Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <050e01c0acb3$715fc880$360510ac@ERDELYM>
From: "Michael Erdely" <mike AT erdelynet DOT com>
To: <cygwin AT cygwin DOT com>
References: <3AAE49AF DOT 4937BC65 AT itb DOT biologie DOT hu-berlin DOT de> <20010313175612 DOT A1385 AT cygbert DOT vinschen DOT de> <3AAF5E36 DOT 92616E0A AT itb DOT biologie DOT hu-berlin DOT de> <20010314144236 DOT B8060 AT cygbert DOT vinschen DOT de> <3AAF90C3 DOT A59D8134 AT itb DOT biologie DOT hu-berlin DOT de> <20010314171249 DOT B8866 AT cygbert DOT vinschen DOT de>
Subject: Re: SSHd permission problem
Date: Wed, 14 Mar 2001 13:20:25 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400

On Wed, Mar 14, 2001 at 04:39:47PM +0100, Axel Kowald wrote:
> Hello Corinna,
>
> > Send output of ssh -v, please.
>
> This time I started sshd -d on the command line to get the debug output.
> For this I made a separate copy of the ssh_host_key files which is owned
> by me (kowald). Here is the output of ssh -v localhost and ssh -d :


I've seen this before.

If you read the openssh-2.5.1p2.README, you'll find:
->  - If you want to be able to login to different user accounts you'll
->  have to start sshd under system account or any other account that
->  is able to switch user context. Note that administrators are _not_
->  able to do that by default! You'll have to give the following
->  special user rights to the user:
->  "Act as part of the operating system"
->  "Replace process level token"
->  "Increase quotas"
->  and if used via service manager
->  "Logon as a service".

This means that SYSTEM has to start SSHD if you want to use password
authentication.  It's very simple, use the sshd -d to determine that your
configuration settings are correct.  Once you see the "user's password"
prompt, you're probably golden.  Then, set up SSHD (as described in the
readme) to start with either SRVANY or INETD under the SYSTEM context.  It
will most likely work.

Good luck,
-ME




--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple