Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs Date: Fri, 26 Jul 2002 11:58:16 -0400 (EDT) From: Igor Pechtchanski Reply-To: cygwin To: cygwin Subject: Re: W2K and sshd, ssh - asks for password In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Fri, 26 Jul 2002, Brian Keener wrote: > Now any ideas why running from the SYSTEM bash shell (with ntsec in use) > sshd/ssh doesn't require the password but running as a service it does? > Is this as I surmise a problem with the way the service is created and > thus being run. Brian, I've had a similar thing happen on AIX. Is your home directory on a network share, by any chance? When you run something as a service (or from a service, like rexec), you cannot access network shares (at least I couldn't). ssh looks in $HOME/.ssh/ to figure out whether the host/user is trusted. If your home directory is on a network drive, it cannot be reached from the ssh service, and so it has to authenticate you. Hope this helps. Igor Full message below: On Fri, 26 Jul 2002, Brian Keener wrote: > Corinna Vinschen wrote: > > > I think that only the POSIX file mode using ACLs requires NTFS. The rest of what > > > ntsec does just requires an NT OS, and FAT will do. > > > > You're right. You just don't get real POSIX permissions on files, > > but on process level ntsec still works. > > > > Well you guys just clarified and confirmed what I discovered last night and problem > now solved (partly) and sshd/ssh appears to be functioning as it should at least > from the SYSTEM bash shell. > > I prepared and did the following test as Max described: > > The server needs to run under the SYSTEM account, so you will need to get a > > shell running under this account: As an administrator, run 'at hh:mm > > /interactive C:\cygwin\cygwin.bat', where hh:mm is current time +1m. Once the > > minute rolls over, you will have a bash shell running as SYSTEM. Now run > > '/usr/sbin/sshd -ddde >sshd-log 2>&1'. Now, in a separate shell (not as SYSTEM), > > try to log in - 'ssh myuser AT localhost' As soon as you get the password prompt, > > Ctrl-C. The sshd will exit as it is running in debug mode. Send sshd-log to > > cygwin AT cygwin DOT com in the body of an email. > > and I had the file all prepared to email and then decided based on his other > comments about ntsec that I would just give it a try (which I should have done in > the first place and saved everyone a lot of grief - but I was afraid of the NTFS > requirement and screwing something up big time). Lo and behold with sshd started as > Max described and with NTSEC as part of my CYGWIN variable - I could type in: > > ssh localhost > > and there I was - the message of the day and logged in via SSH without it asking for > a password. > > I then decided to try sshd as a service again (installed and started from within the > SYSTEM bash shell I had running) but this time however it was back to asking for my > password. I tried testing various combinations of using the bash shell with user > SYSTEM (as Max described above) and ntsec in my CYGWIN variable and essentially > discovered the following: > > If I start sshd as a service it doesn't matter if I have ntsec in the CYGWIN > environmental variable or not - it still will ask me for the password. Whereas if I > start sshd as Max described above without ntsec then ssh will ask for a password, > but with ntsec then ssh will simply logon to the server and not ask for the > password. > > One thing I have noticed though is that when I use cygrunsrv to install sshd as a > service (with the cygwin variable specified with ntsec specified) and then go look > at the service that was created - I see where it references cygrunsrv.exe but see no > reference to those parameters about the cygwin variable. This is on a Windows 2000 > system - where is this information kept that would cause sshd to start as a service > with the cygwin variable set as required? This is probably the big question that > will fix my service problem. > > So I now have learned (and you folks confirmed) that ntsec does affect part of the > system even when you don't NTFS. > > Good to know and thanks for the clarification from both of you. Now any ideas why > running from the SYSTEM bash shell (with ntsec in use) sshd/ssh doesn't require the > password but running as a service it does? Is this as I surmise a problem with the > way the service is created and thus being run. > > bk -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! It took the computational power of three Commodore 64s to fly to the moon. It takes a 486 to run Windows 95. Something is wrong here. -- SC sig file -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/