delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/01/03/15:16:03

X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
Subject: RE: Using sshd on Windows 2000 with public keys
Date: Tue, 3 Jan 2006 15:15:50 -0500
Message-ID: <A272EB3E7DECD641A6A8854D6137872593343E@diopside.andmore.com>
From: "McCann, Brian" <bmccann AT andmore DOT com>
To: "Bakken, Luke" <Luke DOT Bakken AT getronics DOT com>, <cygwin AT cygwin DOT com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id k03KG2uM028793 

> -----Original Message-----
> From: Bakken, Luke [mailto:Luke DOT Bakken AT getronics DOT com] 
> Sent: Tuesday, January 03, 2006 14:43
> To: McCann, Brian
> Subject: RE: Using sshd on Windows 2000 with public keys
> 
> McCann, Brian wrote:
> > Hi all.  I've been fighting this for some time now, and I 
> can't find a
> > solid fix to make this work.  I'm running Cygwin under Windows 2000,
> > and I'm trying to setup ssh using key authentication.  The auth part
> > works fine, but when I try to run commands that require 
> rights inside
> > Windows, it fails (like iisreset).  I've discovered that I need to
> > have sshd run as another user, like Administrator or something, so I
> > did that by changing who the service runs as and setting file
> > permissions and ownerships accordingly, and that fixed the problem
> > for the Administrator account. But, when another user tries 
> to login,
> > it disconnects right away.  In the event log, I see "setreuid 1014:
> > Permission denied.". I've found the fix for Windows 2003, which
> > involves granting the user the service runs as the "Change a
> > process-level token" permission, but that does not exist under
> > Windows 2000.  I can't find a fix for this for 2000.  Is 
> there such a
> > thing?  Does anyone have any ideas that could help me out?
> > 
> > Thanks!
> > --Brian
> 
> 
> Rather than run sshd as someone other than SYSTEM, can you use the
> "runas" command to execute iisreset as another user?
> 
> 

Tried that, and failed.  It gave me:

runas /user:administrator iisreset
Enter password for administrator:RUNAS ERROR: Unable to accept input

I re-did the setup from soup to nuts with a new user to run sshd as, and
I can login as any users now...with keys or with passwords, but I'm back
to where I started, with the command returning:

"Access denied, you must be an administrator of the remote computer to
use this
command. Either have your account added to the administrator local group
of
the remote computer or to the domain administrator global group." .


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019