| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 5A32C386F435 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1608418391; | |
| bh=ge9nDfVS0wSTqLl0Ws4VarAzt6zA/jLsi1B4SV3KSrM=; | |
| h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: | |
| List-Help:List-Subscribe:From:Reply-To:From; | |
| b=KDeEQ9fhtEFS28oqvbgKBw5Oc0LXf4bUCod6Z9NING5iGR4Bwye8QR73cRwaegoel | |
| LQNMs+87b+deqfrIqC0Bz5DmKP3oBjy2gbkwugiRFdZeNbxy++iD7HrYM5+sS20Vkk | |
| VTWmP6mRzocxWlLTjfX5OdwiLnWYawvJR8NSJD4k= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.3.2 sourceware.org 92E973858C27 |
| X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; |
| d=1e100.net; s=20161025; | |
| h=x-gm-message-state:to:from:subject:message-id:date:user-agent | |
| :mime-version:content-language; | |
| bh=cYYyd4xX0PCYg8VIJUSgqQNNa5NDqHFjPBxI0RkeGt8=; | |
| b=CcM9Dq0KTMNXlfIrAGmjKjnCHBYXMgVXBaCIOe39t+e10y3oduMECXTd9pB8L5DaMu | |
| R9QT8DV8wWPMziV6JX5mlSf4P0TYVLem6i+c4UXX1I4vtcYiOvcoJnNx5gMBHChEdxXV | |
| KSBwl95VB1yTww640gUYks6jnyOpynOyabLuLlg7DI+JOuU2uhXsEVUf0bsb91AXyIob | |
| vX9OWVmbw+NsoxTrSJwiQOXKh2WiYsyTxlMppmI3C8aGoPO4RJ+jnsI5I7AX7Xq+1cS4 | |
| i4Ib9aIdnZy9/bk9tO+zRrV2wZxEZS1fvBPwbScgzl/25amdJJ8xz/s46wxjbsXbGliF | |
| M7+g== | |
| X-Gm-Message-State: | AOAM532b+U15ndX6NB1YyirKe9aK9Yfecd72ADSPtgjgKgFA1fC34tue |
| i3TGCang2vlifX71VQkqiC5vJxSvRWb7CA== | |
| X-Google-Smtp-Source: | ABdhPJwkfSNUGgJcZEKYQEIhYt48sowWlbvbLpdIv8XYw7MssrC4Z3elgxoNtr2s/FJdRnTbAisy9A== |
| X-Received: | by 2002:a1c:204e:: with SMTP id g75mr9876469wmg.100.1608418386244; |
| Sat, 19 Dec 2020 14:53:06 -0800 (PST) | |
| To: | cygwin AT cygwin DOT com |
| Subject: | Can't ssh to a Cygwin machine in the Windows domain -- seteuid |
| Message-ID: | <2a6c0dd1-98f0-ddf3-008f-3770aad3c59d@gmail.com> |
| Date: | Sat, 19 Dec 2020 23:53:04 +0100 |
| User-Agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 |
| Thunderbird/78.6.0 | |
| MIME-Version: | 1.0 |
| X-Spam-Status: | No, score=-1.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, |
| DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE, | |
| RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, | |
| TXREP autolearn=ham autolearn_force=no version=3.4.2 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.2 (2018-09-13) on |
| server2.sourceware.org | |
| X-Content-Filtered-By: | Mailman/MimeDel 2.1.29 |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Nicola Mingotti via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | Nicola Mingotti <nmingotti AT gmail DOT com> |
| Sender: | "Cygwin" <cygwin-bounces AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 0BJMrbgc014637 |
Hi, I would like to run Cygwin ssh in a few computers in a Windows Domain. The DC is Samba, running in Debian 10. I found several issues. Lastly I decided to follow a guide, this: https://microtechnology-services.github.io/2016/04/29/cygwin-sshd-on-windows-domain.html It did not go well, so I followed partially another document, it is not specific for the domain, but it is very recent, this: https://www.softwareab.net/wordpress/cygwin-sshd-pubkey-authentication/ Still, I can't make it work after about 2 days of struggling. This is what I did. 1] Install Cygwin, the usual way (i did it more then once). Install packages openssh and ruby. 2] Prepare a user "cyg_server" in the Windows domain 3] set a GPO in the domain, giving "cyg_server" these attributes: . act as part of the operating system . create a token object . log on as a service . replace a process level token . deny access to this computer from the network . deny log on through Remote Destop Services 4] Open Cygwin as "Administrator" and stop cygsshd to remove a complexity layer, I want to run "sshd" by hand and see error logs. cy adm> cygrunsrv.exe --stop cygsshd 5] Copy as administrator the ssh* files in /etc to a /home/cyg_server/myEtc/ and make 'cyg_server' the owner 6] Open a shell Cygwin with "Run as different user", the user is: 'cyg_server' 7] In this new shell I run the command: cy>Â /usr/sbin/sshd.exe -ddd -f /home/cyg_server/myEtc/sshd_config 8] Move to another machine, a Linux, outside the domain and run a command similar to what follows. 'domus' is the name of the machine running the cygwin sshd server, it is in the windows domain called 'WINDOM'. 'nicola' is a Domain User in Windom. $> ssh nicola AT domus The output I see from point [7] is: ---------- ... debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user nicola service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug2: userauth_pubkey: valid user nicola querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABAQCoEX3G1bjNTD17IoXtl3MQU/ImtuetRZpm60BL/GmpG2JvT3TfQH1lqoXR1jY2pdOYRdskN+KQk3ob+2E31xL7PUFd1/h6IIYzNceDS/lD/oeDMkWm4u54M1VBiIRqdSgXAc7Vce34yZTuuHOLk/ZE3ozgln0Asz98+cXA8gy+mohXY/0+Rkr0XHwhU1nRhTnG4sWqByeZ0zmD5m3wXyFfxq4ih3hf+sAarrGQk5IIpl3SYvMu5gvF3q/7s5Kx5brlxH7BnAob7NTPYyC6we1L/D+gsFkHjTffefU62TTjZy+7HC6FtppNadvi5aNJI6yuBg5XJbRgcytLqo9jv9QX [preauth] debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x8000988e0 debug1: temporarily_use_uid: 1049679/1049089 (e=1049726/1049089) seteuid 1049679: Operation not permitted debug1: do_cleanup debug1: Killing privsep child 804 ---------- I tried several variations e.g. change the user logging in, change the OS of the computer running the ssh call. Change permissions to the landing home user directory. Change to put/delete the /etc/passwd, /etc/groups files. => Nothing. Always "seteuid" error. I hope you can give me some advice. Thanks in advance. Nicola Mingotti -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |