Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <5.1.0.14.2.20020726182759.01f8f700@pop3.cris.com>
X-Sender: rrschulz AT pop3 DOT cris DOT com
Date: Fri, 26 Jul 2002 18:32:59 -0700
To: cygwin AT cygwin DOT com
From: Randall R Schulz <rrschulz AT cris DOT com>
Subject: Re: W2K and sshd, ssh  - asks for password
In-Reply-To: <021201c234eb$a88f07a0$0100a8c0@wdg.uk.ibm.com>
References: <VA DOT 00000c0e DOT 002c0d59 AT thesoftwaresource DOT com>
 <20020724163138 DOT F3921 AT cygbert DOT vinschen DOT de>
 <VA DOT 00000c10 DOT 00aec8ba AT thesoftwaresource DOT com>
 <20020724201757 DOT GC21112 AT redhat DOT com>
 <VA DOT 00000c11 DOT 0214eedd AT thesoftwaresource DOT com>
 <00da01c2336a$b940b210$0100a8c0 AT wdg DOT uk DOT ibm DOT com>
 <20020725112023 DOT B14134 AT cygbert DOT vinschen DOT de>
 <VA DOT 00000c2a DOT 004a6713 AT thesoftwaresource DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

Max,

Regarding this:

>I had this problem. It turned out that, despite what I thought, ntsec was 
>_not_
>actually in the CYGWIN variable.


You should be aware that certain keywords in the CYGWIN variable, among 
them "ntsec," are only examined when the Cygwin1.dll initially loads (i.e., 
every time a Cygwin application starts up and the Cygwin1.dll shared 
library was not already loaded; that can occur any number of times between 
reboots or logins).

In particular this means that no Cygwin code or script can meaningfully set 
the "ntsec" keyword in the CYGWIN variable--it must be supplied by the 
Windows environment. The usual way of doing this is to use the System 
control panel's Environment setting function.

Randall Schulz
Mountain View, CA USA


At 12:33 2002-07-26, Max Bowsher wrote:
>Brian Keener wrote:
> > If I start sshd as a service it doesn't matter if I have ntsec in the
> > CYGWIN environmental variable or not - it still will ask me for the
> > password.  Whereas if I start sshd as Max described above without
> > ntsec then ssh will ask for a password, but with ntsec then ssh will
> > simply logon to the server and not ask for the password.
>
>I had this problem. It turned out that, despite what I thought, ntsec was 
>_not_
>actually in the CYGWIN variable.
>
>Look in the server debug output for the following 2 lines (in order to get the
>output from when sshd is run as a service, change -D to -ddde in
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshd\Parameters\AppArgs.
>The output will be written to /var/log/sshd.log . Note that sshd will die 
>after
>every connection with -d, so remember to put it back to -D when you are 
>done.) :
>
>debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
>Failed publickey for max from 127.0.0.1 port 3064 ssh2
>
>The important part is "userauth_pubkey: authenticated 1" (NB _1_) followed
>immediately by "Failed publickey".
>
>Basically "authenticated 1" is saying 'authenticated successfully'. The only
>thing that can cause authntication to fail after this has been printed is 
>a bit
>of cygwin specific code that lacks and debug logging. Essentially, if this
>combination occurs, the problem is that CYGWIN does not contain ntsec.
>
>If this does not help, then you can try posting the output here for further
>suggestions.
>
>Max


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/