Mail Archives: cygwin/2011/05/26/11:10:49

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2011/05/26/11:10:49

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-0.7 required=5.0 tests=AWL,BAYES_40,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,T_TO_NO_BRKTS_FREEMAIL

X-Spam-Check-By: sourceware.org

MIME-Version: 1.0

Date: Thu, 26 May 2011 11:10:26 -0400

Message-ID: <BANLkTin6j6AVD6Q3-W2pwA8GU-VbcfhY2A@mail.gmail.com>

Subject: Troubleshooting SSH connection as SYSTEM user.

From: Matthew Leonhardt <matthew DOT leonhardt AT gmail DOT com>

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Hello all,

I'm trying to install a service to keep some SSH tunnels alive using
the following script:

$ cat ssh_tunnel.exe
#!/usr/bin/bash
while :
do
  /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:139 \
    | grep LISTENING > /dev/null
  if (( $? )); then
    /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \
      -L 192.168.0.1:139:127.0.0.1:139 -N remote_user AT remote DOT host 2>&1 &
  fi
  /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:3306 \
    | grep LISTENING > /dev/null
  if (( $? )); then
    /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \
      -L 192.168.0.1:3306:127.0.0.1:3306 -N remote_user AT remote DOT host 2>&1 &
  fi
  sleep 300
done

The script works fine at the command line, but fails when running as a
service.  My vain attempt to gather info (-v -v -v) only yields:

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).

in the service log (all three lines for each instance of an ssh command).

SYSTEM should have access to id_rsa:

$ getfacl id_rsa
# file: id_rsa
# owner: user
# group: Domain Users
user::rw-
group::---
group:SYSTEM:r--
mask:rwx
other:---

$ ls -l id_rsa
-rw-------+ 1 user Domain Users 1679 Dec 13 13:40 id_rsa

But, id_rsa was generated as "user", not as "SYSTEM," so I'm wondering
if SYSTEM needs it's own private RSA key, and how one would go about
generating one, since I don't seem to be able to su to the SYSTEM
user.

I appreciate any help anyone can offer.

-Matt

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-0.7 required=5.0 tests=AWL,BAYES_40,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By:	sourceware.org
MIME-Version:	1.0
Date:	Thu, 26 May 2011 11:10:26 -0400
Message-ID:	<BANLkTin6j6AVD6Q3-W2pwA8GU-VbcfhY2A@mail.gmail.com>
Subject:	Troubleshooting SSH connection as SYSTEM user.
From:	Matthew Leonhardt <matthew DOT leonhardt AT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com