Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-class: urn:content-classes:message Subject: RE: Connection closed message when trying to connect with sftp using public key authentication to OpenSSH 3.7.1p2 on Windows 2003 Server MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 24 Jun 2005 15:45:35 +0100 Message-ID: <34D62E65D54FDF49B7B4DDDC87BF2F2A482F79@hera.internal.metron.co.uk> From: "Des Atkinson" To: "Cygwin List" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id j5OEhs2r008582 I have downloaded and tested 4.1p1-1 and all is now working just fine. The key lessons for me were: 1. Yes, use privilege separation as that seems to work just fine. It creates a user called sshd to run the non-privileged operations. 2. If you want to use a pre-existing user to own the sshd service, ensure that it has the following privileges: * Adjust memory quotas for a process * Create a token object * Logon as a service * Replace a process level token These privileges should be set using the "Domain Controller Security Settings" utility (go to Local Policies -> User Rights Assignment). The user must also have Administrator rights on the server. It should also have ownership of the following files: /etc/ssh_host* /var/empty Many thanks for your help. -----Original Message----- From: Larry Hall [mailto:lh-no-personal-replies-please AT cygwin DOT com] Sent: 15 June 2005 15:51 To: Cygwin List; Des Atkinson; cygwin AT cygwin DOT com Subject: Re: Connection closed message when trying to connect with sftp using public key authentication to OpenSSH 3.7.1p2 on Windows 2003 Server At 10:39 AM 6/15/2005, you wrote: >At 10:14 AM 6/15/2005, you wrote: >>I have been trying to connect to OpenSSH on my Windows 2003 Server system using public key authentication. I have tried using both sftp and ssh. In both cases the verbose output shows that the authentication succeeded okay, but the session itself just seems to die with an "Exit status 255" message (followed by "Connection closed" for sftp). >> > > > > > >>Is there some additional configuration I need to attempt on my server to make this all work? I am running the CYGWIN sshd service under the Local System account on the server. > > >The Local System account does not have the permissions necessary to permit >pubkey authentication to work on W2K3. Did you install with ssh-host-config >and ssh-user-config? ssh-host-config will ask you if you want to create the >"sshd_server" user that will have the proper permissions to permit pubkey >authentication. See 'usr/share/doc/Cygwin/openssh.README' for more details. I should also point out that OpenSSH 3.7.1p2 is very old now. The current version is 4.1p1-1. It may be that ssh-host-config doesn't have the option to create the "sshd_server" user in that version. I don't remember. If it does not, all the more reason to upgrade. ;-) > -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/