X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=qPz9o
	zi8Zs+3IIEqTGUOAMM5meRQpzm9/PCxIIrF/0htj2nP3PeDsfEDIOGTPVsTretrx
	tgXZZN3nOaNfuJWmdl2dB4Mx0/9owcv2LUC+2maH6yJuv3ylXCpsm+5jYQWvRika
	r4YEgwL/gBAmrk8iw/CwwpGgWIUtRqMlpGzsYg=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=BIuW15y6sWf
	8n6F7+24y0FpQwHg=; b=Mv/roDbyKbzIG8bxAyyZ5nU8I9fUrNveLv5VJ5KnZ1X
	Q0pfcz4NRQS3MHLo5szTRkBGpOEQBj0Na6aMSFPI99GtZWzLvpMf5ev/mJL/6Tpi
	wuONH4j4WsPmjm9CfMg9DklXktdLk6riz7kxyJZWtvBC26vhpyzU3hGx5waWADBQ
	=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Hladkikh, aliaksei, hladkikh, Going
X-HELO:	mx009.vodafonemail.xion.oxcs.net
From:	Achim Gratz <Stromeko AT nexgo DOT de>
To:	cygwin AT cygwin DOT com
Subject:	Re: Cygwin 2.763 32bit SSHD public key auth. failure on Windows Server 2016 R2 64bit
References:	<568964b8f1ad4014a02767b9ec875415 AT prod-exch-mb1 DOT seavus DOT biz>
Date:	Mon, 05 Feb 2018 20:44:11 +0100
In-Reply-To:	<568964b8f1ad4014a02767b9ec875415@prod-exch-mb1.seavus.biz> (Aliaksei Hladkikh's message of "Mon, 5 Feb 2018 08:01:29 +0000")
Message-ID:	<87607bb4s4.fsf@Rainer.invalid>
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version:	1.0
X-VADE-STATUS:	LEGIT

Aliaksei Hladkikh writes:
> Can't connect to Cygwin SSHD using public key set up, but same Cygwin configuration/OS/client
> works with Cygwin 2.763 32bit on Windows Server 2008 R2 64bit.
> See var/log/messages extracts.
>
> Seems to be connected with SeTcbPrivilege problem because of 
> "fatal: seteuid 1049698: Operation not permitted" log record, but ALL existing Local Policy privileges were granted
> to dsm user under which Windows service runs or Administrators group where dsm is a member,
> gpupdate executed and service restarted.

FWIW, I think I am seeing the same problem on Windows Server 2012 R2
ever since that came out.  I think this is some security feature as the
same thing happily works on non-server Windows of all versions I have
access to, possibly controlled by a group policy, although I have not
found anyone who seems to know about it.  But it does work for other
people in other environments, so there must be some setting somewhere
that prevents it.

My current work-around is to run sshd as the user that logs in (in may
case it's always the same user) so it doesn't have to switch SID.

> Going to try x64 Cygwin, but it's scary to change that Server 2016 R2.

You can install both Cygwin versions in parallel, just don't re-create
the ssh user when setting up sshd.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -