X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 92D543858400
Authentication-Results:	sourceware.org;
	dmarc=none (p=none dis=none) header.from=pdinc.us
Authentication-Results:	sourceware.org; spf=pass smtp.mailfrom=pdinc.us
DKIM-Filter:	OpenDKIM Filter v2.11.0 mail2.pdinc.us 1AAEuT8r024320
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default;
	t=1636556190; bh=47uwCHtHglDALxoDxs+0eNT93jFtS75/uPfl+Ox1d6s=;
	h=From:To:References:In-Reply-To:Subject:Date:From;
	b=PfdBldgnDWYN/ouHOiZR1vZy08ev+09WC8Cq9yHh28/GodckFjLvpubkRUQ+pDHYV
	w/wHycoS3kd/Ytr5Axy7kMey/0+UFhrJxFNQsehRW8fo5G7CA6LNxtf4OtJgzcLD+X
	iMY/3Y1TRvoCv8gcPMnr7a1EwP/BsZVhr+Lr4sz61baOdFu9qdlNKcRFjMYmsqfL+6
	MlplwetVasx/eI7g/HEsmuMF/arMmawZJyHSzzM3InWPcBEnpafY+p0b8bxXQxuT/u
	LmSCX80CusPwZu9zw1g/HoN7lDeMKNbA/IK1mJctTjTiIYhjbvBkF6ors7S6XTrj/g
	w43eXBDcdh21A==
From:	"Jason Pyeron" <jpyeron AT pdinc DOT us>
To:	<cygwin AT cygwin DOT com>
References:	<2dfb0a68-b9e3-f9fb-817b-651fec02adf5 AT onespin DOT com>
In-Reply-To:	<2dfb0a68-b9e3-f9fb-817b-651fec02adf5@onespin.com>
Subject:	RE: [cygwin] Problem with ssh(d)
Date:	Wed, 10 Nov 2021 09:56:25 -0500
Organization:	PD Inc
Message-ID:	<026c01d7d643$228d7dd0$67a87970$@pdinc.us>
MIME-Version:	1.0
X-Mailer:	Microsoft Outlook 16.0
Thread-Index:	AQGbz+MuxzBhnOpDKxzOIY5pgXX0P6x05eKw
X-Spam-Status:	No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS,
	SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

> -----Original Message-----
> From: Strasser, Dominik (DI SW ICS ICV)
> Sent: Wednesday, November 10, 2021 9:50 AM
> 
> Hi all,
> I am facing the following problem with my sshd installation.
> 
> We are in an AD environment. AD holds the needed data for ssh(d) to
> work. I can log into cygwin using ssh. But if I have a key stored
> .ssh/authorized_keys for passwordless login, the groups my user is in
> differs from the one w/o an authorized keys. Unfortunately exactly the
> group(s) for accessing the shared filesystems is missing. We were
> investigating a lot and the only workaround we found is that the sshd
> service runs under the user we want to log in. This unfortunately
> disables any other user to log into the cygwin machine. When debugging
> ssh with -vvv, there is no visible difference between the login with
> authorized_keys or without (of course there is a difference wrt. the
> login method).
> 
> This is cygwin 3.2.0 and openssh openssh-8.8p1-1.
> 
> Any clues ?

Passwordless login and network shares are incompatible by Microsoft design. You can see this in Microsoft task scheduler as well.

Our solution is to not rely on network file sharing, as it is disabled in our environment anyway due to security issues.

v/r,

Jason Pyeron

--
Jason Pyeron  | Architect
PD Inc        | Certified SBA 8(a)
10 w 24th St  | Certified SBA HUBZone
Baltimore, MD | CAGE Code: 1WVR6
 
.mil: jason DOT j DOT pyeron DOT ctr AT mail DOT mil
.com: jpyeron AT pdinc DOT us
tel : 202-741-9397



-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -