Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Fri, 26 Oct 2001 13:22:48 -0500
From: Peter Fales <psfales AT lucent DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: problems with sshd and RSAAuthentication
Message-ID: <20011026132248.A19773@lucent.com>
References: <1004109070 DOT 20843 DOT ezmlm AT sources DOT redhat DOT com> <20011026102738 DOT B13230 AT lucent DOT com> <20011026180058 DOT Y7622 AT cygbert DOT vinschen DOT de> <20011026113442 DOT C14038 AT lucent DOT com> <20011026201101 DOT D10561 AT cygbert DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011026201101.D10561@cygbert.vinschen.de>; from cygwin@cygwin.com on Fri, Oct 26, 2001 at 08:11:01PM +0200

So what you are saying is that SYSTEM is running my sshd since it is running
from cygrunsrv, and SYSTEM has all rights it needs.    But, it still 
doesn't let me in with RSAAuthentication.    Is there any way to 
tell (perhaps by turning on additional logging) why it doesn't work?

-- 
Peter Fales			  Lucent Technologies, Room 5B-408
N9IYJ            		  2000 N Naperville Rd PO Box 3033
internet: psfales AT lucent DOT com	  Naperville, IL 60566-7033
			 	  work:	(630) 979-8031

On Fri, Oct 26, 2001 at 08:11:01PM +0200, Corinna Vinschen wrote:
> On Fri, Oct 26, 2001 at 11:34:42AM -0500, Peter Fales wrote:
> > On Fri, Oct 26, 2001 at 06:00:58PM +0200, Corinna Vinschen wrote:
> > 
> > > - SYSTEM doesn't need that rights set since it has all rights already.
> > > - That are the rights needed for being able to change account using
> > >   password authentication.
> > > 
> > > Either you let SYSTEM run cygrunsrv or you have to add the (very dangerous)
> > > "Create a token object" user right to the account running cygrunsrv.
> > 
> > How do I "let" SYSTEM run cygrunsrv?  I think that may be the way it's
> > working now, but I ran ssh-host-config as a user and didn't tell it
> > anything special.   Can I login as SYSTEM to do the ssh-host-config, or 
> > is there some way to tell it to run the service as SYSTEM?
> 
> Services get run by SYSTEM by default.  You're mixing the user
> as whom you installed the service with the user actually running
> the service.
> 
> When you've used ssh-host-config for installing the sshd service,
> it gets automatically run by SYSTEM.
> 
> > Just for testing, I added to "Create a token object" for the user who
> > invoked cygrunsrv.  That didn't make any difference either.
> 
> You'll better remove these rights from your account.  They are really
> dangerous if you're not absolutely sure what you're doing.
> 
> > > Besides that, do you have created a /etc/group file using mkgroup
> > > and did you check your /etc/passwd file being ok?
> > 
> > I do have a /etc/group file created with "mkgroup -l"  and a /etc/passwd 
> > file created with "mkpasswd -l"  - how can I tell if it is "OK"?
> 
> If you didn't change anything, they should be ok.
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                                mailto:cygwin AT cygwin DOT com
> Red Hat, Inc.
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/