Mail Archives: cygwin/2015/03/11/16:57:22

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/03/11/16:57:22

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:date:message-id:subject:from:to

:content-type; q=dns; s=default; b=C7G2fCP5Iw9C53l/2GbHPQcITb34Z

XTA693oPRPB74VMOuYO3dkjGx9pvDZC2K/bmKuQ/IdZ0vKTaD8uXNtMHJ9SmTVBg

JwiccwAiNgpB4bGBHg844v+Ul/kZ2hemCfyj4Kkan9m2Gp6gVwz355OZdb3nP84u

6uv//+0chxbCNI=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:date:message-id:subject:from:to

:content-type; s=default; bh=V16lhZGD3a1li6NobjTUPsjIDBQ=; b=YGF

n5DAanIsXu50VVE/6LTe+4U0s0EUJQmdBONBOb4KyoBAbP0mKNjGcINPoJ1yaDBG

9aKoiv+x7HvqHO2fzwkm2bdiXUwQ+KxfbIlUTawiLR0ya2f3WzIh+vSAHJxwAGd/

267Tdrxcw1fTPR/yBSqxsk+FV5ejuVB07EOWbxSQ=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=1.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2

X-HELO: mail-wi0-f181.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=/0j+1bIiiEoIm+YwEhKZ8G5ncL0WDfimjFT00FHTMgs=; b=MWYCRBByqHGMpghHojWT9T3lX4qN9cR6Vv3ruNwktGR2nn04KSY4jk65CwjJtZ0LJ1 dtW0R6OAyY+5teMnkr7XKMdMvvBx0sLDLcFH4sCw2B5ananj3rC0h/aSJF4+YfYnPILR pYQtf5UyGDJwr7WJLFrpjAURwdxzaDpS5PKYMPzA2nhQ4SRZRYh34vlIACSrMQYKjCdD II+c5fnpAACXXDbmQfTNAGbDOsmhtPTc21xoQXX8naUfoubwuqy5n37xPRUpz/zeFbxJ H5vioFiYsfmQ0Y9ZKkiSV7kwNkSmWF32FqW+HhytWNt0Uj9ifA1e3/WeaSCDOgFOg/+f xgSA==

X-Gm-Message-State: ALoCoQnw+7mX2hfbBRV65xjxOECUcE7hhQnEC80hsXCX4j0qauOc1iILz9eZCFaCfhFHzIaVkrnP

MIME-Version: 1.0

X-Received: by 10.180.75.167 with SMTP id d7mr2432277wiw.63.1426107421674; Wed, 11 Mar 2015 13:57:01 -0700 (PDT)

Date: Wed, 11 Mar 2015 20:57:01 +0000

Message-ID: <CALTCyaSFWfcCvTbv5XVR4N6sEpuMrvy91EtGD1R0ACuArjAvdg@mail.gmail.com>

Subject: Local accounts can't login via ssh, but domain accounts can

From: Rodney Beede <cygwin AT rodneybeede DOT com>

To: cygwin AT cygwin DOT com

I am having an issue where domain accounts can login to my Cygwin
OpenSSH server, but local user accounts cannot.

I have tested on two separate computers with the following setup:
     Windows 7 64-bit (both Ultimate and Enterprise editions) w/SP1

     Cygwin -  setup-x86_64.exe setup-version 2.870 (64-bit)

     Cygwin version:   CYGWIN_NT-6.1 1.7.35(0.287/5/3) 2015-03-04 12:09

     OpenSSH_6.7p1, OpenSSL 1.0.1k 8 Jan 2015

I ran the following (as cygwin shell with Run as admin)
     ssh-host-config

         yes to StrictModes

         yes to privilege separation

         yes to local account sshd

         yes to install as service

         left blank value of CYGWIN

         no to different name

         yes to new privileged user account 'machine_name\cyg_server'

         Provided a password

         net start sshd

Verified I can login with a domain username and password no problem.

I create a local user account (not admin) and attempt to login.

Access denied.

"To many authentication failures for invalid user rodtest from
192.168.145.1 port 50338 ssh2"  (also seen in Windows event viewer).

I try changing the local user to be in the Administrators group.

Same error.

I use mkpasswd -l > /etc/passwd
I use mkgroup -l > /etc/group

Same issue.  Domain users can still login, but local user accounts cannot.

I also tried "fixing" the /etc/passwd and /etc/group ownership and
permissions so cyg_server owns them.   No change.

The local user can login to Windows via RDP.

So to recap I can login with *domain* accounts via ssh, but I cannot
login with *local* user accounts.   cyg_server is a local user account
not a domain account.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; q=dns; s=default; b=C7G2fCP5Iw9C53l/2GbHPQcITb34Z
	XTA693oPRPB74VMOuYO3dkjGx9pvDZC2K/bmKuQ/IdZ0vKTaD8uXNtMHJ9SmTVBg
	JwiccwAiNgpB4bGBHg844v+Ul/kZ2hemCfyj4Kkan9m2Gp6gVwz355OZdb3nP84u
	6uv//+0chxbCNI=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; s=default; bh=V16lhZGD3a1li6NobjTUPsjIDBQ=; b=YGF
	n5DAanIsXu50VVE/6LTe+4U0s0EUJQmdBONBOb4KyoBAbP0mKNjGcINPoJ1yaDBG
	9aKoiv+x7HvqHO2fzwkm2bdiXUwQ+KxfbIlUTawiLR0ya2f3WzIh+vSAHJxwAGd/
	267Tdrxcw1fTPR/yBSqxsk+FV5ejuVB07EOWbxSQ=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2
X-HELO:	mail-wi0-f181.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=/0j+1bIiiEoIm+YwEhKZ8G5ncL0WDfimjFT00FHTMgs=; b=MWYCRBByqHGMpghHojWT9T3lX4qN9cR6Vv3ruNwktGR2nn04KSY4jk65CwjJtZ0LJ1 dtW0R6OAyY+5teMnkr7XKMdMvvBx0sLDLcFH4sCw2B5ananj3rC0h/aSJF4+YfYnPILR pYQtf5UyGDJwr7WJLFrpjAURwdxzaDpS5PKYMPzA2nhQ4SRZRYh34vlIACSrMQYKjCdD II+c5fnpAACXXDbmQfTNAGbDOsmhtPTc21xoQXX8naUfoubwuqy5n37xPRUpz/zeFbxJ H5vioFiYsfmQ0Y9ZKkiSV7kwNkSmWF32FqW+HhytWNt0Uj9ifA1e3/WeaSCDOgFOg/+f xgSA==
X-Gm-Message-State:	ALoCoQnw+7mX2hfbBRV65xjxOECUcE7hhQnEC80hsXCX4j0qauOc1iILz9eZCFaCfhFHzIaVkrnP
MIME-Version:	1.0
X-Received:	by 10.180.75.167 with SMTP id d7mr2432277wiw.63.1426107421674; Wed, 11 Mar 2015 13:57:01 -0700 (PDT)
Date:	Wed, 11 Mar 2015 20:57:01 +0000
Message-ID:	<CALTCyaSFWfcCvTbv5XVR4N6sEpuMrvy91EtGD1R0ACuArjAvdg@mail.gmail.com>
Subject:	Local accounts can't login via ssh, but domain accounts can
From:	Rodney Beede <cygwin AT rodneybeede DOT com>
To:	cygwin AT cygwin DOT com