X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: Brian Kasper Subject: "/bin/bash: permission denied" using Cygwin ssh/sshd under WinXP 2003 x64: resolved Date: Wed, 13 Dec 2006 13:18:50 -0800 Lines: 51 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com I've been having terrible problems getting Cygwin ssh/sshd to work under the x64 version of WinXP 2003 SP1. The basic symptom has been that if I ran sshd as a service, I was unable to run any executables during the ssh login procedure. This included bash.exe, so my attempts to ssh into localhost have looked like this: C:\cygwin\etc>ssh localhost kasper AT localhost's password: Last login: Tue Nov 14 12:09:47 2006 from 127.0.0.1 Fanfare!!! You are successfully logged in to this server!!! /bin/bash: Permission denied Connection to localhost closed. This happened with any executable I tried to use as my shell. If, however, I ran sshd from a bash prompt, I could log in without problems. After much Googling, reading of the gmane.os.cygwin archives, and posting a few messages to the newsgroup (thanks to those who replied!), I was still completely befuddled. Today, while trying random things, I tried running sshd from a bash prompt that I'd started as another user (Administrator, in this case) and then ssh'ing to localhost as kasper -- and I was unable to log in. The failure involved a "permission denied" error when sshd tried to run the "seteuid" command. I surmised that the problems I'd been seeing might stem from the fact that the user running sshd is "sshd_server" and the user logging in via ssh is "kasper". I then tried to start a bash prompt as user sshd_server to test further, and I was informed that this user didn't have this right on my system. Looking at "Local Security Settings" in the Local Security Policy control panel (under "Settings..Administrative Tools"), I discovered that while sshd_server is in the Users group, and Users is granted the "Allow log on locally" right, the sshd_server user is also listed under "Deny log on locally". I removed sshd_server from the "Deny log on locally" list, and was then able to start a bash session as sshd_server. Starting sshd from this bash session, I was then able to ssh to localhost as kasper. Because I'd mucked about with a few things and wanted to make sure ssh would still work under "vanilla" conditions, I then rebooted my system. After the reboot cycle, ssh to localhost or to the hostname of my system still worked. The only odd thing is that the ssh authentication prompt is now "Enter passphrase for key '/home/kasper/.ssh/id_rsa':" instead of "kasper AT localhost's password:", but I don't *think* that's too big a deal. -B -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/