delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2016/09/06/13:43:56

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:content-type:message-id:date:from
:reply-to:to:subject:content-transfer-encoding; q=dns; s=default; b=
RJi7cGDmjar6cdwqnJZrTQXwa6eczQNzJ+hS16LFMYCl36jycsTXDKJxpFZD+fBX
pFSrErMVMYJZUNflVLDl0OTFxVOQEWnIVAvUU+fTzWrvieLFxLRSSdrpzucLMomH
Icd3SQ8E8HLT7ATaKUcLM9nXsa9S4eMSwFS3Ca2oae4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:content-type:message-id:date:from
:reply-to:to:subject:content-transfer-encoding; s=default; bh=0G
b30Jd/UDWy6km8gcN7Unm2SqI=; b=DLc/elaTXzfPB8ey7sQ2TNsgabpzKRw3Xf
ghCglRn4ddP470GwCoEP4smJt8/Ca88cNhuzSmzIRMxVVRMv2Zln+j+f5WKtBLWZ
hcvmJQB+TzRYMgMZFZnGPdFc7OJd83Mj6Tm6ZC7IaR2683Z4JHNA2Fx9QMkL8xyT
va1VFDJOk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.4 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=H*r:8.16.0, H*r:ip*8.16.0.17, cygwin_nt-6.1, CYGWIN_NT-6.1
X-HELO: imta-38.everyone.net
X-Eon-Originating-Account: Jf-U-aRws2OXGXoRKRUju6_AqORaUwWccto5nzy3CIy-W1ukAJdZcHHCUq7fXpdM
X-Eon-Dm: m0094770.ppops.net
MIME-Version: 1.0
Message-Id: <20160906104335.CCAE4CA4@m0086238.ppops.net>
Date: Tue, 6 Sep 2016 10:43:35 -0700
From: "Jeffrey Lightner" <jclightner AT copper DOT net>
Reply-To: <jclightner AT copper DOT net>
To: <cygwin AT cygwin DOT com>
Subject: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
X-Eon-Sig: AQLeMdBXzwBHwrBqpwEAAAAC,37668b0d134788d1b68587ad01a1488d
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-09-06_06:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=3 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1609060270
X-IsSubscribed: yes
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id u86HhqHo030929

Hi all,

We recently setup Cygwin (uname –a shows CYGWIN_NT-6.1 ATMEPD01 2.5.2(0.297/5/3) 2016-06-23 14:29 x86_64 Cygwin)  and configured its sshd on one of our Windows 2008 R2 (SP1) servers.   The idea is to allow one of our Linux (RHEL6.8) servers to run a bat file on the Windows server via ssh from a Linux scheduled cron job. Since this will be automated from the Linux side I setup standard ssh trust from the Linux user to a Windows user. Testing the trust verified it works and can be used to login without password and to remotely  execute Windows bat files.

The problem is that there is a specific bat file that is failing when the command it calls tries to "login" to the Essbase application (i.e. not OS level login) but appears to be running the other commands in the bat file properly.

The weirdness is that this failure only occurs when we call it using ssh trust to make the connection. If we make the connection without a trust so that it prompts for the OS level password the bat file then executes correctly including its application level login.

This suggests there is some environmental difference when ssh logs in with a password vs when it connects with a trust. I've checked the "set" and "env" Linux commands output on the Windows user after login as well as the DOS "set" command output and there is no difference between them when logged in via trust vs logged in via password.

To reiterate the "login" that is failing is something with the application not the OS user. The OS user logs in successfully either way. Calling the bat file works either way – it is only this application "login" that is failing from within the bat file and only when done via ssh trust.

I also found sshpass allows one to feed the OS level password to the ssh call and using that from the RHEL6.8 server also works when I call the bat file on the Windows. This reinforces the idea of an environmental difference between password login and trust connection. 

Has anyone seen this kind of behavior before and if so can you share what you did to resolve it for trusts?

I did search the web and the archives but most hits come up simply to explain how to establish a trust vs using password authentication but that isn’t my problem because the trust itself does work.   Also of course there are many guides talking about how to setup sshd in Cygwin.   Since I can connect via ssh I know sshd is running properly.   I’ve been using ssh on Linux and UNIX for years.  I’ve also been using Cygwin on Windows laptops for years but this is the first time I’m using its sshd and I’ll admit I’m stumped on this one.   It doesn’t seem it should care which way I got logged in (password vs trust) once I actually am logged in but clearly it does care.

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019