Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: Cygwin List Message-Id: <6.1.0.6.0.20040831223054.034a3400@pop.prospeed.net> X-Sender: Date: Tue, 31 Aug 2004 22:44:25 -0400 To: "Cary Lewis" , "Cygwin List" From: Larry Hall Subject: RE: ssh - no access to /dev/st0 In-Reply-To: <536E63F3472B3F4486A01F301164FEC8584E24@mccmsrv.mccnet.mobi lecom.com> References: <536E63F3472B3F4486A01F301164FEC8584E24 AT mccmsrv DOT mccnet DOT mobilecom DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 03:02 PM 8/31/2004, you wrote: >If I add sshd_server to the Administrators group, I can auto logon via >ssh (using authorized_keys). Even though this is supposed to happen via >ssh-host-config. From '/usr/share/doc/Cygwin/openssh.README': 2003 Server has a funny new feature. When starting services under SYSTEM account, these services have nearly all user rights which SYSTEM holds... except for the "Create a token object" right, which is needed to allow public key authentication :-( There's no way around this, except for creating a substitute account which has the appropriate privileges. Basically, this account should be member of the administrators group, plus it should have the following user rights: Create a token object Logon as a service Replace a process level token Increase Quota The ssh-host-config script asks you, if it should create such an account, called "sshd_server". If you say "no" here, you're on your own. Please follow the instruction in ssh-host-config exactly if possible. Note that ssh-user-config sets the permissions on 2003 Server machines dependent of whether a sshd_server account exists or not. So your 'sshd_server' user should be a member of the administrators group if it's going to work. Did you use 'ssh-host-config' to create it in the first place? Does rerunning it make it any better? >But I still do not have access to /dev/st0, but if I disable auto-logon >and type in my password, all works. > >The interesting thing is that the id command returns a different set of >groups for me when I log on automatically or I specify the password. > >The uid and gid are the same, but the list of groups is different: For >the automatic logon I only get Domain Admins and Users > >Any suggestions would be appreciated. Beyond what I already suggested (below), which I still think is valid/worthwhile advice, you might also review your '/etc/passwd' and '/etc/group' too. >Thanks. > >-----Original Message----- >From: Larry Hall [mailto:blah blah blah] > >Sent: Tuesday, August 31, 2004 12:36 PM >To: Cary Lewis; blah AT blah DOT blah >Subject: RE: ssh - no access to /dev/st0 > >At 12:24 PM 8/31/2004, you wrote: >>The issue is that during command line execution of a tar command, sshd >>has not set the environment properly, namely the mount points are not >>there, so /dev/st0 does not exist, and the PATH variable does not point >>to the correct cygwin files either. >> >>What might be causing this. >> >>It works fine with an interactive ssh session (providing auto logon is >>not set up). >> > > >I think it's time to start over on this one too: > >>Problem reports: http://cygwin.com/problems.html > > >You might want to run your server in debug mode and see if you can >spot the problem here. My WAG is permissions problems on ~/.ssh and/or >log files/directories and/or 'sshd' isn't running with all the >permissions >it needs. But that's just guessing. The debug output should help >ferret >out the real answer. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/