Mail Archives: cygwin/2024/02/07/00:35:24

marco atzeri via Cygwin <cygwin AT cygwin DOT com> · Wed, 7 Feb 2024 06:34:13 +0100

On Wed, Feb 7, 2024 at 3:26ā€ÆAM Frank-Ulrich Sommer via Cygwin
<cygwin AT cygwin DOT com> wrote:
> On 06.02.2024 22:22, Brian Inglis via Cygwin wrote:
> > On 2024-02-05 18:36, Eliot Moss via Cygwin wrote:
> >> On 2/5/2024 8:28 PM, Frank-Ulrich Sommer via Cygwin wrote:
> >>> On 05.02.2024 00:53, Frank-Ulrich Sommer via Cygwin wrote:
> >>>> I'm trying to run cygsshd on my PC with Windows 11 and connect from a linux machine. I have added the public key to /cygdrive/c/Users/xxx/.ssh/authorized_keys and created a symbolic link from  /cygdrive/c/Users/xxx/.ssh to /home/xxx/.ssh. As usual I checked the access rights and mode of the .ssh directory (700 and belongs to user xxx) and the authorized_keys file (600 and also belongs to user xxx) and also of the home directory (had to change ownership).

> The problem seems to be that OpenSSH does not even arrive at checking the home diretory or the .ssh directory. It starts checking every directory in the path and fails already at "/cygdrive/c/Users". Now that I know how to get the sources I added debug output to the error message. OpenSSH sees this directory as belonging to user with UID 18 and it has mode 4750. Mode ist checked not to contain 0022 which is fine here. Then it checks that the owner is the correct system user and the only criteria is that the UID must be zero. Only for AIX and HPUX the user "bin" with UID 2 is also accepted. So this check fails and OpenSSH assumes that the directory does not belong to the correct privileged system user.
>
> I think the only way to fix this with the current OpenSSH is disabling strict mode, but normally I'm quite reluctant to do something like that.2
>

what is the issue on using /home/USER/.ssh folder ?

I prefer to leave the Cygwin Home and the Windows Home well separated
to avoid this ACL collision

 $ set | grep -i ^home
HOME=/home/matzeri
HOMEDRIVE=C:
HOMEPATH='\Users\matzeri'

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org ACC41385828E
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1707284123;
	bh=Vcr+eNBs+XljbaVgAn8z8nHi8jMpQe51KcI777j1A28=;
	h=References:In-Reply-To:Date:Subject:To:Cc:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	From:Reply-To:From;
	b=DgEXDD6J1w2L4A1KdbG9eTzftpvo8yGrXOSYf+xpygfUJmzLCBkkkt3Q7+pqacYnE
	zHZ9oFzfb6032VGdFHkP/T8OH5tTT37RzfKBBrmk0ffSA8OYOAZQKmX0iTm4nLVzIx
	DGa9y1ZcIhA5utncR5py4F146CsfhJWVyjRHMkTY=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 81C173858C53
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 81C173858C53
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707284067; cv=none;
	b=ulv0zLh6IT0IkItb7ugAGJbEuIqKTUJ6MfqWM109VFXpc4cRYPR16WYw4JfxwTcl+7eAttFU6D43PrNasOg8uzjDagPidXBfeY8kmLneU512ZXldflPoSimmyh20FOk1B7OtZKhwLRUZAPu2dzyZh99/5Zegtl5++aHq1tTFEUk=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1707284067; c=relaxed/simple;
	bh=/bBmaVqMCLSTyAi/3ZygCpGR7/pPWx5jO0VYJk+hqbA=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
	b=UQSGc/GgtiRKqA/A0v82tBNBdQSyNS80nIk6Tfjgv0fWd8UzrjRLUS6q5nhHd7+SnJXHGDEvp6W8labpea2Tkzy++v/Tg0uxbh38/ybGQGOym6oKZV138iWA4MbNXTUVa9Ws/vkP6GUQpoDkw9HRLtwEtsBpPl0JApr84ADICRg=
ARC-Authentication-Results:	i=1; server2.sourceware.org
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1707284065; x=1707888865;
	h=content-transfer-encoding:cc:to:subject:message-id:date:from
	:in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
	:subject:date:message-id:reply-to;
	bh=r2NadP2jsR1vH72HpF3kuv7ppy2PIOb9SimJflomTqU=;
	b=a/x3OSeoks5pqx4J8MwGRYlWu3+M5UGhNYaF53uEL/VVvsoRfbs4H0cOv7lUQam7Hu
	cqgkBGCRnyhfV44XkqTw3dvG2znO1GePHDpTFu/XjTEK5v1CEEGhdteD6e+ad+Ii5Z8z
	K5EKeI6JxeHC0jGwHBPZ8K2H3UgvWtg54BHDf0EMQxZ2jsPmgQ68rmzmUS0GSHQ2g9o4
	hbL6aBa1jbH+NUp9IwbEaztIK7UzjC5OWKoJR19Eppse0dwawzWROZTOdaPbNhnWYNrs
	4nDW1/ULQ0kWnFjq2xQ5BkFeV76zkDo8llv+qixSSCg4LpZNUfphg5yQxdONfmHwqfDO
	mPDw==
X-Gm-Message-State:	AOJu0Yw2wR2HTb4gcz1685FKrVz1cUAw5Tb9+XnwxCKIUeRB2vGVigQ6
	jdRouED9IfYqp7dTydDtuw2Nfa+2XJAXFyCrelFaYQMiLiPYKyJ+xpbQ5qo01zby2Nr1rd2uXxv
	8fjEDGjqC+pxvvymkx1fTkjlhNEU=
X-Google-Smtp-Source:	AGHT+IE9ciF3lIc4eJ7kVSrYOImsTWS6WKaWeV31HGc2ldxIiGLMd2aLM6EEJn8yG/QA9aWMQnGxcvfYbu+86qR9j7Q=
X-Received:	by 2002:a25:abcb:0:b0:dbf:e0a:c62b with SMTP id
	v69-20020a25abcb000000b00dbf0e0ac62bmr3552702ybi.48.1707284064752; Tue, 06
	Feb 2024 21:34:24 -0800 (PST)
MIME-Version:	1.0
References:	<a2df2105-31b8-425c-a963-4ea98e2f2ffa AT f-us DOT de>
	<e10d1c13-b167-46b1-935d-edebcf307e9a AT gmx DOT net>
	<439a4aeb-e8f8-42c7-6c35-c303a9366368 AT cs DOT umass DOT edu>
	<b6f5af93-a7c1-428a-b6d3-5a9baaea3608 AT SystematicSW DOT ab DOT ca>
	<14be4d61-0c8b-412d-9afe-c60f2e4b3b42 AT gmx DOT net>
In-Reply-To:	<14be4d61-0c8b-412d-9afe-c60f2e4b3b42@gmx.net>
Date:	Wed, 7 Feb 2024 06:34:13 +0100
Message-ID:	<CAB8Xom8x3P--ADx69gxk1vk-pKvU58dT=qfY0JhRGdNG4Hzfuw@mail.gmail.com>
Subject:	Re: cygsshd fails due to bad ownership or modes of /cygdrive/c/Users
To:	Frank-Ulrich Sommer <f-u DOT s AT gmx DOT net>
Cc:	cygwin AT cygwin DOT com
X-Spam-Status:	No, score=0.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE, SPF_PASS, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	marco atzeri via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	marco atzeri <marco DOT atzeri AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 4175ZOr2005682

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019