X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: =?ISO-8859-1?Q?Ren=E9_Berber?= <r DOT berber AT computer DOT org>
Subject:  Re: sshd+ssh localhost connects, but don't reach the shell
Date:  Mon, 29 May 2006 17:40:00 -0500
Lines: 108
Message-ID: <e5ft7v$co4$1@sea.gmane.org>
References:  <447B2FCD DOT 2060108 AT computer DOT org> <BAY114-F11D90CACE1922E64E2F96ABF9D0 AT phx DOT gbl>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1
Content-Transfer-Encoding:  quoted-printable
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
In-Reply-To: <BAY114-F11D90CACE1922E64E2F96ABF9D0@phx.gbl>
OpenPGP: url=hkp://random.sks.keyserver.penguin.de
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Vilar Camara wrote:

[snip]
>> Usually sshd sends messages to the Windows Application Event log.  I'm
>> using
>> syslogd-ng so that messages go to /var/log/messages.
>=20
> That's right, I had looked at it and completely forgot to mention it.
> But my Event Log doesn't add anyting to our discussion: there are only
> log entries saying:
>  `sshd' service started
>  `sshd' service stopped, exit status: 0
>  `sshd' service stopped, exit status: 255
>  sshd: PID XXXX: Server listening on 0.0.0.0 port 22
>  sshd: PID XXXX: Received signal 15; terminating

So it looks normal, as if everything is working fine.

[snip]
>> Not yet, could you show the rest of that output? or the end, to see
>> where things
>> stopped.
>=20
> Well, no further output, just a line containing that and then back to
> the shell. Before that there is a lot of debugging messages (mostly
> complaining about ~/.ssh/id_rsa contents), as I've transcribed in my
> previous post.

That may be significant.  The server is waiting for the client handshake?

[snip]
> Yes, I'll try that. This will require some time because I have to
> repartition my HD, but it worths the try. By the way, should I try a
> complete cygwin installation under NTFS?

Good question, I don't know the answer.

The important clue is this:

> debug1: identity file /home/vilarnt/.ssh/identity type -1
> debug1: identity file /home/vilarnt/.ssh/id_rsa type -1
> debug1: identity file /home/vilarnt/.ssh/id_dsa type -1

on your first post.  The -1 I'm interpreting as meaning "not found" or "doe=
sn't
exist", see below why.

Then in your second message (to me and only shown in the list as quoted in =
my
reply) you have:

>    debug1: identity file /home/vilarnt/.ssh/identity type 0
>    debug1: identity file /home/vilarnt/.ssh/id_rsa type 1
>    debug1: identity file /home/vilarnt/.ssh/id_dsa type 2

That is strange, an RSA key for protocol type 1 and a DSA key for protocol =
type
2, I'm guessing I'm not really an expert on this, I don't know what the 0 m=
eans.

Testing on my PC produces this:

> debug1: identity file /home/rberber/.ssh/identity type -1
> debug1: identity file /home/rberber/.ssh/id_rsa type -1
> debug1: identity file /home/rberber/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3

I do only have a DSA key.

It could be the FAT32 file system, no file owner, no acl, I guess Cygwin ca=
n't
come up with other permissions than rwx for everybody.

Since you also have priviledge separation and sshd is very picky about
permissions, there could be a combination of factors that produce the probl=
em.
I don't know why should it hang instead of showing an explicit error  -- pe=
rhaps
it only appears to hang, i.e. no output.

For testing you could try:

1.  Disable privilege separation.  Perhaps it doesn't work because of FAT32.

2.  What does "ls -al ~/.ssh" show for owner/group/permissions.  The same f=
or
just your home directory, as I said sshd is very picky... I got this while
testing this morning:

> May 29 12:15:28 localhost sshd: PID 1152: Authentication refused: bad own=
ership
> or modes for directory /home/rberber
> May 29 12:15:45 localhost sshd: PID 1152: Accepted password for rberber f=
rom 127
> .0.0.1 port 1145 ssh2

sshd didn't like my home directory being world readable, so I did a "chmod
go-rwx ." and sshd is happy (it uses my key in authorized_keys2 now, before=
 I
had to type my password as shown in the log).
--=20
Ren=E9 Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/