X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-0.4 required=5.0 tests=AWL,BAYES_50,J_CHICKENPOX_83,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By:	sourceware.org
MIME-Version:	1.0
In-Reply-To:	<4A129D81.5010801@gmail.com>
References:	<4A0CEE5B DOT 6060301 AT gmail DOT com> <4A10C051 DOT 3050401 AT gmail DOT com> <4A129310 DOT 9070502 AT gmail DOT com> <guu5d4$hgv$1 AT ger DOT gmane DOT org> <4A129D81 DOT 5010801 AT gmail DOT com>
Date:	Tue, 19 May 2009 12:55:14 -0400
Message-ID:	<941a6680905190955y33d3cbebrdf5201fe12585bc2@mail.gmail.com>
Subject:	Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
From:	Patrick Aikens <paikens AT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

I can log in using a password for any user who is a member of the
Administrators group. Many of the guides I've seen on installing
OpenSSH on windows (especially 2003 server) have you add new users to
the Admin group, so this seems to be a common necessity.  If this is a
known restriction?  If so, I'll go ahead and stick to allowing
key-based authentication only.

On Tue, May 19, 2009 at 7:52 AM, Patrick Aikens <paikens AT gmail DOT com> wrote:
> Thorsten Kampe wrote:
>> * Patrick Aikens (Tue, 19 May 2009 07:08:00 -0400)
>>> Patrick Aikens wrote:
>>>> Patrick Aikens wrote:
>>>>> I've installed cygwin 1.5 on my WHS box as Administrator. I've
>>>>> opened a cygwin terminal and executed the mkpasswd -l > /etc/passwd
>>>>> and mkgroup -l > /etc/group commands, executed ssh-host-setup and
>>>>> used privilege separation, and everything seems to have executed
>>>>> OK. I can ssh to that machine as Administrator just fine using
>>>>> password auth. However, I can't ssh in as any other user on that
>>>>> machine using password authentication - I get told that the
>>>>> password is incorrect, which I know it isn't. I can use key-based
>>>>> auth to login as any user, so I do have a workaround, but I'm
>>>>> curious as to why no user but Administrator can use password auth
>>>>> to log in? I've logged in via remote desktop as the user I wish to
>>>>> SSH as and ran ssh-user-config as that user (that's how I got the
>>>>> key-based login working). I haven't done that as Administrator,
>>>>> though, and it still lets me log in just fine there.
>>>>>
>>>>> Sorry if this is a bit rambling, but I've been working on this
>>>>> problem for a while and it's getting late where I am...
>>>>> cygcheck.out is attached.
>>>> So, is this expected behavior then? Is it only possible to log in as
>>>> the user that installed the server using password authentication?
>>> Is 1.5 not supported anymore? I only see 1.7 questions getting
>>> answered, and nobody even tells me to get lost in 4 days... I
>>> apologize if I've violated some sort of mailing list rule with my ssh
>>> question, I thought I had fulfilled all the requirements of asking a
>>> question (including the cygcheck output), but it was late.
>>
>> I don't think cygcheck will help in this case. Run ssh with -v's and
>> sshd with -d's. Check the application eventlog and /var/log/...
>>
>> Thorsten
>>
>>
>> --
>> Unsubscribe info: =A0 =A0 =A0http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports: =A0 =A0 =A0 http://cygwin.com/problems.html
>> Documentation: =A0 =A0 =A0 =A0 http://cygwin.com/docs.html
>> FAQ: =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 http://cygwin.com/faq/
>>
>
>
> /var/log/sshd.log is empty
>
> Attached is output from ssh -v to the server from my desktop and output
> from 'ls -l /var/log' on the server... I'll try running sshd with -d as
> soon as I can and provide that output. =A0It might be later, but maybe
> something will jump out at someone with only this data.
>
> Thanks for the reply... this being a home server, it's important to me
> that all the user accounts get ssh access. =A0Up until now, I've only
> needed to set up single user ssh access to my home Windows machines.
>
> total 584
> -rw-r--r-- =A01 SYSTEM =A0 =A0 =A0 =A0Administrators =A0 =A0 =A00 May 14 =
22:55 cygserver.log
> ----------+ 1 cyg_server =A0 =A0Administrators 282348 May 19 07:42 lastlog
> -rw-r--r-- =A01 duckpuppy =A0 =A0 None =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A00 M=
ay 19 =A02009 ls.txt
> ----rwx---+ 1 Administrator Users =A0 =A0 =A0 =A0 =A0 20514 May 14 17:12 =
setup.log
> ----rwx---+ 1 Administrator Users =A0 =A0 =A0 =A0 =A0440712 May 14 17:12 =
setup.log.full
> -rw-r--r-- =A01 cyg_server =A0 =A0None =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A00 M=
ay 14 17:24 sshd.log
>
> Script started on Tue May 19 07:40:05 2009
> =A0[32;1m[~/.ssh]$ =A0[0mssh -v speedforce
> OpenSSH_5.1p1, OpenSSL 0.9.8k 25 Mar 2009
> debug1: Reading configuration data /etc/ssh_config
>
> debug1: Connecting to speedforce [192.168.1.2] port 22.
>
> debug1: Connection established.
>
> debug1: identity file /home/DuckPuppy/.ssh/identity type -1
>
> debug1: identity file /home/DuckPuppy/.ssh/id_rsa type 1
>
> debug1: identity file /home/DuckPuppy/.ssh/id_dsa type 2
>
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
>
> debug1: match: OpenSSH_5.1 pat OpenSSH*
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_5.1
>
> debug1: SSH2_MSG_KEXINIT sent
>
> debug1: SSH2_MSG_KEXINIT received
>
> debug1: kex: server->client aes128-cbc hmac-md5 none
>
> debug1: kex: client->server aes128-cbc hmac-md5 none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug1: Host 'speedforce' is known and matches the RSA host key.
>
> debug1: Found key in /home/DuckPuppy/.ssh/known_hosts:4
>
> debug1: ssh_rsa_verify: signature correct
>
> debug1: SSH2_MSG_NEWKEYS sent
>
> debug1: expecting SSH2_MSG_NEWKEYS
>
> debug1: SSH2_MSG_NEWKEYS received
>
> debug1: SSH2_MSG_SERVICE_REQUEST sent
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> debug1: Next authentication method: publickey
>
> debug1: Trying private key: /home/DuckPuppy/.ssh/identity
>
> debug1: Offering public key: /home/DuckPuppy/.ssh/id_rsa
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
>
> debug1: Offering public key: /home/DuckPuppy/.ssh/id_dsa
>
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> debug1: Next authentication method: keyboard-interactive
>
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> debug1: Next authentication method: password
>
> DuckPuppy AT speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> Permission denied, please try again.
>
> DuckPuppy AT speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> Permission denied, please try again.
>
> DuckPuppy AT speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-in=
teractive
>
> debug1: No more authentication methods to try.
>
> Permission denied (publickey,password,keyboard-interactive).
>
> =A0[32;1m[~/.ssh]$ =A0[0m
> =A0[32;1m[~/.ssh]$ =A0[0mexit
>
> Script done on Tue May 19 07:40:36 2009
>
>



--=20
SELECT * FROM users WHERE clue > 0

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -