| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS,SPF_PASS |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | Andrew Ng <anng AT ptc DOT com> |
| Subject: | Re: 1.7.1: problem with public key authentication on domain accounts |
| Date: | Wed, 6 Jan 2010 12:35:30 +0000 (UTC) |
| Lines: | 40 |
| Message-ID: | <loom.20100106T132435-551@post.gmane.org> |
| References: | <18e742db1001041142j5322d164t2a83f2a3ef0138d4 AT mail DOT gmail DOT com> <loom DOT 20100105T001743-66 AT post DOT gmane DOT org> <4B427F97 DOT 6030806 AT cygwin DOT com> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes: > > On 01/04/2010 06:18 PM, Thomas Nisbach wrote: > > Bob Burger<burgerrg<at> gmail.com> writes: > > > >> > >> When I try to login to my cygwin 1.7.1 system using ssh and public key > >> authentication to my domain account, I get the error: > >> 3 [main] sshd 3128 C:\cygwin\usr\sbin\sshd.exe: *** fatal error > >> - could not load ws2_32, Win32 error 126 > >> > > For me I discovered that the problem seems to be in 'cygrunsrv' wrapping. > > If I stop the service (cygrunsrv -E sshd) and start the sshd on the command > > line (/usr/sbin/sshd) as administrative user, anything works fine. > > > > Any ideas? > > Are you using LSA? Have you read the security sections of the Users Guide? > <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview> > > > PS: I stopped Google Desktop (known as application from BLODA list), but this > > was not the problem. > > BLODA is often not removed from having an effect without uninstalling the > offending package. I can't say whether that's a requirement for Google > Desktop however. > I've also been seeing problems with sshd (and inetd) since upgrading to 1.7.1. From my investigations it does look to be something to do with launching via cygrunsrv. If I manually start sshd then everything seems to work fine. The one key thing that I've noticed is that some of the security privileges for the special user used to launch sshd via cygrunsrv don't appear to be available to sshd which I'm guessing is then causing problems with setuid. Could it be some kind of process create/fork security privilege inheritance problem? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |