delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2019/03/14/09:53:50

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:cc:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; q=dns; s=
default; b=jT9Xjx4Gm1IsThvQiahJKQt2UbObKm44RUzUqMHGPAJyxNWNwreyH
Y2y7O2xQnIXEtFd7X7hwDN3/52qNNCYvJ0eTQOTHfWUC83HgzmfNfPzj2O7slYTT
cKyJ+r/7F1VbRaFb5oc67Wb8zAzAeRXvdeWYmmo1Ys3E7xc3fnMS5Y=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:cc:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; s=default;
bh=P8REXjI+gH/3g5wqnBvlFBHKbSk=; b=qm7C8dlhxq3hzDAO8JRvplWy4tND
c5KSSK0kLMXE69nw0hicXp1iAp+tMFQqGKVnR9R6Yyv0hthL8cEcqrg1cVa7x3w5
4SL4IXu49U1AUTrbRrpo3n2Pswz6RCB6PaTX3OIRKgY0k4+aFM9SmENdCTov0BWi
wun3LIUaeu4D5Ho=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-102.6 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=password, device, H*F:D*cygwin.com, services
X-HELO: mout.kundenserver.de
Date: Thu, 14 Mar 2019 14:53:34 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: renaud DOT rolles AT giraudbtp DOT com
Cc: cygwin AT cygwin DOT com
Subject: Re: sshd: fatal: seteuid XXX : No such device or address
Message-ID: <20190314135334.GH3785@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: renaud DOT rolles AT giraudbtp DOT com, cygwin AT cygwin DOT com
References: <011a01d4da5a$96247330$c26d5990$@giraudbtp.com> <20190314121034 DOT GG3785 AT calimero DOT vinschen DOT de> <014e01d4da69$965ee650$c31cb2f0$@giraudbtp.com>
MIME-Version: 1.0
In-Reply-To: <014e01d4da69$965ee650$c31cb2f0$@giraudbtp.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
Note-from-DJ: This may be spam 

--MdsOjv/FQ+tsWHFo
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 14 14:26, renaud DOT rolles AT giraudbtp DOT com wrote:
> >=20
> > On Mar 14 12:39, renaud DOT rolles AT giraudbtp DOT com wrote:
> > > I can login via password, it work and lets me in.
> > > But if i tried with my keys, I get in the event viewer :
> > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> >=20
> > - Make sure to login with the Administrator account case-sensitive.
> >   If your account is called "Administrator", then use an uppercase
> >   'A' when logging in.
> >=20
> >   This case-sensitivity issue is a temporary workaround for a
> >   potential security problem in OpenSSH.  This will be rectified
> >   with OpenSSH 8.0 which allows to login case-insentive again.
>=20
> With Uppercase i do have a login prompt, but (with the good password), I =
cant login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username a=
dministrator

As I said above, *if* your account is called Administrator...

> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.=
0.8 port 60876 ssh2
>=20
> >=20
> > - If that doesn't help, switch the user running the sshd service from
> >   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> >=20
>=20
> This worked, like a charm, thank you =F0=9F=98=8A
>=20
> >   Cygwin switched the logon method and this method doesn't run
> >   under the "cyg_server" account sometimes.  However, switching
> >   back to "LocalSystem" instead of having to create a special
> >   "cyg_server" service account is one of the advantages of the
> >   new logon method.  For details, see
> >=20
> >   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> >=20
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing
> the password ?

The cyg_server account has been introduced many years ago as a
workaround for a change in the LocalSystem permissions in=20
Windows 2003 and later.  The new S4ULogon method makes the cyg_server
account obsolete because the reduced permissions of LocalSystem
are sufficient now.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--MdsOjv/FQ+tsWHFo
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyKXN4ACgkQ9TYGna5E
T6ByohAAgKx7B4v+UpnHERr/qw/kJPQhKwLvfKU5xyiU9Ofus1wbxM76S1bWhTjd
SdPYKiCxmGgM8GYx9v0V9qw88fRGN4lIyMLBOaF0rHq64spPKt6BQYbF4iFVeEas
GNrZloYWCjdj/GGS+k91CPcjTyIi669QO+pBmkTe7C7nAFQw3ovqW5HudIhrNy66
LEaEsYDgPEaOtYxDfA301QckP8ohaogQfR4qcymf0dgONmtGPt1h711ohS1AhZbZ
0Hps78kMOrNvgtqnlWNobNRTNyygT9LHtdKaf9MBbgOVxrBXK+RNenRl8rvI0Kw7
sv4lrl1t7cl+Y8qalGfmd2Wyu2wAa0xxjxnaO/gTiAdnY89koZydaKvwtX4bW40m
5juoXd4jjfqBCBOzUC3VouYZKWhlWqSwz442T0H+wLImbdBimabS/n6/afgIokpR
vUDK6b4BRctctm5xjb6p4X845DYzovFUwqbzkgc1hCF27UyselkCnMN8Ex8wZVgD
PLNRTIE3cAgVr7L6q9W24sBpNnymTarc6zqMSFJ42H145mEKFKR7CWcJ2Pm1p0eY
fxjb3ew3hBhyL4pYe3qanMQDwYV7Dg4w+geUYlJytPWGhgJ2GU4jQFF548PEIpW9
hYlLt81kPBAfqY+ATCEAOrosmGh7X3XmskaAS96Q/s77GhOfbdA=
=GxON
-----END PGP SIGNATURE-----

--MdsOjv/FQ+tsWHFo--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019