Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Tony Hain" <tony AT tndh DOT net>
To: <cygwin AT cygwin DOT com>
Cc: <mark AT networksimplicity DOT com>
Subject: cygwin & opensshd on .net enterprise server
Date: Wed, 15 May 2002 12:30:26 -0700
Message-ID: <IEEOIFENFHDKFJFILDAHKEEAEGAA.tony@tndh.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

I am looking for any clues on how to make cygwin & opensshd work on a
.net enterprise server, and found nothing in the mail archive. I had
been running Mark's opensshd specific environment on W2k server without
trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I
thought I would try the full cygwin. That is failing in the same way, so
after a couple of days experimenting I am stuck.

With the intent of sending Mark a trace, I followed his instructions for
debugging by  using a scheduled task to get a system account command
window (if it is of any use, I have put a copy of the debug trace at the
end). What I found in the process is that there appears to be some
permissions related problem, because I get logged in as any valid user
over the ssh channel, but that immediately exits. Trying to figure that
out I found that the only process/user that can run the shell is the
system account. When I run sh, bash, or the cygwin.bat from any other
account it just exits, but they appear to work fine in the system
initiated command window. This is also true of many of the exe's in
/bin, although some of them just hang with 100% cpu for the non-system
user.

One thing I found in the process is that the old passwd file is useless.
The only way I could log in using ssh with either Mark's sshd subset, or
the full cygwin was to use the mkpasswd & mkgroup process to build those
files from scratch with the NT UIDs. What the log showed before I did
that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.'
Simply changing that got me to the point of 'password accepted', but
until the shell runs for all accounts, that does no good.

I tried setting bash to W2k compatibility mode (actually all modes), and
turning off  the 'protect my computer from unauthorized activity'
checkbox in the run as ... option, but those made no difference. I also
tried setting the file owner for the entire subdirectory tree to system,
again no difference. cygrunsrv.exe and sshd.exe are running as system,
but it appears they end up running the shell in user space.

Any clues what to try next???
Tony



C:\Program Files\NetworkSimplicity\ssh>sshd -d -d -d -f sshd_config
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 87 on 0.0.0.0.
Server listening on 0.0.0.0 port 87.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.123.34 port 4354
debug1: Client protocol version 1.99; client software version 3.0.0 SSH
Secure S
hell for Windows
debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,x509v3-sign-dss,x509v3-sign-rsa
debug2: kex_parse_kexinit: 3des-cbc
debug2: kex_parse_kexinit: 3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 194/384
debug1: bits set: 475/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 480/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ahain service ssh-connection method
none
debug1: attempt 0 failures 0
debug2: input_userauth_request: setting up authctxt for ahain
debug2: input_userauth_request: try method none
Failed none for ahain from 192.168.123.34 port 4354 ssh2
debug1: userauth-request for user ahain service ssh-connection method
none
debug1: attempt 1 failures 1
debug2: Unrecognized authentication method name: none
Failed none for ahain from 192.168.123.34 port 4354 ssh2
debug1: userauth-request for user ahain service ssh-connection method
password
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method password
Accepted password for ahain from 192.168.123.34 port 4354 ssh2
debug1: Entering interactive session for SSH2.
debug1: fd 3 setting O_NONBLOCK
debug1: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 10000 max
512
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty1
debug3: tty_parse_modes: SSH2 n_bytes 0
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: fd 4 setting TCP_NODELAY
debug1: channel 0: rfd 9 isatty
debug1: fd 9 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: server_input_channel_req: channel 0 request window-change reply
0
debug1: session_by_channel: session 0 channel 0
debug1: Received SIGCHLD.
debug1: session_input_channel_req: session 0 req window-change
debug3: tvp!=NULL kid 1 mili 100
debug2: notify_done: reading
debug1: session_by_pid: pid 3964
debug1: session_exit_message: session 0 channel 0 pid 3964
debug1: channel request 0: exit-status
debug1: session_exit_message: release channel 0
debug1: channel 0: write failed
debug1: channel 0: close_write
debug1: channel 0: output open -> closed
debug1: session_close: session 0 pid 3964
debug1: session_pty_cleanup: session 0 release /dev/tty1
Write failed: errno ESHUTDOWN triggered
debug1: Calling cleanup 0x41f104(0x0)
debug1: channel_free: channel 0: server-session, nchannels 1
debug3: channel_free: status: The following connections are open:
  #0 server-session (t4 r0 i0/185 o3/0 fd 9/-1)

debug3: channel_close_fds: channel 0: r 9 w -1 e -1
debug1: Calling cleanup 0x417030(0x0)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/