Mail Archives: cygwin/2016/05/13/16:54:42

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/05/13/16:54:42

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:subject:to:message-id:date:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=GzX

tuVfReqpbRiloOfdTpX4eSrs1b/0y1DqPXITVhJ9HWOa4utWRX/80b7Qw3QXy3VR

ODADyKrqxEjvfbZk2MNyzDB0VFcCeJY6SIyoMjswUefg1Xjlo5YNwPzjOFGyAPtI

NEVB0nUs8QCTVNXW9XWqWfiy9KZbWpwfX2Mz/emw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:subject:to:message-id:date:mime-version

:content-type:content-transfer-encoding; s=default; bh=3f7US2yr/

lj4nmZwXh1w07icgcM=; b=NIIAnmcd9iM/34P0MmFUj6sn5798KaqCpHbEPWP6E

HlsdLUwvyW9AeRwOtz/IdlDQIrftS9lII+dBWXhRYye++TudSggdHFVB3kS+rf3D

fHXzvgnFjGKtU/JIWnY+eQMOup9VPbdGOZcLrb6MuOLiBux1fYpZrPb9UfcYKorx

UU=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=3.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SCAM_SUBJECT,SPF_PASS autolearn=no version=3.3.2 spammy=pty, tty, accounts

X-HELO: mail-qg0-f53.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=ImYHizVEEBtUTfOHHeOTzK8BLR6lqxvNOEuVSKEZlFE=; b=OfmdhMSuHPhLBrOgzxgPhofA7r6R6hwQtIfXYPw3ZiBpVkx5rZX6+klhgIQdjijJjI E7aCrAYGBbDBbXpLzvUY3PTBL5HVmdDDySW4j38tC9IIbKoMsYADum7EhRyvJVyO83fl 6kfRBv3h+F9ziemdUsxE8SLWk1bgyDcu20Ax0ePvarOw8xkccfKpnfEKQ/GmE46luoSx eE3OJrx8otwTcZ31/bBpcJZzYjq+HRYnYo7VhE5e/va19BcMaNRLtV8YLswx+TLdDRQH a+jiS3uRvIY0UXJQbPevfJS3lVRIuLfoxTu8ts1Chg4nDmMonKR6x5nwzVDVbdslRPvW OP3Q==

X-Gm-Message-State: AOPr4FWpSZpXTIpNh5rhSIuy2/QBcUtL/adSvja/jHiqBm5l8q5sm0CrqqqZXhW0YcKUTA==

X-Received: by 10.140.104.146 with SMTP id a18mr17718421qgf.26.1463172852720; Fri, 13 May 2016 13:54:12 -0700 (PDT)

From: Andrei Remenchuk <andrei144 AT gmail DOT com>

Subject: Can't login to Cygwin SSH server with domain account

To: cygwin AT cygwin DOT com

Message-ID: <1c0a4627-4650-ade9-788d-e6bde4fffc64@gmail.com>

Date: Fri, 13 May 2016 16:54:15 -0400

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0

MIME-Version: 1.0

X-IsSubscribed: yes

I am running Cygwin SSH server under local cyg_server account, and I 
can't login with domain accounts (using password).
Connection and authentication succeed, from what I can tell, but then 
the server immediately closes connection:

         $ ssh domaintest AT localhost
         domaintest AT localhost's password:
         Last login: Fri May 13 13:14:44 2016 from ::1
         Connection to localhost closed.

The only clue in server log is "Received SIGCHLD" message:

         debug1: Allocating pty.
         debug1: session_pty_req: session 0 alloc /dev/pty3
         debug1: server_input_channel_req: channel 0 request shell reply 1
         debug1: session_by_channel: session 0 channel 0
         debug1: session_input_channel_req: session 0 req shell
         Starting session: shell on pty3 for domaintest from ::1 port 
49287 id 0
         debug1: Setting controlling tty using TIOCSCTTY.
         debug1: Received SIGCHLD.
         debug1: session_by_pid: pid 3464

At the same time, logins into local accounts do work.
When I switch the service to run under domain account instead, the 
opposite happens -  I can log in with domain accounts, but cannot login 
using local accounts anymore. Only in that case, the error is different:

     /bin/bash: Operation not permitted

In all cases, it looks like authentication succeeds, but then some 
privileges don't match up.

https://cygwin.com/ml/cygwin/2010-01/msg00334.html talks about similar 
problem in relation to passwordless logons, and says that in order to 
ssh into domain accounts, I also have to run the service under domain 
account. That makes sense, however I am using password logons, which 
theoretically should work in all cases, as far as I understand.

Ideally, I'm looking for SSH setup where both local and domain users can 
login. Is that even possible ?




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:message-id:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=GzX
	tuVfReqpbRiloOfdTpX4eSrs1b/0y1DqPXITVhJ9HWOa4utWRX/80b7Qw3QXy3VR
	ODADyKrqxEjvfbZk2MNyzDB0VFcCeJY6SIyoMjswUefg1Xjlo5YNwPzjOFGyAPtI
	NEVB0nUs8QCTVNXW9XWqWfiy9KZbWpwfX2Mz/emw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:message-id:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=3f7US2yr/
	lj4nmZwXh1w07icgcM=; b=NIIAnmcd9iM/34P0MmFUj6sn5798KaqCpHbEPWP6E
	HlsdLUwvyW9AeRwOtz/IdlDQIrftS9lII+dBWXhRYye++TudSggdHFVB3kS+rf3D
	fHXzvgnFjGKtU/JIWnY+eQMOup9VPbdGOZcLrb6MuOLiBux1fYpZrPb9UfcYKorx
	UU=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=3.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SCAM_SUBJECT,SPF_PASS autolearn=no version=3.3.2 spammy=pty, tty, accounts
X-HELO:	mail-qg0-f53.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=ImYHizVEEBtUTfOHHeOTzK8BLR6lqxvNOEuVSKEZlFE=; b=OfmdhMSuHPhLBrOgzxgPhofA7r6R6hwQtIfXYPw3ZiBpVkx5rZX6+klhgIQdjijJjI E7aCrAYGBbDBbXpLzvUY3PTBL5HVmdDDySW4j38tC9IIbKoMsYADum7EhRyvJVyO83fl 6kfRBv3h+F9ziemdUsxE8SLWk1bgyDcu20Ax0ePvarOw8xkccfKpnfEKQ/GmE46luoSx eE3OJrx8otwTcZ31/bBpcJZzYjq+HRYnYo7VhE5e/va19BcMaNRLtV8YLswx+TLdDRQH a+jiS3uRvIY0UXJQbPevfJS3lVRIuLfoxTu8ts1Chg4nDmMonKR6x5nwzVDVbdslRPvW OP3Q==
X-Gm-Message-State:	AOPr4FWpSZpXTIpNh5rhSIuy2/QBcUtL/adSvja/jHiqBm5l8q5sm0CrqqqZXhW0YcKUTA==
X-Received:	by 10.140.104.146 with SMTP id a18mr17718421qgf.26.1463172852720; Fri, 13 May 2016 13:54:12 -0700 (PDT)
From:	Andrei Remenchuk <andrei144 AT gmail DOT com>
Subject:	Can't login to Cygwin SSH server with domain account
To:	cygwin AT cygwin DOT com
Message-ID:	<1c0a4627-4650-ade9-788d-e6bde4fffc64@gmail.com>
Date:	Fri, 13 May 2016 16:54:15 -0400
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version:	1.0
X-IsSubscribed:	yes