delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2009/07/19/23:15:53

X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-0.5 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_83
X-Spam-Check-By: sourceware.org
Message-ID: <4A63E12B.4020205@tigroup-usa.com>
Date: Sun, 19 Jul 2009 22:14:51 -0500
From: Doug Lim <doug DOT lim AT tigroup-usa DOT com>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: OpenSSH - sftp not working for non-Administrator users
References: <4A6388BB DOT 1050904 AT tigroup-usa DOT com> <4A63CD77 DOT 5090700 AT tigroup-usa DOT com> <20090720023742 DOT GC15540 AT ednor DOT casa DOT cgf DOT cx>
In-Reply-To: <20090720023742.GC15540@ednor.casa.cgf.cx>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

Christopher Faylor wrote:
> On Sun, Jul 19, 2009 at 08:50:47PM -0500, Doug Lim wrote:
>   
>> After a bit more research on the problem, I found a discussion thread on 
>> the web discussing a similar problem from 2006. The difference is that 
>> the thread discusses scp connections dropping immediately after 
>> non-administrator authentication.
>>
>> http://winscp.net/forum/viewtopic.php?t=3782
>>
>> A response to a thread from March of this year indicates that copying 
>> all of the DLL files from cygwin\usr\bin to cygwin\usr\sbin as a 
>> workaround. I've copied the DLL files on my server per the workaround 
>> and now non-administrator users are able to use sftp.
>>
>> I've attached a copy of cygcheck.out from the server where this is 
>> happening.
>>     
>
> That sounds like a pretty <insert negative adjective here> workaround.
>
> Just setting the PATH to include cygwin's bin directory is likely to
> work better.  I know that someone in that thread said that they did that
> already but I'm not convinced that they really knew what they were
> doing.
>
> cgf
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
>
>   

Except, cygwin\bin was already in the path as indicated in the 
cygcheck.out I attached. It doesn't explain why users belonging to the 
Local Administrators group would be able to maintain an SFTP connection 
while non-Administrators would get dropped immediately following 
authentication.

I just reconfirmed. I left cygwin\bin in the path and took the DLLs back 
out of cygwin\usr\sbin. Non-Administrator users are again dropped 
immediately after authentication.

Here's the sftp debug output with the DLLs removed from cygwin\usr\sbin 
on the server

dlim AT vorlon ~ $ sftp -v <nonpriv-user>@<host>
Connecting to <host>...
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to <host> [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/dlim/.ssh/id_rsa type -1
debug1: identity file /home/dlim/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '<host>' is known and matches the RSA host key.
debug1: Found key in /home/dlim/.ssh/known_hosts:21
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/dlim/.ssh/id_rsa
debug1: Trying private key: /home/dlim/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: Next authentication method: password
<nonpriv-user>@<host>'s password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions AT openssh DOT com
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow AT openssh DOT com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 1584, received 2104 bytes, in 1.6 seconds
Bytes per second: sent 991.7, received 1317.2
debug1: Exit status 128
Connection closed


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019