Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Thu, 16 May 2002 14:36:00 -0400 (EDT) From: Prentis Brooks To: Tony Hain cc: cygwin AT cygwin DOT com, Subject: Re: cygwin & opensshd on .net enterprise server In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Ok, The setgid is a none error to me. This happens when the passwd files are not built properly. Not your fault, some interesting Windows installations give mkpasswd and mkgroup headaches, particularly on Domain Controllers. If you check your /etc/passwd and /etc/group, you will find one of the following: 1) You have duplicate entries in /etc/passwd for the user you are trying to login as 2) You will find that the GID of your user in /etc/passwd does not exist in /etc/group (most likely for the setgid error). Check your /etc/passwd and /etc/group files, make sure that your "Primary" NT group is in the /etc/group file and that it has the correct GID. In some cases I saw mkgroup create a Domain group as GID 513 and /etc/passwd would use 10513 (I only saw this on a domain controller where this is both a local and a domain group) or vice versa. I think it was the other way when I saw it. In short, fix your /etc/passwd and /etc/group so that they match and your problem should be corrected. On Wed, 15 May 2002, Tony Hain wrote: > I am looking for any clues on how to make cygwin & opensshd work on a > .net enterprise server, and found nothing in the mail archive. I had > been running Mark's opensshd specific environment on W2k server without > trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I > thought I would try the full cygwin. That is failing in the same way, so > after a couple of days experimenting I am stuck. > > With the intent of sending Mark a trace, I followed his instructions for > debugging by using a scheduled task to get a system account command > window (if it is of any use, I have put a copy of the debug trace at the > end). What I found in the process is that there appears to be some > permissions related problem, because I get logged in as any valid user > over the ssh channel, but that immediately exits. Trying to figure that > out I found that the only process/user that can run the shell is the > system account. When I run sh, bash, or the cygwin.bat from any other > account it just exits, but they appear to work fine in the system > initiated command window. This is also true of many of the exe's in > /bin, although some of them just hang with 100% cpu for the non-system > user. > > One thing I found in the process is that the old passwd file is useless. > The only way I could log in using ssh with either Mark's sshd subset, or > the full cygwin was to use the mkpasswd & mkgroup process to build those > files from scratch with the NT UIDs. What the log showed before I did > that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.' > Simply changing that got me to the point of 'password accepted', but > until the shell runs for all accounts, that does no good. > > I tried setting bash to W2k compatibility mode (actually all modes), and > turning off the 'protect my computer from unauthorized activity' > checkbox in the run as ... option, but those made no difference. I also > tried setting the file owner for the entire subdirectory tree to system, > again no difference. cygrunsrv.exe and sshd.exe are running as system, > but it appears they end up running the shell in user space. > > Any clues what to try next??? > Tony > > > > C:\Program Files\NetworkSimplicity\ssh>sshd -d -d -d -f sshd_config > debug1: sshd version OpenSSH_3.1p1 > debug1: private host key: #0 type 0 RSA1 > debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #1 type 1 RSA > debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #2 type 2 DSA > debug1: Bind to port 87 on 0.0.0.0. > Server listening on 0.0.0.0 port 87. > debug1: Server will not fork when running in debugging mode. > Connection from 192.168.123.34 port 4354 > debug1: Client protocol version 1.99; client software version 3.0.0 SSH > Secure S > hell for Windows > debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.* > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.1p1 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-gro > up1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, > aes192-cbc,aes256-cbc > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, > aes192-cbc,aes256-cbc > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open > ssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open > ssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ssh-rsa,ssh-dss,x509v3-sign-dss,x509v3-sign-rsa > debug2: kex_parse_kexinit: 3des-cbc > debug2: kex_parse_kexinit: 3des-cbc > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1 > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: client->server 3des-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: server->client 3des-cbc hmac-md5 none > debug1: dh_gen_key: priv key bits set: 194/384 > debug1: bits set: 475/1024 > debug1: expecting SSH2_MSG_KEXDH_INIT > debug1: bits set: 480/1024 > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user ahain service ssh-connection method > none > debug1: attempt 0 failures 0 > debug2: input_userauth_request: setting up authctxt for ahain > debug2: input_userauth_request: try method none > Failed none for ahain from 192.168.123.34 port 4354 ssh2 > debug1: userauth-request for user ahain service ssh-connection method > none > debug1: attempt 1 failures 1 > debug2: Unrecognized authentication method name: none > Failed none for ahain from 192.168.123.34 port 4354 ssh2 > debug1: userauth-request for user ahain service ssh-connection method > password > debug1: attempt 2 failures 2 > debug2: input_userauth_request: try method password > Accepted password for ahain from 192.168.123.34 port 4354 ssh2 > debug1: Entering interactive session for SSH2. > debug1: fd 3 setting O_NONBLOCK > debug1: fd 7 setting O_NONBLOCK > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 10000 max > 512 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_pty_req: session 0 alloc /dev/tty1 > debug3: tty_parse_modes: SSH2 n_bytes 0 > debug1: server_input_channel_req: channel 0 request shell reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > debug1: fd 4 setting TCP_NODELAY > debug1: channel 0: rfd 9 isatty > debug1: fd 9 setting O_NONBLOCK > debug1: fd 8 setting O_NONBLOCK > debug1: server_input_channel_req: channel 0 request window-change reply > 0 > debug1: session_by_channel: session 0 channel 0 > debug1: Received SIGCHLD. > debug1: session_input_channel_req: session 0 req window-change > debug3: tvp!=NULL kid 1 mili 100 > debug2: notify_done: reading > debug1: session_by_pid: pid 3964 > debug1: session_exit_message: session 0 channel 0 pid 3964 > debug1: channel request 0: exit-status > debug1: session_exit_message: release channel 0 > debug1: channel 0: write failed > debug1: channel 0: close_write > debug1: channel 0: output open -> closed > debug1: session_close: session 0 pid 3964 > debug1: session_pty_cleanup: session 0 release /dev/tty1 > Write failed: errno ESHUTDOWN triggered > debug1: Calling cleanup 0x41f104(0x0) > debug1: channel_free: channel 0: server-session, nchannels 1 > debug3: channel_free: status: The following connections are open: > #0 server-session (t4 r0 i0/185 o3/0 fd 9/-1) > > debug3: channel_close_fds: channel 0: r 9 w -1 e -1 > debug1: Calling cleanup 0x417030(0x0) > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > -- Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure & Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/