delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2021/01/14/23:39:40

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5439396EC84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1610685533;
bh=O3cdZ8TBpUW8GAVFnYKPaGInNBFfuk6Ixj8V2O4tcac=;
h=To:References:Subject:Date:In-Reply-To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=sS1+36STcispgfVYwAoqV87G/ebt/m1PfK8xe1lPgS1uR4qmVjxMJKm2aZT7bNYtS
Dmaq520oNvm3RdABhxf60j/KfBDerIY8zNRas3XbluUn3dbSnbjTj2u0Huh2Z+AqWD
g6WKsm8i+kSTyOE9e3FBxyRm4dHPOt0ZeLi7E69Q=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 88E6B38708DD
X-Authority-Analysis: v=2.4 cv=INe8tijG c=1 sm=1 tr=0 ts=60011c58
a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17
a=IkcTkHD0fZMA:10 a=uYT-Tk0qkVT609LjNaIA:9 a=QEXdDO2ut3YA:10 a=nxFJi58FgSUA:10
To: cygwin AT cygwin DOT com
References: <4da6176c0a89411c9cae02302b4dd505 AT parrotbyte DOT com>
<6000F831 DOT 7080302 AT tlinx DOT org>
<5d878506e47f4dc295a2f3c4e6dd8e8a AT parrotbyte DOT com>
Organization: Inglis
Subject: Re: Need admin privs before something can inherit them (was Re:
ssh-host-config doesn't "inherit" user admin privilege)
Message-ID: <924ebfc6-5e1b-795a-bbec-ae59c56a7a88@Shaw.ca>
Date: Thu, 14 Jan 2021 21:38:47 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <5d878506e47f4dc295a2f3c4e6dd8e8a@parrotbyte.com>
X-CMAE-Envelope: MS4xfKImr5xpFbky0UGZO+D9lxFx+8lV8d0xZN5oCpR26I4g+X5jUVY6hy6BJPwY6zxLlPf4BgJBIVt2xo3TfflLwZ8KwotYnv12MUO0ad/49gp3ClexyQcL
Q14OuU630gpd9mUP7aF0oizzkF7ayUf6kvGqrW0wGSeVb0bWlhMVTNfAdRa6K1MkF2bcN3PQhJ+bHQ==
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Brian DOT Inglis AT Shaw DOT ca
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com> 

On 2021-01-14 19:55, art wrote:
> On Thursday, January 14, 2021 6:05 PM,  L A Walsh wrote: 
>> On 2021/01/14 17:21, art wrote:
>>> I get a security code 5 when ssh-host-config tries to install cygsshd. I 
>>> was logged into Win 10 pro/x64 as an admin user. The "fix" was to start a
>>> Cygwin64 Terminal with Admin and then run ssh-host-config within this script.

>> You say ssh-host-config tries to install cygsshd.  How was ssh-host-config
>> called (started)?  When Cygwin64 Terminal was run, it was run with Admin
>> at the start.  Was that done when ssh-host-config was run?
>> 
>> How was it run?

> Yes, I did a right-click on the cygwin terminal icon and chose a "run as 
> administrator" option. This is like doing a sudo to start a linux shell... 
> everything run in the shell inherits "admin"/"root" as appropriate. Followed
> by using this shell to do:
> 
> cd /usr/bin
> ./ssh-host-config
> 
> I entered 'yes' responses to the various setup questions including yes to 
> privileged separation. I never bumped into this sort of inheritance problem 
> in Windows 7 and earlier. Seems to be a Windows 10 "feature". This past week
>  I ran into the same problem using an Intel supplied command script to
> install their hydra_mpi server. Another knowledgeable Windows 10 user reports
> he, too, has encountered this issue.

It's been years but I don't remember anything being different under Win 7, for 
"non-native" Windows programs that are not prepared to handle elevation, whereas 
Cygwin setup is and does.

> After installation I do some local tweaks to sshd_config such as disablng 
> plain-text password logins. I'm able to succesfully connect using ssh/sftp 
> from other platforms to this system using public key authentication. Windows
> is configured to autostart cygsshd.
> 
> I can add that I previously added C:\cygwin64 to the list of Windows
> Defender exceptions.

You always had to start cmd or bash with Run as Admin to run anything elevated 
e.g. C:\cygwin64\bin\bash /bin/script.

Similarly in Windows scheduled tasks: Run as SYSTEM, whether logged in or not, 
Do not store password, with highest privileges.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019