Mail Archives: cygwin/2016/09/06/14:39:36

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/09/06/14:39:36

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:content-type:message-id:date:from

:reply-to:to:cc:subject; q=dns; s=default; b=CBvgG39USu82QZCb6G3

IggsQmI0zddKwEgxiKV7Fopjr0MS3jYYIreADPMhMYU/qFz7wzu7EYYArX0QOdqS

yxOKyspl5D9SFDtHWUejAnj5jUDxC+6H1WY3TUPQMXzL5tG2qkI7Ftkwzq0k6ALc

Y78qpcyXO7z1tCuDrNw2u5lk=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:content-type:message-id:date:from

:reply-to:to:cc:subject; s=default; bh=QDXEB///jP76AnF+zMLMdqaaw

6c=; b=pilyrpkfbdp5K24pf4BMLF3UxGINnnqK/rteOecceQCMa5GpgUBIWCnvg

ClkzaH2hQO/rSJVU/e3imq1cqA2vtpaTn18z4cVBl11TzH4GL9wctiP/W9Meicfb

gA62fGzGd5aim8h/1eSxk09Jey/R/PXCxUKvP2u+Tu7moWEd34=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=H*r:8.16.0, H*r:ip*8.16.0.17, U*Stromeko, sk:Stromek

X-HELO: imta-38.everyone.net

X-Eon-Originating-Account: 1fl0Ydf2VL3pM4TVcm3y26EaQAFCLHxSniWcX9MjTU4v_6YJw0Dco_rGlBmpP-0Z

X-Eon-Dm: m0094770.ppops.net

MIME-Version: 1.0

Message-Id: <20160906113901.CCAE47E5@m0086238.ppops.net>

Date: Tue, 6 Sep 2016 11:39:01 -0700

From: "Jeffrey Lightner" <jclightner AT copper DOT net>

Reply-To: <jclightner AT copper DOT net>

To: "Achim Gratz" <Stromeko AT nexgo DOT de>

Cc: <cygwin AT cygwin DOT com>

Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication

X-Eon-Sig: AQLeMdBXzw1GmnVnqgEAAAAC,b565855c3be8a1be3b4b128094d1fee4

X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-09-06_06:,, signatures=0

X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=7 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1609060284

X-IsSubscribed: yes

Thanks.

I've done the passwd -R and re-established the trust.   Once the user retests with the trust I'll let you know how it goes.

The comment in the article about only System users being able to list the registry entries doesn't mean it will ignore the "passwd -R" done for a non-Administrative user (by an Administrative account of course) does it?   At present the remote Windows user is a local Administrative user but of course we plan to lock that down some after other testing pans out.

--- Stromeko AT nexgo DOT de wrote:

From: Achim Gratz <Stromeko AT nexgo DOT de>
To: cygwin AT cygwin DOT com
Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
Date: Tue, 06 Sep 2016 19:59:47 +0200

Jeffrey Lightner writes:
> The weirdness is that this failure only occurs when we call it using
> ssh trust to make the connection. If we make the connection without a
> trust so that it prompts for the OS level password the bat file then
> executes correctly including its application level login.

That most likely means that this application needs network access.  If
you log in via public key and don't have a password stored in registry
via 'passwd -R' and cygserver running to use it, then you won't have any
access rights to non-local resources.

https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

If all you need is indeed to run one script, you might alternatively be
able to set up a service that starts under a network user and just runs
that script when triggered by your remote user login in via ssh.

Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type:message-id:date:from
	:reply-to:to:cc:subject; q=dns; s=default; b=CBvgG39USu82QZCb6G3
	IggsQmI0zddKwEgxiKV7Fopjr0MS3jYYIreADPMhMYU/qFz7wzu7EYYArX0QOdqS
	yxOKyspl5D9SFDtHWUejAnj5jUDxC+6H1WY3TUPQMXzL5tG2qkI7Ftkwzq0k6ALc
	Y78qpcyXO7z1tCuDrNw2u5lk=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type:message-id:date:from
	:reply-to:to:cc:subject; s=default; bh=QDXEB///jP76AnF+zMLMdqaaw
	6c=; b=pilyrpkfbdp5K24pf4BMLF3UxGINnnqK/rteOecceQCMa5GpgUBIWCnvg
	ClkzaH2hQO/rSJVU/e3imq1cqA2vtpaTn18z4cVBl11TzH4GL9wctiP/W9Meicfb
	gA62fGzGd5aim8h/1eSxk09Jey/R/PXCxUKvP2u+Tu7moWEd34=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Hr:8.16.0, Hr:ip8.16.0.17, UStromeko, sk:Stromek
X-HELO:	imta-38.everyone.net
X-Eon-Originating-Account:	1fl0Ydf2VL3pM4TVcm3y26EaQAFCLHxSniWcX9MjTU4v_6YJw0Dco_rGlBmpP-0Z
X-Eon-Dm:	m0094770.ppops.net
MIME-Version:	1.0
Message-Id:	<20160906113901.CCAE47E5@m0086238.ppops.net>
Date:	Tue, 6 Sep 2016 11:39:01 -0700
From:	"Jeffrey Lightner" <jclightner AT copper DOT net>
Reply-To:	<jclightner AT copper DOT net>
To:	"Achim Gratz" <Stromeko AT nexgo DOT de>
Cc:	<cygwin AT cygwin DOT com>
Subject:	Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
X-Eon-Sig:	AQLeMdBXzw1GmnVnqgEAAAAC,b565855c3be8a1be3b4b128094d1fee4
X-Proofpoint-Virus-Version:	vendor=fsecure engine=2.50.10432:,, definitions=2016-09-06_06:,, signatures=0
X-Proofpoint-Spam-Details:	rule=notspam policy=default score=0 spamscore=0 suspectscore=7 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1609060284
X-IsSubscribed:	yes