Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <3.0.5.32.20040416194934.007fe530@incoming.verizon.net>
X-Sender: vze1u1tg AT incoming DOT verizon DOT net
Date: Fri, 16 Apr 2004 19:49:34 -0400
To: cygwin AT cygwin DOT com
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject: Re: rsync  question
Cc: peterkok AT peter-angela DOT com
In-Reply-To: <20040416220810.GI26558@cygbert.vinschen.de>
References: <E1BEZFt-0001Y4-2L AT host4-server DOT com> <E1BEZFt-0001Y4-2L AT host4-server DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 12:08 AM 4/17/2004 +0200, Corinna Vinschen wrote:
>On Apr 16 15:44, Peter Kok wrote:

>> Q2: Could nontsec work with public key authentication?  I have granted 
>> the account with several local user rights, "create token object, 
>> logon 
>> as a service' and 'replace a process level token'
>
>Did you give the SYSTEM account the right to read your ~/.ssh directory
>and the files in it?  Does the service know about nontsec (set CYGWIN
>in global windows environment or through cygrunsrv)?  Is StrictModes set
>to no in /etc/sshd_config?

From Peter's question it's not clear if his sshd is running as SYSTEM.
If it is, then granting the privileges to the user should not be
necessary, but that doesn't explain the problem.

I can reproduce on an NT system, with sshd running as SYSTEM,
but I can't explain it. Part of the debug output of ssh is given
below, with and without ntsec. The difference is in the last few
lines.

Pierre

With nontsec

debug3: check_host_in_hostfile: filename /home/phumblet/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/phumblet/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/phumblet/.ssh/identity (0x0)
debug2: key: /home/phumblet/.ssh/id_rsa (0x0)
debug2: key: /home/phumblet/.ssh/id_dsa (0x100f1310)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/phumblet/.ssh/identity
debug3: no such identity: /home/phumblet/.ssh/identity
debug1: Trying private key: /home/phumblet/.ssh/id_rsa
debug3: no such identity: /home/phumblet/.ssh/id_rsa
debug1: Offering public key: /home/phumblet/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 435
debug2: input_userauth_pk_ok: fp
bd:b6:5f:f3:d4:33:9d:66:40:da:d4:3a:60:28:b2:88
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue:
publickey,password,keyboard-interactive

with ntsec

debug3: check_host_in_hostfile: filename /home/phumblet/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/phumblet/.ssh/known_hosts:1
debug2: bits set: 497/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/phumblet/.ssh/identity (0x0)
debug2: key: /home/phumblet/.ssh/id_rsa (0x0)
debug2: key: /home/phumblet/.ssh/id_dsa (0x100f1310)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/phumblet/.ssh/identity
debug3: no such identity: /home/phumblet/.ssh/identity
debug1: Trying private key: /home/phumblet/.ssh/id_rsa
debug3: no such identity: /home/phumblet/.ssh/id_rsa
debug1: Offering public key: /home/phumblet/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 435
debug2: input_userauth_pk_ok: fp
bd:b6:5f:f3:d4:33:9d:66:40:da:d4:3a:60:28:b2:88
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]

/home/phumblet/.ssh> fgrep -i strict /etc/sshd_config 
StrictModes no


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/