delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2008/04/02/08:12:19

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
In-Reply-To: <006301c890e8$4fa2f070$2708a8c0@CAM.ARTIMI.COM>
References: <D06D8751-81CE-408B-931B-66DA714FE1CC AT von-campe DOT com> <47C4A0DB DOT 6020007 AT cygwin DOT com> <6ADC05D7-7602-4123-81EF-1DE06D26E91F AT von-campe DOT com> <D1627F08-4387-4C0A-94B2-5AFC6C1EA325 AT von-campe DOT com> <006301c890e8$4fa2f070$2708a8c0 AT CAM DOT ARTIMI DOT COM>
Mime-Version: 1.0 (Apple Message framework v753)
Message-Id: <FB6643AB-610F-46F7-B019-389E82E687C8@von-campe.com>
Cc: cygwin AT cygwin DOT com
From: Alfred von Campe <alfred AT von-campe DOT com>
Subject: Re: How do I run sshd as a particular user?
Date: Wed, 2 Apr 2008 09:11:48 -0400
To: Dave Korn <dave DOT korn AT artimi DOT com>
X-Mailer: Apple Mail (2.753)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

On Mar 28, 2008, at 11:28, Dave Korn wrote:
> Alfred von Campe wrote on 28 March 2008 12:30:
>
>> I have tried various ways to get the sshd service started as a domain
>> user (instead of the default local user "sshd_server") and can not
>> get it to work.  What is the correct syntax to specify a domain user
>> with cygrunsrv?  This is what I have tried:
>>
>>    cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN
>> sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip
>
>   That's the windows domain user syntax sure enough.  There aren't  
> any shell
> metacharacters in the password by any chance are there?

Nope, just upper and lowercase letters, numbers, and a dash.  I also  
ensured that the user had all the user rights as described in the  
openssh.README file (well, all except for Increase Quota, which for  
some reason was not defined on this system, and must not really be  
required since the sshd_server account also did not have that right  
and it is able to start the service).  The result is the same, the  
service starts and immediately stops.  There is nothing obvious in  
the logs.  I am not really a Windows person, so I've been working  
with one of our IT guys on this, but he is out today and I will be  
out tomorrow and Friday, so this will have to wait until next week.

Again, the problem I am trying to solve is to be able to kick off  
builds remotely and automatically on this Windows server.  To do  
this, we need password-less login, and to that end, we have exchanged  
ssh keys and have this working.  However, by exchanging ssh keys the  
user is never fully authenticated on the domain, so there is no  
access to network drives.  Is there any other way to have  
passwordless ssh access yet still be fully authenticated on the  
domain?  I thought starting the service as a domain user would  
accomplish this, but alas, I have not been able to do that.  So if  
there is any other way to achieve our goal, I'd be happy to try it.

Thanks,
Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019