| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:to:message-id:subject | |
| :mime-version:content-type:content-transfer-encoding; q=dns; s= | |
| default; b=RcYW+xIDEeV1EYBpti0vQD/OIqyRQPzQurxzYxdB0ogd7Mg0LYpox | |
| Zwr/rpLgGwtMzivm/1Wtq0P/CLaUMglYyuxD8oc8Z+l8nvIpEldRAUYcS1cB58Vu | |
| eY/vATQeH4XGFdwQko7A1J20gt7QTo63qlIVCRESevbOySsWANDhI0= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:to:message-id:subject | |
| :mime-version:content-type:content-transfer-encoding; s=default; | |
| bh=Oru9q3KuT5D/z6gCnLxZrizSh6M=; b=is2C/6fKRaqxwwWiL34lu45X4OFa | |
| m0PYnNRq7K4kacBeorcAF8r8ud99Yp9vE8fs0OmHM8fzMVTcF/IROMly+VhcHL6N | |
| W40uC3i74OJxC5oVOJmPIObtGck/pup/FxeVkUQmuRpcpq2PlfPKyEgM76emWALs | |
| LLKET2AiGBSfMT4= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 |
| X-HELO: | nm20-vm6.bullet.mail.gq1.yahoo.com |
| Date: | Sat, 5 Sep 2015 21:03:25 +0000 (UTC) |
| From: | Zdzislaw Meglicki <zdzisiekm AT sbcglobal DOT net> |
| Reply-To: | Zdzislaw Meglicki <zdzisiekm AT sbcglobal DOT net> |
| To: | "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com> |
| Message-ID: | <1975013611.1485306.1441487005702.JavaMail.yahoo@mail.yahoo.com> |
| Subject: | Sshd behaving strangely... |
| MIME-Version: | 1.0 |
Greetings, I have installed Cygwin on a Windows 8.1 Enterprise workstation. It is a most recent full download of the whole Cygwin suite (within a week or so). Here are the relevant numbers: Windows 8.1 Enterprise Ver 6.3 Build 9600 [...] Cygwin DLL version info: DLL version: 2.2.1 DLL epoch: 19 DLL old termios: 5 DLL malloc env: 28 Cygwin conv: 181 API major: 0 API minor: 289 Shared data: 5 DLL identifier: cygwin1 Mount registry: 3 Cygwin registry name: Cygwin Installations name: Installations Cygdrive default prefix: Build date: Shared id: cygwin1S5 I don't provide a full dump at this stage, but I will if the discussion veers this way. The sshd package is: openssh 7.1p1-1 OK openssh-debuginfo 7.1p1-1 OK The workstation is slaved, security wise, to the enterprise Active Directory, but it has local accounts that are not, I run sshd and exim using cygrunsrv on it thusly: Service : exim Description : Mail Transfer Agent Current State : Running Controls Accepted : Stop Command : /usr/bin/exim -bdf -q15m Service : sshd Display name : CYGWIN sshd Current State : Running Controls Accepted : Stop Command : /usr/sbin/sshd -D -e Now about the weirdness... I can connect to this system from another machine that is on the same subnet, on the same desk actually, that runs a very old version of Linux and a very old version of ssh (version 3.9p1). The sshd daemon on the Windows machine does not let me make a connection using a passphrase, but I can make a connection using a password of the Windows user and this works just fine. The message that is printed on sshd.log when this happens looks as follows: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Accepted password for root from [IP number here] port 36014 ssh2 However, when I try to make a connection from another machine that runs Cygwin version 1.7.35 ssh version 6.8p1-1 the connection is rejected and the following message is printed in sshd.log: seteuid 1214318: Operation not permitted Now, I've checked the mailing list and I see that problems with sshd configuration are not uncommon. This particular problem with "Operation not permitted" was solved by David Koppenhofer by "asking the network admin to give 'Create a token object' to the service account." So, this problem appears to be a feature, perhaps, rather than a bug. But if this is so, then isn't the acceptance of the password and successful login into the account from the ancient version of ssh on the ancient Linux machine a... security bug? General question: how to configure sshd on Windows 8.1 Enterprise slaved to an Active Directory? Is there a document on-line somewhere that outlines the steps? Also, are any ports other than 22 involved on the sshd server machine? Zdzislaw (Gustav) Meglicki Indiana University -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |