Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <3BD985EE.2020500@cportcorp.com>
Date: Fri, 26 Oct 2001 11:49:02 -0400
From: Peter Buckley <peter DOT buckley AT cportcorp DOT com>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en-us
MIME-Version: 1.0
To: Peter Fales <psfales AT lucent DOT com>
CC: cygwin AT cygwin DOT com
Subject: Re: problems with sshd and RSAAuthentication
References: <1004109070 DOT 20843 DOT ezmlm AT sources DOT redhat DOT com> <20011026102738 DOT B13230 AT lucent DOT com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Password authentication *truly* authenticates you, but ssh (without a 
password) uses NtCreateToken, which creates an authentication token 
without the need for a password. Unfortunately, this token is not 
unique- it cannot be, because it isn't generated with a unique 
username/password combination.  So the rights that you have when you use 
password authentication are very slightly different when you use 
RSAAuthentication.

How did you install sshd- "sshd --install-as-service"? Which user is 
running the sshd service- SYSTEM, or another user? You can check the 
mailing list archives to confirm this, but AFAIK there are limitations 
to ssh when you do not use password authentication, specifically with 
intricacies of user rights and accessing network shares.

HTH,
Peter

Peter Fales wrote:

> I'm currently trying to get sshd access to our Cygwin/Win2000 machine.  
> Currently it works well using password authentication, but I can't get
> it to use RSAAuthentication - it seems to be accepting the key, but
> then exits right away and creates a windows event log entry:
> 
> 10/26/2001      9:51:38 AM      1       0       0       sshd    NT AUTHORITY\SYSTEM             EXPNOVE sshd : Win32 Process Id = 0x470 : Cygwin Process Id = 0x470 : fatal: setuid 1000: Not owner
> 
> I know something like this has been discuseed before, and I've tried to 
> follow all the steps I can find documented:
> 
> 	- I've added "CYGWIN=ntsec tty" to the system environement
> 	- I've added these rights for the user that is running cygrunsrv
> 	  and the SYSTEM account:
> 		"Act as part of operating system" 
> 	        "Replace a process level token" 
>           	"Increase quotas" 
> 
> I'm at a loss to understand why this isn't working, particularly since
> it seems like password authentication would be doing pretty much the same
> thing.  Can anyone suggest what to try next?
> 
> 


-- 
-- 
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]

--


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/