X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Brian Kasper <kasper AT aero DOT org>
Subject:  Re: sshd exits during login attempt on WinXP 2003 x64 -- even with  sshd running as service
Date:  Wed, 07 Feb 2007 13:44:19 -0800
Lines: 68
Message-ID: <eqdh7k$bcd$1@sea.gmane.org>
References:  <eqadt0$54d$1 AT sea DOT gmane DOT org> <20070206175733 DOT GA26300 AT calimero DOT vinschen DOT de>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
In-Reply-To: <20070206175733.GA26300@calimero.vinschen.de>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Thanks for responding, Corinna.  I obviously wasn't clear in my original
post -- ssh login attempts to my Win2003 x64 system running Cygwin sshd
as a service always fail, which is why I tried running sshd from the
command prompt as a test.

As far as I know, my Cygwin installation is completely up-to-date.  I
ran both the ssh-host-config and ssh-user-config scripts after
installing Cygwin and configured sshd to run as a service (*without*
privilege separation, which [I hope] should keep things simpler).

I can start the sshd service using either the Win2003 Services control
panel or cygrunsrv.  When sshd starts, 4 "success audit" events appear
in the Security event log, and the service appears to start normally.
sshd is configured to log on as ".\sshd_server", according to the
Properties page for the service.

If I then start a bash shell on my system and try to "ssh localhost", I
see the following:

~ 503 $ ssh localhost
Connection closed by 127.0.0.1
~ 504 $

/var/log/sshd.log remains empty, but a "failure audit" event appears in
my Security event log:

	Event Type:	Failure Audit
	Event Source:	Security
	Event Category:	Privilege Use
	Event ID:	577
	Date:		2/7/2007
	Time:		8:26:55 AM
	User:		ABF466\sshd_server
	Computer:	ABF466
	Description:
	Privileged Service Called:
  		Server:		NT Local Security Authority / Authentication Service
  		Service:		LsaRegisterLogonProcess()
  		Primary User Name:	ABF466$
  		Primary Domain:	AERO-ORG
  		Primary Logon ID:	(0x0,0x3E7)
  		Client User Name:	sshd_server
  		Client Domain:	ABF466
  		Client Logon ID:	(0x0,0x14B91291)
  		Privileges:	SeTcbPrivilege

I don't know how to activate output to /var/log/sshd.log -- would that
help to diagnose this problem?

-Brian

Corinna Vinschen wrote:
[exerpt of my original post snipped]
> This won't work.  By default, no user has the required permissions to
> change the user context.  Start here:
> 
>   $ less /usr/share/doc/Cygwin/openssh.README
> 
> and here:
> 
>   http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch
> 
> and install sshd as service using the ssh-host-config script.
> 
> 
> Corinna
> 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/