Mail Archives: cygwin/2008/12/16/07:47:49

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2008/12/16/07:47:49

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-1.4 required=5.0 tests=AWL,BAYES_00

X-Spam-Check-By: sourceware.org

Date: Tue, 16 Dec 2008 10:00:20 +0000 (GMT)

From: Paul Keeble <csuml AT yahoo DOT co DOT uk>

Reply-To: csuml AT yahoo DOT co DOT uk

Subject: Re: ssh-host-setup is adding user to Deny Terminal Services login

To: cygwin AT cygwin DOT com

MIME-Version: 1.0

Message-ID: <914651.63291.qm@web25501.mail.ukl.yahoo.com>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id mBGClmd7014365

> > The user who runs the ssh-host-setup command is being denied terminal
> > services login, which when you are running the setup over terminal
> > services is a bit of a worry! I don't get kicked off the moment it
> > happens but it needs manually correctly before log out or access to
> > the box remotely will be lost.

> The script denies access to the user running the service, not the user
> running ssh-host-config.  Hopefully you don't use the service starter
> account for normal logon purposes.

Alas I don't know of any other way to get what I need done. In order to support an automated system login we use an SSH key based login rather than passwords. This unfortunately means that there is no "real" login, the user does not have access to the network drives and that is kind of essential for what we are doing. The only workaround I have found is to have privelege separation off and have the sshd service be the same user as the login. That way the priveleges are passed to the logged in shell and it works. The only time the password is necessary is when the install is done or the password is changed. The remaining problem is terminal services being disabled, which although undoable is a bit of a pain to do across hundreds of machines.

If there is another way to get key based logins and network access (real logins) working then that would be great to know about. Otherwise a way to workaround to stop ssh-host-config from disabling terminal services for that user would also be useful.




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.4 required=5.0 tests=AWL,BAYES_00
X-Spam-Check-By:	sourceware.org
Date:	Tue, 16 Dec 2008 10:00:20 +0000 (GMT)
From:	Paul Keeble <csuml AT yahoo DOT co DOT uk>
Reply-To:	csuml AT yahoo DOT co DOT uk
Subject:	Re: ssh-host-setup is adding user to Deny Terminal Services login
To:	cygwin AT cygwin DOT com
MIME-Version:	1.0
Message-ID:	<914651.63291.qm@web25501.mail.ukl.yahoo.com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id mBGClmd7014365