Mail Archives: cygwin/2009/07/19/23:45:28
Doug Lim wrote:
> Christopher Faylor wrote:
>> On Sun, Jul 19, 2009 at 08:50:47PM -0500, Doug Lim wrote:
>>
>>> After a bit more research on the problem, I found a discussion
>>> thread on the web discussing a similar problem from 2006. The
>>> difference is that the thread discusses scp connections dropping
>>> immediately after non-administrator authentication.
>>>
>>> http://winscp.net/forum/viewtopic.php?t=3782
>>>
>>> A response to a thread from March of this year indicates that
>>> copying all of the DLL files from cygwin\usr\bin to cygwin\usr\sbin
>>> as a workaround. I've copied the DLL files on my server per the
>>> workaround and now non-administrator users are able to use sftp.
>>>
>>> I've attached a copy of cygcheck.out from the server where this is
>>> happening.
>>>
>>
>> That sounds like a pretty <insert negative adjective here> workaround.
>>
>> Just setting the PATH to include cygwin's bin directory is likely to
>> work better. I know that someone in that thread said that they did that
>> already but I'm not convinced that they really knew what they were
>> doing.
>>
>> cgf
>>
>> --
>> Problem reports: http://cygwin.com/problems.html
>> FAQ: http://cygwin.com/faq/
>> Documentation: http://cygwin.com/docs.html
>> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>
>>
>>
>
> Except, cygwin\bin was already in the path as indicated in the
> cygcheck.out I attached. It doesn't explain why users belonging to the
> Local Administrators group would be able to maintain an SFTP
> connection while non-Administrators would get dropped immediately
> following authentication.
>
> I just reconfirmed. I left cygwin\bin in the path and took the DLLs
> back out of cygwin\usr\sbin. Non-Administrator users are again dropped
> immediately after authentication.
>
> Here's the sftp debug output with the DLLs removed from
> cygwin\usr\sbin on the server
>
> dlim AT vorlon ~ $ sftp -v <nonpriv-user>@<host>
> Connecting to <host>...
> OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to <host> [xx.xx.xx.xx] port 22.
> debug1: Connection established.
> debug1: identity file /home/dlim/.ssh/id_rsa type -1
> debug1: identity file /home/dlim/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
> debug1: match: OpenSSH_5.1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '<host>' is known and matches the RSA host key.
> debug1: Found key in /home/dlim/.ssh/known_hosts:21
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/dlim/.ssh/id_rsa
> debug1: Trying private key: /home/dlim/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: password
> <nonpriv-user>@<host>'s password:
> debug1: Authentication succeeded (password).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions AT openssh DOT com
> debug1: Entering interactive session.
> debug1: Sending subsystem: sftp
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: client_input_channel_req: channel 0 rtype eow AT openssh DOT com reply 0
> debug1: channel 0: free: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> Transferred: sent 1584, received 2104 bytes, in 1.6 seconds
> Bytes per second: sent 991.7, received 1317.2
> debug1: Exit status 128
> Connection closed
>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
>
More information about the problem. Having to copy all of the DLLs from
cygwin\bin to cygwin\usr\sbin is overkill. I started removing DLL copies
from cygwin\usr\sbin until non-admin users started getting dropped from
sftp after authentication. I was able to remove all of the DLLs except
cygwin1.dll. As soon as I removed cygwin1.dll from cygwin\usr\sbin
non-admin users started getting dropped from sftp sessions immediately
after authentication again.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -