Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Thu, 16 May 2002 14:42:17 -0400 (EDT) From: Prentis Brooks To: Tony Hain cc: cygwin AT cygwin DOT com, Subject: Re: cygwin & opensshd on .net enterprise server In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Ok, I typed too fast... none is supposed to be known... sorry On Thu, 16 May 2002, Prentis Brooks wrote: > Ok, The setgid is a none error to me. This happens when the passwd > files are not built properly. Not your fault, some interesting Windows > installations give mkpasswd and mkgroup headaches, particularly on > Domain Controllers. > > If you check your /etc/passwd and /etc/group, you will find one of the > following: > > 1) You have duplicate entries in /etc/passwd for the user you are trying > to login as > 2) You will find that the GID of your user in /etc/passwd does not exist > in /etc/group (most likely for the setgid error). > > Check your /etc/passwd and /etc/group files, make sure that your > "Primary" NT group is in the /etc/group file and that it has the correct > GID. In some cases I saw mkgroup create a Domain group as GID 513 and > /etc/passwd would use 10513 (I only saw this on a domain controller > where this is both a local and a domain group) or vice versa. I think > it was the other way when I saw it. > > In short, fix your /etc/passwd and /etc/group so that they match and > your problem should be corrected. > > > On Wed, 15 May 2002, Tony Hain wrote: > > > I am looking for any clues on how to make cygwin & opensshd work on a > > .net enterprise server, and found nothing in the mail archive. I had > > been running Mark's opensshd specific environment on W2k server without > > trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I > > thought I would try the full cygwin. That is failing in the same way, so > > after a couple of days experimenting I am stuck. > > > > With the intent of sending Mark a trace, I followed his instructions for > > debugging by using a scheduled task to get a system account command > > window (if it is of any use, I have put a copy of the debug trace at the > > end). What I found in the process is that there appears to be some > > permissions related problem, because I get logged in as any valid user > > over the ssh channel, but that immediately exits. Trying to figure that > > out I found that the only process/user that can run the shell is the > > system account. When I run sh, bash, or the cygwin.bat from any other > > account it just exits, but they appear to work fine in the system > > initiated command window. This is also true of many of the exe's in > > /bin, although some of them just hang with 100% cpu for the non-system > > user. > > > > One thing I found in the process is that the old passwd file is useless. > > The only way I could log in using ssh with either Mark's sshd subset, or > > the full cygwin was to use the mkpasswd & mkgroup process to build those > > files from scratch with the NT UIDs. What the log showed before I did > > that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.' > > Simply changing that got me to the point of 'password accepted', but > > until the shell runs for all accounts, that does no good. > > > > I tried setting bash to W2k compatibility mode (actually all modes), and > > turning off the 'protect my computer from unauthorized activity' > > checkbox in the run as ... option, but those made no difference. I also > > tried setting the file owner for the entire subdirectory tree to system, > > again no difference. cygrunsrv.exe and sshd.exe are running as system, > > but it appears they end up running the shell in user space. > > > > Any clues what to try next??? > > Tony > > > > > > > > C:\Program Files\NetworkSimplicity\ssh>sshd -d -d -d -f sshd_config > > debug1: sshd version OpenSSH_3.1p1 > > debug1: private host key: #0 type 0 RSA1 > > debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key. > > debug1: read PEM private key done: type RSA > > debug1: private host key: #1 type 1 RSA > > debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key. > > debug1: read PEM private key done: type DSA > > debug1: private host key: #2 type 2 DSA > > debug1: Bind to port 87 on 0.0.0.0. > > Server listening on 0.0.0.0 port 87. > > debug1: Server will not fork when running in debugging mode. > > Connection from 192.168.123.34 port 4354 > > debug1: Client protocol version 1.99; client software version 3.0.0 SSH > > Secure S > > hell for Windows > > debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.* > > Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_3.1p1 > > debug1: list_hostkey_types: ssh-rsa,ssh-dss > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > > diffie-hellman-group-exchange-sha1,diffie-hellman-gro > > up1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, > > aes192-cbc,aes256-cbc > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, > > aes192-cbc,aes256-cbc > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open > > ssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT open > > ssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: > > ssh-rsa,ssh-dss,x509v3-sign-dss,x509v3-sign-rsa > > debug2: kex_parse_kexinit: 3des-cbc > > debug2: kex_parse_kexinit: 3des-cbc > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1 > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1 > > debug2: kex_parse_kexinit: none > > debug2: kex_parse_kexinit: none > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_init: found hmac-md5 > > debug1: kex: client->server 3des-cbc hmac-md5 none > > debug2: mac_init: found hmac-md5 > > debug1: kex: server->client 3des-cbc hmac-md5 none > > debug1: dh_gen_key: priv key bits set: 194/384 > > debug1: bits set: 475/1024 > > debug1: expecting SSH2_MSG_KEXDH_INIT > > debug1: bits set: 480/1024 > > debug1: kex_derive_keys > > debug1: newkeys: mode 1 > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: waiting for SSH2_MSG_NEWKEYS > > debug1: newkeys: mode 0 > > debug1: SSH2_MSG_NEWKEYS received > > debug1: KEX done > > debug1: userauth-request for user ahain service ssh-connection method > > none > > debug1: attempt 0 failures 0 > > debug2: input_userauth_request: setting up authctxt for ahain > > debug2: input_userauth_request: try method none > > Failed none for ahain from 192.168.123.34 port 4354 ssh2 > > debug1: userauth-request for user ahain service ssh-connection method > > none > > debug1: attempt 1 failures 1 > > debug2: Unrecognized authentication method name: none > > Failed none for ahain from 192.168.123.34 port 4354 ssh2 > > debug1: userauth-request for user ahain service ssh-connection method > > password > > debug1: attempt 2 failures 2 > > debug2: input_userauth_request: try method password > > Accepted password for ahain from 192.168.123.34 port 4354 ssh2 > > debug1: Entering interactive session for SSH2. > > debug1: fd 3 setting O_NONBLOCK > > debug1: fd 7 setting O_NONBLOCK > > debug1: server_init_dispatch_20 > > debug1: server_input_channel_open: ctype session rchan 0 win 10000 max > > 512 > > debug1: input_session_request > > debug1: channel 0: new [server-session] > > debug1: session_new: init > > debug1: session_new: session 0 > > debug1: session_open: channel 0 > > debug1: session_open: session 0: link with channel 0 > > debug1: server_input_channel_open: confirm session > > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > > debug1: session_by_channel: session 0 channel 0 > > debug1: session_input_channel_req: session 0 req pty-req > > debug1: Allocating pty. > > debug1: session_pty_req: session 0 alloc /dev/tty1 > > debug3: tty_parse_modes: SSH2 n_bytes 0 > > debug1: server_input_channel_req: channel 0 request shell reply 1 > > debug1: session_by_channel: session 0 channel 0 > > debug1: session_input_channel_req: session 0 req shell > > debug1: fd 4 setting TCP_NODELAY > > debug1: channel 0: rfd 9 isatty > > debug1: fd 9 setting O_NONBLOCK > > debug1: fd 8 setting O_NONBLOCK > > debug1: server_input_channel_req: channel 0 request window-change reply > > 0 > > debug1: session_by_channel: session 0 channel 0 > > debug1: Received SIGCHLD. > > debug1: session_input_channel_req: session 0 req window-change > > debug3: tvp!=NULL kid 1 mili 100 > > debug2: notify_done: reading > > debug1: session_by_pid: pid 3964 > > debug1: session_exit_message: session 0 channel 0 pid 3964 > > debug1: channel request 0: exit-status > > debug1: session_exit_message: release channel 0 > > debug1: channel 0: write failed > > debug1: channel 0: close_write > > debug1: channel 0: output open -> closed > > debug1: session_close: session 0 pid 3964 > > debug1: session_pty_cleanup: session 0 release /dev/tty1 > > Write failed: errno ESHUTDOWN triggered > > debug1: Calling cleanup 0x41f104(0x0) > > debug1: channel_free: channel 0: server-session, nchannels 1 > > debug3: channel_free: status: The following connections are open: > > #0 server-session (t4 r0 i0/185 o3/0 fd 9/-1) > > > > debug3: channel_close_fds: channel 0: r 9 w -1 e -1 > > debug1: Calling cleanup 0x417030(0x0) > > > > > > -- > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > Bug reporting: http://cygwin.com/bugs.html > > Documentation: http://cygwin.com/docs.html > > FAQ: http://cygwin.com/faq/ > > > > -- Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure & Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/