Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <5D4071E2FFF3C048B4D101578625E7F6018FD12E@emsbax01.resdom.droot.net> From: Stefan DOT Vogler AT HVBInfo DOT com To: cygwin AT cygwin DOT com Subject: SSH-Keyauthentification with Windows 2003 Date: Thu, 8 Jan 2004 14:48:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-IsSubscribed: yes Hello, I want to realize SSH-Keyauthentification with Windows 2003 and cygwin 1.5.5.1 As ssh-client I use putty 0.53b on a Windows NT SP6-workstation. I use a technical account for the ssh-service with the privileges - logon as service - create token - replace process token because the local system account context does'nt work anymore under Windows 2003. If I'm logged on locally on the windows machine (running the ssh-Service) with the account "p859301" and starting the putty-ssh-Shell from another one, the keyauthentification for the user "p859301" works fine. (this meanes, that ssh is properly configured for this user) If I'm logged off locally from the machine (running the ssh-Service) and starting the putty-ssh-shell from another one , I can enter the passphrase for my public key and then get the following error message =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2004.01.08 13:40:05 =~=~=~=~=~=~=~=~=~=~=~= login as: p859301 Authenticating with public key "rsa-key-20031002" Passphrase for key "rsa-key-20031002": Last login: Thu Jan 8 13:39:53 2004 from 172.108.20.203 Could not chdir to home directory /home/p859301: No such file or directory /bin/bash: No such file or directory ____________________________________________________________________________ __ then, the shell closes . starting the ssh-Service on the machine in debugmode, I got the following output , if I want to establish the ssh-session ont the client C:\cygwin\usr\sbin>sshd -d /etc/sshd_config line 27: Deprecated option RhostsAuthentication debug1: sshd version OpenSSH_3.7.1p2 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 172.108.20.203 port 3835 debug1: Client protocol version 2.0; client software version PuTTY-Release-0.53b debug1: no match: PuTTY-Release-0.53b debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2 debug1: list_hostkey_types: ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes256-cbc hmac-sha1 none debug1: kex: server->client aes256-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user p859301 service ssh-connection method none debug1: attempt 0 failures 0 Failed none for p859301 from 172.108.20.203 port 3835 ssh2 debug1: userauth-request for user p859301 service ssh-connection method publicke y debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 1049/513 (e=1066/513) debug1: trying public key file /home/P859301/.ssh/authorized_keys debug1: matching key found: file /home/P859301/.ssh/authorized_keys, line 1 Found matching RSA key: f8:a7:b3:90:38:0d:57:f2:3e:cf:97:98:ee:04:dd:78 debug1: restore_uid: (unprivileged) Postponed publickey for p859301 from 172.108.20.203 port 3835 ssh2 debug1: userauth-request for user p859301 service ssh-connection method publicke y debug1: attempt 2 failures 1 debug1: temporarily_use_uid: 1049/513 (e=1066/513) debug1: trying public key file /home/P859301/.ssh/authorized_keys debug1: matching key found: file /home/P859301/.ssh/authorized_keys, line 1 Found matching RSA key: f8:a7:b3:90:38:0d:57:f2:3e:cf:97:98:ee:04:dd:78 debug1: restore_uid: (unprivileged) debug1: ssh_rsa_verify: signature correct Accepted publickey for p859301 from 172.108.20.203 port 3835 ssh2Accepted public key for p859301 from 172.108.20.203 port 3835 ssh2 debug1: monitor_child_preauth: p859301 has been authenticated by privileged proc debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/tty0 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Received SIGCHLD. debug1: session_by_pid: pid 2888 debug1: session_exit_message: session 0 channel 0 pid 2888 debug1: session_exit_message: release channel 0 debug1: session_close: session 0 pid 2888 debug1: session_pty_cleanup: session 0 release /dev/tty0 debug1: channel 0: free: server-session, nchannels 1 Connection closed by 172.108.20.203 Closing connection to 172.108.20.203 ______________________________________________________________________ the installed cygwin-libaries on the machine: Cygwin Package Information Last downloaded files to: D:\cygwin 09102003\ftp%3a%2f%2fcygwin.mirrors.pair.com\release Last downloaded files from: D:\cygwin 09102003\ftp%3a%2f%2fcygwin.mirrors.pair.com\release Package Version Status _update-info-dir 00221-1 OK ash 20031007-1 OK base-files 2.6-1 OK base-passwd 1.1-1 OK Empty package bash bash 2.05b-15 OK Empty package bzip2 bzip2 1.0.2-5 OK Empty package cygrunsrv cygrunsrv 0.96-2 OK Empty package cygutils cygutils 1.2.1-2 OK cygwin 1.5.5-1 OK Empty package diffutils diffutils 2.8.4-1 OK Empty package editrights editrights 1.01-1 OK Empty package fileutils fileutils 4.1-2 OK Empty package findutils findutils 4.1.7-4 OK gawk 3.1.3-3 OK Empty package gdbm gdbm 1.8.3-7 OK Empty package grep grep 2.5-1 OK Empty package groff groff 1.18.1-2 OK Empty package gzip gzip 1.3.5-1 OK Empty package less less 381-1 OK libbz2_1 1.0.2-5 OK Empty package libgdbm libgdbm 1.8.0-5 OK Empty package libgdbm-devel libgdbm-devel 1.8.3-7 OK Empty package libgdbm3 libgdbm3 1.8.3-3 OK Empty package libgdbm4 libgdbm4 1.8.3-7 OK Empty package libgettextpo0 libgettextpo0 0.12.1-3 OK libiconv2 1.9.1-3 OK Empty package libintl1 libintl1 0.10.40-1 OK libintl2 0.12.1-3 OK Empty package libncurses5 libncurses5 5.2-1 OK Empty package libncurses6 libncurses6 5.2-8 OK Empty package libncurses7 libncurses7 5.3-4 OK Empty package libpcre libpcre 4.1-1 OK libpcre0 4.4-2 OK Empty package libpopt0 libpopt0 1.6.4-4 OK Empty package libreadline4 libreadline4 4.1-2 OK Empty package libreadline5 libreadline5 4.3-5 OK Empty package login login 1.9-7 OK Empty package man man 1.5j-2 OK Empty package mktemp mktemp 1.5-3 OK Empty package ncurses ncurses 5.3-4 OK Empty package openssh openssh 3.7.1p2-1 OK openssl 0.9.7c-1 OK Empty package readline readline 4.3-5 OK Empty package sed sed 4.0.7-3 OK Empty package sh-utils sh-utils 2.0.15-4 OK Empty package tar tar 1.13.25-3 OK Empty package termcap termcap 20021106-2 OK Empty package terminfo terminfo 5.3_20030726-1 OK Empty package texinfo texinfo 4.2-4 OK Empty package textutils textutils 2.0.21-1 OK Empty package which which 1.5-2 OK Empty package zlib zlib 1.1.4-4 OK Has someone got ssh-keyauthentification to work under windows 2003 ? greetings, Stefan Vogler INF9SD Security Design e-Mail: stefan DOT vogler AT hvbinfo DOT com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/