delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/12/13/16:19:32

X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Brian Kasper <kasper AT aero DOT org>
Subject: "/bin/bash: permission denied" using Cygwin ssh/sshd under WinXP 2003 x64: resolved
Date: Wed, 13 Dec 2006 13:18:50 -0800
Lines: 51
Message-ID: <elpqnt$cea$1@sea.gmane.org>
Mime-Version: 1.0
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

I've been having terrible problems getting Cygwin ssh/sshd to work under 
the x64 version of WinXP 2003 SP1.  The basic symptom has been that if I 
ran sshd as a service, I was unable to run any executables during the 
ssh login procedure.  This included bash.exe, so my attempts to ssh into 
localhost have looked like this:

C:\cygwin\etc>ssh localhost
kasper AT localhost's password:
Last login: Tue Nov 14 12:09:47 2006 from 127.0.0.1
Fanfare!!!
You are successfully logged in to this server!!!
/bin/bash: Permission denied
Connection to localhost closed.

This happened with any executable I tried to use as my shell.

If, however, I ran sshd from a bash prompt, I could log in without 
problems.  After much Googling, reading of the gmane.os.cygwin archives, 
and posting a few messages to the newsgroup (thanks to those who 
replied!), I was still completely befuddled.  Today, while trying random 
things, I tried running sshd from a bash prompt that I'd started as 
another user (Administrator, in this case) and then ssh'ing to localhost 
as kasper -- and I was unable to log in.

The failure involved a "permission denied" error when sshd tried to run 
the "seteuid" command.  I surmised that the problems I'd been seeing 
might stem from the fact that the user running sshd is "sshd_server" and 
the user logging in via ssh is "kasper".

I then tried to start a bash prompt as user sshd_server to test further, 
and I was informed that this user didn't have this right on my system. 
Looking at "Local Security Settings" in the Local Security Policy 
control panel (under "Settings..Administrative Tools"), I discovered 
that while sshd_server is in the Users group, and Users is granted the 
"Allow log on locally" right, the sshd_server user is also listed under 
"Deny log on locally".

I removed sshd_server from the "Deny log on locally" list, and was then 
able to start a bash session as sshd_server.  Starting sshd from this 
bash session, I was then able to ssh to localhost as kasper.

Because I'd mucked about with a few things and wanted to make sure ssh 
would still work under "vanilla" conditions, I then rebooted my system. 
  After the reboot cycle, ssh to localhost or to the hostname of my 
system still worked.

The only odd thing is that the ssh authentication prompt is now "Enter 
passphrase for key '/home/kasper/.ssh/id_rsa':" instead of 
"kasper AT localhost's password:", but I don't *think* that's too big a deal.

-B


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019