Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.5.1 Date: Fri, 07 Sep 2001 09:25:26 -0700 From: "Serge Pluess" To: Subject: File access and open-ssh issue Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id MAA08493 Hi two things I would like to find some help with: First of all. I downloaded and installed the setup.exe from the website this Tuesday. The machine is running Windows 2000 Server and is part of an NT Domain (but is not the PDC nor BDC). At the side of having full administrative rights on the NT domain I also added a local user to the machine with the same password and gave it the rights mentioned in the docs/faqs. I also created a system wide variable CYGWIN=binmode ntsec tty 1. File access. When I double click on the cygwin icon I get the bash shell. I create a test.txt file with vi and when I do a ls -lisa I get the following output: 835139 1 -rw-rw-rw- 1 spluess None 5 Sep 7 06:30 test.txt if I do a chmod 600 on test.txt: 565193935 1 -rw------- 1 spluess None 5 Sep 7 06:30 test.txt Now if I try to use vi again or less I get spluess AT COURTNET ~ $ less test.txt test.txt: Permission denied Now this is with the default installation and nothing changed in any configuration file. I think that this is also causing my problems with the second item SSH 2. Open-SSH Ok, so on a clean install of Cygwin I open the bash shell and issue the following command: spluess AT COURTNET ~ $ ssh-host-config Generating /etc/ssh_host_key Generating /etc/ssh_host_rsa_key Generating /etc/ssh_host_dsa_key Generating /etc/ssh_config file Generating /etc/sshd_config file Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "binmode ntsec tty". CYGWIN=binmode ntsec tty The service has been installed under LocalSystem account. Host configuration finished. Have fun! Then I issue the ssh-user-config: spluess AT COURTNET ~ $ ssh-user-config Shall I create an SSH1 RSA identity file for you? (yes/no) yes Generating /home/spluess/.ssh/identity Enter passphrase (empty for no passphrase): Enter same passphrase again: Do you want to use this identity to login to this machine? (yes/no) yes Adding to /home/spluess/.ssh/authorized_keys Shall I create an SSH2 RSA identity file for you? (yes/no) (yes/no) yes Generating /home/spluess/.ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Do you want to use this identity to login to this machine? (yes/no) yes Adding to /home/spluess/.ssh/authorized_keys2 Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) yes Generating /home/spluess/.ssh/id_dsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Do you want to use this identity to login to this machine? (yes/no) yes Adding to /home/spluess/.ssh/authorized_keys2 Configuration finished. Have fun! Now if I look at my .ssh folder I get the following output: spluess AT COURTNET ~/.ssh $ ls -lisa total 16 1465433688 4 drwxrwxrwx 2 spluess None 4096 Sep 7 06:39 . 376421 4 drwxrwxrwx 3 spluess None 4096 Sep 7 06:36 .. 769643 1 -rw-rw-rw- 1 spluess None 335 Sep 7 06:36 authorized_keys 376447 1 -rw-rw-rw- 1 spluess None 832 Sep 7 06:39 authorized_keys2 496617810 1 -rw------- 1 spluess None 736 Sep 7 06:39 id_dsa 376449 1 -rw-r--r-- 1 spluess None 606 Sep 7 06:39 id_dsa.pub 447068477 1 -rw------- 1 spluess None 951 Sep 7 06:36 id_rsa 1490550 1 -rw-r--r-- 1 spluess None 226 Sep 7 06:36 id_rsa.pub 432150836 1 -rw------- 1 spluess None 531 Sep 7 06:36 identity 769641 1 -rw-r--r-- 1 spluess None 335 Sep 7 06:36 identity.pub Now as mentioned above I do not have access to any of the key files So now if I launch sshd -d and ssh -v localhost I get the following scenario: $ ssh -v localhost OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Reading configuration data /etc/ssh_config debug1: Applying options for * debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1006 geteuid 1006 anon 1 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: temporarily_use_uid: 1006/513 (e=1006) debug1: restore_uid debug1: temporarily_use_uid: 1006/513 (e=1006) debug1: restore_uid debug1: Connection established. debug1: identity file /home/spluess/.ssh/identity type -1 debug1: identity file /home/spluess/.ssh/id_rsa type 1 debug1: identity file /home/spluess/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 141/256 debug1: bits set: 1032/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Forcing accepting of host key for loopback/localhost. debug1: bits set: 1022/2049 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/spluess/.ssh/identity Enter passphrase for key '/home/spluess/.ssh/identity': Enter passphrase for key '/home/spluess/.ssh/identity': Enter passphrase for key '/home/spluess/.ssh/identity': debug1: try pubkey: /home/spluess/.ssh/id_rsa debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: try pubkey: /home/spluess/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password spluess AT localhost's password: debug1: ssh-userauth2 successful: method password debug1: channel 0: new [client-session] debug1: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug1: client_init id 0 arg 0 debug1: channel request 0: shell debug1: channel 0: open confirm rwindow 0 rmax 16384 Last login: Thu Sep 6 09:14:35 2001 from athlon_sp > Even though I entered the identical Passphrase all the tries with it failed and I got in on the password try. 66 Sep 7 06:39 id_dsa 3764 Right now I am just guessing that this has to do with the file permissions of the "key" files. I have looked at the faq and the documentation and so far I haven't been able to figure out how to get this to work. Thanks for any hints/help/information in advance Serge -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/