X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0 	tests=BAYES_00
X-Spam-Check-By: sourceware.org
In-Reply-To: <16301_1264086092_4B586C4C_16301_305990_2_OF11708682.5FB599E5-ONC12576B2.0050FA30-C12576B2.00528821@nbg.sdv.spb.de>
References: <16301_1264086092_4B586C4C_16301_305990_2_OF11708682.5FB599E5-ONC12576B2.0050FA30-C12576B2.00528821@nbg.sdv.spb.de>
To: cygwin@cygwin.com
MIME-Version: 1.0
Subject: Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 2008: Problem  is solved now!!!
X-KeepSent: 6D70C15D:A621C2E3-C12576B2:00585C7B;  type=4; name=$KeepSent
Message-ID: <4426_1264090236_4B587C7C_4426_313_1_OF6D70C15D.A621C2E3-ONC12576B2.00585C7B-C12576B2.0058DAC7@nbg.sdv.spb.de>
From: Carsten.Porzler@spb.de
Date: Thu, 21 Jan 2010 17:10:32 +0100
X-SafeGuard_MailGateway: Version: 5.60.3.9976 SGMG Date: 20100121161036Z
Content-Type: text/plain; charset="US-ASCII"
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Dear Cygwin Community,

my problem described is solved now. 

The change to Windows Server 2003 is the fact, that the OpenSSHd Server 
service must run under a user account, SYSTEM account is not enough!

The choosen user account must have the following privileges:

    Create a token object
    Logon as a service
    Replace a process level token
    Increase Quota 

It does not work, if you give SYSTEM account all the rights! These 
behaviour was described in the year 2007 in a "CopSSH" forum. 

No further investigation is needed.

Thanks and

best regards

Carsten Porzler



cygwin-owner@cygwin.com schrieb am 21.01.2010 16:01:28:

> [Bild entfernt] 
> 
> Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 
2008...
> 
> Carsten.Porzler 
> 
> an:
> 
> cygwin
> 
> 21.01.2010 16:01
> 
> Gesendet von:
> 
> cygwin-owner@cygwin.com
> 
> Dear Cygwin experts,
> 
> we installed Cygwin/OpenSSH V.5.3
> 
> CYGWIN_NT-6.1-WOW64 d00atq49 1.7.1(0.218/5/3) 2009-12-07 11:48 i686 
Cygwin
> OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
> 
> on a Windows 2008 64-bit system.
> 
> Unfortunetly the key authentication does not work. The connection 
> initiation interrupts on server side with the following errors: seteuid 
> <user-id>: Permission denied
> 
> debug1: userauth-request for user testuser01 service ssh-connection 
method 
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 10.2.240.11.
> debug2: parse_server_config: config reprocess config len 229
> debug2: input_userauth_request: setting up authctxt for testuser01
> debug2: input_userauth_request: try method none
> Failed none for testuser01 from 10.2.240.11 port 2467 ssh2
> debug3: Wrote 80 bytes for a total of 1549
> debug1: userauth-request for user testuser01 service ssh-connection 
method 
> publickey
> debug1: attempt 1 failures 0
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 1011/513 (e=18/544)
> seteuid 1011: Permission denied
> debug1: do_cleanup
> 
> The password authentication with the same user on the same server works 
> fine.
> 
> The OpenSSHd service is running under system account. The file 
> cyglsa64.dll is loaded from the registry key 
> "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages".
> 
> The public key file is owned by the user "testuser01", to which I want 
to 
> switch to, and is readable for group and all others.
> 
> The OpenSSHd service is running without Privilege Separation (we also 
> tried this in meantime, but fails, too). It's the same configuration as 
we 
> have used since years on our Windows Server 2003 systems (32-bit).
> 
> What can be the reason(s) for this behaviour?
> 
> Thanks for help in advance and
> 
> best regards
> 
> Carsten Porzler
> 
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple