X-Spam-Check-By: sourceware.org
From: "Andy Keane" <Andy DOT Keane AT soton DOT ac DOT uk>
To: "'Andy Keane'" <Andy DOT Keane AT soton DOT ac DOT uk>, <cygwin AT cygwin DOT com>
Subject: RE: uid having logged in with ssh
Date: Wed, 9 Aug 2006 20:59:03 +0100
Message-ID: <001c01c6bbee$47443220$35c94e98@CASSANDRA5>
MIME-Version: 1.0
Content-Type: text/plain; 	charset="iso-8859-1"
X-Mailer: Microsoft Outlook, Build 10.0.6626
In-Reply-To: <001301c6bbed$a374c560$35c94e98@CASSANDRA5>
X-ISS-MailScanner-Information: Please contact the ISP for more information
X-ISS-MailScanner: Found to be clean
X-ISS-MailScanner-SpamCheck: not spam
X-ISS-MailScanner-From: ajk AT soton DOT ac DOT uk
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id k79K1YLL001082

Hi

I am running sshd having set up the sshd service using ssh-host-config with
privilege separation and with sshd running as a server owned by the local
sshd_server user.
All is working fine and I can log in using my keys without the need for
passwords or without keys and using passwords.
My problem is that if I then try and run some processes after logging in
(specifically MPI ones) the system thinks I am the local sshd_server user
and not the person I wish to be.
 
 
If I try and run the sshd process as the user instead and without putting it
up as a service and without privilege separation then sshd fails to accept
the login as it tries to do a setuid which fails:
 
SSH Secure Shell 3.2.9 (Build 283)
Copyright (c) 2000-2003 SSH Communications Security Corp -
http://www.ssh.com/
 
This copy of SSH Secure Shell is a non-commercial version.
This version does not include PKI and PKCS #11 functionality.
 
 
Last login: Wed Aug  9 16:31:36 2006 from 192.168.98.20
debug1: permanently_set_uid: 11155/10512
setreuid 11155: Permission denied
debug1: do_cleanup
 
 
Please note that the sshd looks like this on the cygwin side:
 
      PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
I    4756       1    4756       5764    3 11155   Aug  8 /usr/bin/bash
     4392       1    4392       4392  con 11155 16:29:21 /usr/bin/bash
     7904    4392    7904       7148  con 11155 16:32:53 /usr/sbin/sshd
     3828       1    3828       3828  con 11155 16:32:56 /usr/bin/bash
     4632    3828    4632       4168  con 11155 16:33:24 /usr/bin/ps
 
and
 
debug1: sshd version OpenSSH_4.3p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.98.20 port 1590
debug1: Client protocol version 1.99; client software version 3.2.9 SSH
Secure Shell for Windows
debug1: no match: 3.2.9 SSH Secure Shell for Windows
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_4.3
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ajk service ssh-connection method none
debug1: attempt 0 failures 0
Failed none for ajk from 192.168.98.20 port 1590 ssh2
debug1: userauth-request for user ajk service ssh-connection method none
debug1: attempt 1 failures 1
Failed none for ajk from 192.168.98.20 port 1590 ssh2
debug1: userauth-request for user ajk service ssh-connection method
keyboard-interactive
debug1: attempt 2 failures 2
debug1: keyboard-interactive devs 
debug1: auth2_challenge: user=ajk devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for ajk from 192.168.98.20 port 1590 ssh2
debug1: userauth-request for user ajk service ssh-connection method password
debug1: attempt 3 failures 3
Accepted password for ajk from 192.168.98.20 port 1590 ssh2
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 10000 max 512
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty4
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: server_input_channel_req: channel 0 request window-change reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req window-change
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 4532
debug1: session_exit_message: session 0 channel 0 pid 4532
debug1: session_exit_message: release channel 0
debug1: session_pty_cleanup: session 0 release /dev/tty4
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close: session 0 pid 0
debug1: channel 0: free: server-session, nchannels 1
Connection closed by 192.168.98.20
debug1: do_cleanup
Closing connection to 192.168.98.20
 
which suggests that the setreuid is in fact not needed at all!
 
Any ideas how I can get sshd working such that after log in I am really the
user I wish to be would be much appreciated.
 
Andy Keane
 
Prof. Andy Keane,
School of Engineering Sciences, University of Southampton, Highfield,
Southampton, SO17 1BJ, UK.
Tel +44(0)2380 592944, Fax +44(0)2380 594813, Mob +44(0)7802 422728
http://www.soton.ac.uk/~ajk
See our new book at http://www.aerospacedesign.org
 
 








--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/