Mail Archives: cygwin/2015/01/05/01:35:35

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/01/05/01:35:35

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:reply-to:message-id:to:subject

:in-reply-to:references:mime-version:content-type

:content-transfer-encoding; q=dns; s=default; b=yDYiblKb0lRJfkSd

pJ6Vr5v8JLvxI5QU9sKDyyCp0Ucq9v42g7JcGlPtfJ57fN+j56uyG9z2VWYFUXxG

h5gm7jNTPgapNw2N6Jo6WWbagm3zPzOzMYACExJNhE09+6BA4hgJ/x633YNBenuI

H1s3qz1QhS6/8aJCmjz5WCLWVOw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:reply-to:message-id:to:subject

:in-reply-to:references:mime-version:content-type

:content-transfer-encoding; s=default; bh=SdSJKb+lPxEbW0zXF5HyYO

uvdxg=; b=o5JdG1847SbGaEK1aFhzZXDRYHyQraZrnKp3qRs2gf1opk99c6gFKn

x8s56kkc/OTb2iZWW8cLJJtaDgyUzQot9uvt+w1I28HYONCIcHeVG3+qv7UmpP8i

sdCgFxRCNqHYtO8u4SLbVO6yqPMK/PdFoIRORm7p3Cs2xOWJGI9Kw=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=1.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_BODY_URIBL_PCCC,KAM_FROM_URIBL_PCCC,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2

X-HELO: smtp.ht-systems.ru

Date: Mon, 5 Jan 2015 08:25:51 +0300

From: Andrey Repin <anrdaemon AT yandex DOT ru>

Reply-To: cygwin AT cygwin DOT com

Message-ID: <516597488.20150105082551@yandex.ru>

To: "The Sec Maestro" <thesecmaestro AT gmail DOT com>, cygwin AT cygwin DOT com

Subject: Re: SSH login to cygwin sshd (6.7p1-1) fails with error seteuid1000: Operation not permitted when ~/.ssh/id_rsa keys available on client

In-Reply-To: <009801d028a4$b3921fb0$1ab65f10$@com>

References: <009801d028a4$b3921fb0$1ab65f10$@com>

MIME-Version: 1.0

X-IsSubscribed: yes

Greetings, The Sec Maestro!

> SSH Login, using 'tester' account (in Adminstrators group) to the Cygwin
> sshd server fails from a client machine which has ~/.ssh/id_rsa keys
> available.

Check permissions on the ~/.ssh directory and subsequent files. ssh is VERY
picky about them.
Both standard POSIX and ACL permissions.
Use setfacl -b option if necessary to strip unwanted extra ACE's.

> Login from the same client, without the id_rsa keys is successful. SSH
> locally (on cygwin box) is also successful.

> Comparison of the sshd logs (debugging enabled) of a good vs failure login
> shows that when id_rsa is enabled on the client, the following in the
> failure case:  

> debug1: temporarily_use_uid: 1000/513 (e=18/544)
> seteuid 1000: Operation not permitted

> This seem to be related to a permission related problem, but cygcheck_output
> though shows the 'tester' user is member of Administrators group.

> What am I missing?


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 05.01.2015, <08:23>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=yDYiblKb0lRJfkSd
	pJ6Vr5v8JLvxI5QU9sKDyyCp0Ucq9v42g7JcGlPtfJ57fN+j56uyG9z2VWYFUXxG
	h5gm7jNTPgapNw2N6Jo6WWbagm3zPzOzMYACExJNhE09+6BA4hgJ/x633YNBenuI
	H1s3qz1QhS6/8aJCmjz5WCLWVOw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=SdSJKb+lPxEbW0zXF5HyYO
	uvdxg=; b=o5JdG1847SbGaEK1aFhzZXDRYHyQraZrnKp3qRs2gf1opk99c6gFKn
	x8s56kkc/OTb2iZWW8cLJJtaDgyUzQot9uvt+w1I28HYONCIcHeVG3+qv7UmpP8i
	sdCgFxRCNqHYtO8u4SLbVO6yqPMK/PdFoIRORm7p3Cs2xOWJGI9Kw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_BODY_URIBL_PCCC,KAM_FROM_URIBL_PCCC,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO:	smtp.ht-systems.ru
Date:	Mon, 5 Jan 2015 08:25:51 +0300
From:	Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To:	cygwin AT cygwin DOT com
Message-ID:	<516597488.20150105082551@yandex.ru>
To:	"The Sec Maestro" <thesecmaestro AT gmail DOT com>, cygwin AT cygwin DOT com
Subject:	Re: SSH login to cygwin sshd (6.7p1-1) fails with error seteuid1000: Operation not permitted when ~/.ssh/id_rsa keys available on client
In-Reply-To:	<009801d028a4$b3921fb0$1ab65f10$@com>
References:	<009801d028a4$b3921fb0$1ab65f10$@com>
MIME-Version:	1.0
X-IsSubscribed:	yes