Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <3A2F9EF2.E3C7AEBA@bnl.gov>
Date: Thu, 07 Dec 2000 09:30:10 -0500
From: John Haggerty <haggerty AT bnl DOT gov>
Organization: Brookhaven National Laboratory
X-Mailer: Mozilla 4.73 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: cygwin AT sources DOT redhat DOT com
Subject: Re: Can't authenticate my ssh
References: <3A2EB423 DOT 299A590A AT bnl DOT gov>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Thanks, Corinna, you gave me the crucial clue.  Although I added those
rights for the sshd user, I didn't log out and log back in, or reboot,
or whatever it is NT wants you to do to make them take effect.  After I
did that, I'm in.  

John Haggerty wrote:
> 
> I'm stumped.  I think I've read the documents (at least the openssh
> readme), cruised the web, tried the combinations that make sense, but I
> still can't get logged on to ssh on a Windows NT 4.0 box.  I did the
> dance with those extra rights, I ran ssh-config edited to to have the
> "right" combinations (I think... see the resulting config file below).
> 
> There must be some problem with my password file, right?  But what, or
> how do I start over?  Permissions?
> 
> --
> John Haggerty
> internet: haggerty AT bnl DOT gov
> voice/fax: 631 344 2286/631 344 4592
> http://www.rhic.bnl.gov/phenix/computing/online/oncs/people/haggerty/johnh.html
> 
> I've changed the names to protect the stupid, but here's the output from
> ssh and sshd:
> 
> CYGWIN_NT-4.0 a 1.1.6(0.30/3/2) 2000-11-21 21:00 i686 unknown
> sshd -d output from the Windows NT 4.0 machine:
> 
> debug1: sshd version OpenSSH_2.3.0p1
> debug1: Seeding random number generator
> debug1: read DSA private key done
> debug1: Seeding random number generator
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> debug1: Seeding random number generator
> debug1: Seeding random number generator
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from 130.199.x.y port 1021
> debug1: Client protocol version 1.5; client software version 1.2.26
> debug1: no match: 1.2.26
> debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1
> debug1: Sent 768 bit public key and 1024 bit host key.
> debug1: Encryption type: 3des
> debug1: Received session key; encryption turned on.
> debug1: Installing crc compensation attack detector.
> debug1: Attempting authentication for guy.
> Failed password for guy from 130.199.x.y port 1021
> Connection closed by 130.199.x.y
> debug1: Calling cleanup 0x4149e4(0x0)
> 
> ssh -v guy AT a DOT b DOT bnl DOT gov output from a nearby machine:
> 
> SSH Version 1.2.26 [sparc-sun-solaris2.6], protocol version 1.5.
> Standard version.  Does not use RSAREF.
> phoncs0.phenix.bnl.gov: Reading configuration data /etc/ssh_config
> phoncs0.phenix.bnl.gov: ssh_connect: getuid 31071 geteuid 0 anon 0
> phoncs0.phenix.bnl.gov: Connecting to a.b.bnl.gov [130.199.x.z] port 22.
> phoncs0.phenix.bnl.gov: Allocated local port 1021.
> phoncs0.phenix.bnl.gov: Connection established.
> phoncs0.phenix.bnl.gov: Remote protocol version 1.99, remote software
> version OpenSSH_2.3.0p1
> phoncs0.phenix.bnl.gov: Waiting for server public key.
> phoncs0.phenix.bnl.gov: Received server public key (768 bits) and host
> key (1024 bits).
> phoncs0.phenix.bnl.gov: Host 'a.b.bnl.gov' is known and matches the host
> key.
> phoncs0.phenix.bnl.gov: Initializing random; seed file
> /home/phoncs/.ssh/random_seed
> phoncs0.phenix.bnl.gov: IDEA not supported, using 3des instead.
> phoncs0.phenix.bnl.gov: Encryption type: 3des
> phoncs0.phenix.bnl.gov: Sent encrypted session key.
> phoncs0.phenix.bnl.gov: Installing crc compensation attack detector.
> phoncs0.phenix.bnl.gov: Received encrypted confirmation.
> phoncs0.phenix.bnl.gov: Doing password authentication.
> guy AT a DOT b DOT bnl DOT gov's password: [the correct NT password is entered]
> Permission denied.
> 
> Here's /etc/sshd_config
> 
> # This is ssh server systemwide configuration file.
> 
> Port 22
> #Protocol 2,1
> ListenAddress 0.0.0.0
> #ListenAddress ::
> #HostKey /etc/ssh_host_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> 
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> 
> # To install for logon to different user accounts change to "no" here
> RSAAuthentication no
> 
> # To install for logon to different user accounts change to "yes" here
> PasswordAuthentication yes
> 
> PermitEmptyPasswords no
> 
> CheckMail no
> UseLogin no
> 
> #Uncomment if you want to enable sftp
> #Subsystem      sftp    /usr/sbin/sftp-server
> #MaxStartups 10:30:60

-- 
John Haggerty
internet: haggerty AT bnl DOT gov
voice/fax: 631 344 2286/631 344 4592
http://www.rhic.bnl.gov/phenix/computing/online/oncs/people/haggerty/johnh.html

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com