Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com To: cygwin AT cygwin DOT com Date: Wed, 14 Nov 2001 17:49:49 -0800 From: "N Wilson" Message-ID: Mime-Version: 1.0 X-Sent-Mail: on Reply-To: nmwilson AT lycos DOT com X-Mailer: MailCity Service X-Priority: 3 Subject: problems with RSA authentication for multiple users using SSHD X-Sender-Ip: 171.65.39.87 Organization: Lycos Mail (http://mail.lycos.com:80) Content-Type: text/plain; charset=us-ascii Content-Language: en Content-Transfer-Encoding: 7bit Hello, Let me start with a simple question: can multiple users using RSA authentication log into a single Windows 2000 box running sshd? It seems like this is implied by the README files in /usr/doc. Assuming this is true then here is my problem: I am trying to log onto a Windows 2000 (sp2) box using ssh with rsa authentication with different accounts. While I have no problems logging in as different users using passwords, I can only seem to use rsa authentication when I'm logging on as the user starting the sshd process. I'm running Cygwin version 1.3.5. In addition, I have specified "CYGWIN=ntsec" as a system variable. When I run sshd as LocalSystem, it seems like sshd is happy I've entered the correct rsa passphrase, but then it tries to make me the correct user and dies saying: "Received disconnect from my.ip.address.here: Authentication rejected for uid 1004." If I give my user account the following privelages: "Act as part of the operating system" "Replace process level token" "Increase quotas" "Logon as a service" and start the sshd server under my account nwilson, I can then ssh into my machine using RSA authentication. In a little more detail, I did the following: bash% chown SYSTEM /etc/ssh* bash% cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd" bash% cygrunsrv --start sshd bash% ssh -l nwilson my_machine_name_here tried to log in as user nwilson using RSA with failure log below bash% cygrunsrv --stop sshd bash% cygrunsrv --remove sshd bash% chown nwilson /etc/ssh* bash% cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd" -u nwilson bash% cygrunsrv --start sshd bash% ssh -l nwilson my_machine_name_here tried to log in as user nwilson with success (log below) So the heart of my question is what can cause ssh/sshd to agree I'm a given user but be unable to switch the user context properly? I feel like I've tried nearly everything (file permissions and user on ~/.ssh, /etc/ssh*, /etc/passwd, /etc/group). I'm basically running out of ideas. Hopefully someone can help. Thanks, Nathan running sshd under LocalSystem: debug1: Seeding random number generator /etc/sshd_config line 49: Deprecated option CheckMail debug1: sshd version OpenSSH_3.0p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from my.ip.address.here port 1116 debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1 debug1: match: OpenSSH_3.0p1 pat ^OpenSSH debug1: Local version string SSH-1.99-OpenSSH_3.0p1 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for nwilson. debug1: temporarily_use_uid: 1004/513 (e=18) debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys debug1: restore_uid Disconnecting: Authentication rejected for uid 1004. debug1: Calling cleanup 0x4169cc(0x0) running sshd under nwilson: debug1: Seeding random number generator /etc/sshd_config line 49: Deprecated option CheckMail debug1: sshd version OpenSSH_3.0p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from my.ip.address.here port 1142 debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1 debug1: match: OpenSSH_3.0p1 pat ^OpenSSH debug1: Local version string SSH-1.99-OpenSSH_3.0p1 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for nwilson. debug1: temporarily_use_uid: 1004/513 (e=1004) debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys debug1: restore_uid Accepted rsa for nwilson from my.ip.address.here port 1142 debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/tty0 ... additional lines deleted but connection was successful ... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/