Mail Archives: cygwin/2011/05/26/17:46:41
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-SWARE-Spam-Status: | No, hits=3.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,T_TO_NO_BRKTS_FREEMAIL
|
| X-Spam-Check-By: | sourceware.org
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <4DDEBC7A.5050009@cygwin.com>
|
| References: | <BANLkTin6j6AVD6Q3-W2pwA8GU-VbcfhY2A AT mail DOT gmail DOT com> <4DDEBC7A DOT 5050009 AT cygwin DOT com>
|
| Date: | Thu, 26 May 2011 17:46:21 -0400
|
| Message-ID: | <BANLkTikOGjSk4za_StueUybzjr+gXQjvrg@mail.gmail.com>
|
| Subject: | Re: Troubleshooting SSH connection as SYSTEM user.
|
| From: | Matthew Leonhardt <matthew DOT leonhardt AT gmail DOT com>
|
| To: | cygwin AT cygwin DOT com
|
| X-IsSubscribed: | yes
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
On Thu, May 26, 2011 at 4:47 PM, Larry Hall (Cygwin) wrote:
> On 5/26/2011 11:10 AM, Matthew Leonhardt wrote:
>>
>> Hello all,
>>
>> I'm trying to install a service to keep some SSH tunnels alive using
>> the following script:
>>
>> $ cat ssh_tunnel.exe
>> #!/usr/bin/bash
>> while :
>> do
>> =A0 /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:139 \
>> =A0 =A0 | grep LISTENING> =A0/dev/null
>> =A0 if (( $? )); then
>> =A0 =A0 /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \
>> =A0 =A0 =A0 -L 192.168.0.1:139:127.0.0.1:139 -N remote_user AT remote DOT host =
2>&1&
>> =A0 fi
>> =A0 /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:3306 \
>> =A0 =A0 | grep LISTENING> =A0/dev/null
>> =A0 if (( $? )); then
>> =A0 =A0 /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \
>> =A0 =A0 =A0 -L 192.168.0.1:3306:127.0.0.1:3306 -N remote_user AT remote DOT hos=
t 2>&1&
>> =A0 fi
>> =A0 sleep 300
>> done
>>
>> The script works fine at the command line, but fails when running as a
>> service. =A0My vain attempt to gather info (-v -v -v) only yields:
>>
>> Permission denied, please try again.
>> Permission denied, please try again.
>> Permission denied (publickey,gssapi-with-mic,password).
>>
>> in the service log (all three lines for each instance of an ssh command).
>>
>> SYSTEM should have access to id_rsa:
>>
>> $ getfacl id_rsa
>> # file: id_rsa
>> # owner: user
>> # group: Domain Users
>> user::rw-
>> group::---
>> group:SYSTEM:r--
>> mask:rwx
>> other:---
>>
>> $ ls -l id_rsa
>> -rw-------+ 1 user Domain Users 1679 Dec 13 13:40 id_rsa
>>
>> But, id_rsa was generated as "user", not as "SYSTEM," so I'm wondering
>> if SYSTEM needs it's own private RSA key, and how one would go about
>> generating one, since I don't seem to be able to su to the SYSTEM
>> user.
>
> Correct. =A0What you propose could be a work-around for your case. =A0Che=
ck
> out the link below for how to create a SYSTEM-owned shell that you can
> then experiment with.
>
> <http://cygwin.com/ml/cygwin/2004-08/msg01132.html>
Brilliant! That's exactly what I was looking for and it totally did
the trick. TY!
FWIW, I had to modify the shortcut to use full paths to the date and
sleep commands.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -