Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-Id: <5.1.0.14.2.20020726182759.01f8f700@pop3.cris.com> X-Sender: rrschulz AT pop3 DOT cris DOT com Date: Fri, 26 Jul 2002 18:32:59 -0700 To: cygwin AT cygwin DOT com From: Randall R Schulz Subject: Re: W2K and sshd, ssh - asks for password In-Reply-To: <021201c234eb$a88f07a0$0100a8c0@wdg.uk.ibm.com> References: <20020724163138 DOT F3921 AT cygbert DOT vinschen DOT de> <20020724201757 DOT GC21112 AT redhat DOT com> <00da01c2336a$b940b210$0100a8c0 AT wdg DOT uk DOT ibm DOT com> <20020725112023 DOT B14134 AT cygbert DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Max, Regarding this: >I had this problem. It turned out that, despite what I thought, ntsec was >_not_ >actually in the CYGWIN variable. You should be aware that certain keywords in the CYGWIN variable, among them "ntsec," are only examined when the Cygwin1.dll initially loads (i.e., every time a Cygwin application starts up and the Cygwin1.dll shared library was not already loaded; that can occur any number of times between reboots or logins). In particular this means that no Cygwin code or script can meaningfully set the "ntsec" keyword in the CYGWIN variable--it must be supplied by the Windows environment. The usual way of doing this is to use the System control panel's Environment setting function. Randall Schulz Mountain View, CA USA At 12:33 2002-07-26, Max Bowsher wrote: >Brian Keener wrote: > > If I start sshd as a service it doesn't matter if I have ntsec in the > > CYGWIN environmental variable or not - it still will ask me for the > > password. Whereas if I start sshd as Max described above without > > ntsec then ssh will ask for a password, but with ntsec then ssh will > > simply logon to the server and not ask for the password. > >I had this problem. It turned out that, despite what I thought, ntsec was >_not_ >actually in the CYGWIN variable. > >Look in the server debug output for the following 2 lines (in order to get the >output from when sshd is run as a service, change -D to -ddde in >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshd\Parameters\AppArgs. >The output will be written to /var/log/sshd.log . Note that sshd will die >after >every connection with -d, so remember to put it back to -D when you are >done.) : > >debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa >Failed publickey for max from 127.0.0.1 port 3064 ssh2 > >The important part is "userauth_pubkey: authenticated 1" (NB _1_) followed >immediately by "Failed publickey". > >Basically "authenticated 1" is saying 'authenticated successfully'. The only >thing that can cause authntication to fail after this has been printed is >a bit >of cygwin specific code that lacks and debug logging. Essentially, if this >combination occurs, the problem is that CYGWIN does not contain ntsec. > >If this does not help, then you can try posting the output here for further >suggestions. > >Max -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/