the proper permissions to permit
pubkey 
>authentication.  See 'usr/share/doc/Cygwin/openssh.README' for more
details.

I should also point out that OpenSSH 3.7.1p2 is very old now.  The
current 
version is 4.1p1-1.  It may be that ssh-host-config doesn't have the
option 
to create the "sshd_server" user in that version.  I don't remember.  If
it
does not, all the more reason to upgrade. ;-)

> 

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -