X-Spam-Check-By: sourceware.org
Date: Thu, 8 Feb 2007 09:59:35 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd exits during login attempt on WinXP 2003 x64 -- even with  sshd running as service
Message-ID: <20070208085935.GX27843@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <eqadt0$54d$1 AT sea DOT gmane DOT org> <20070206175733 DOT GA26300 AT calimero DOT vinschen DOT de> <eqdh7k$bcd$1 AT sea DOT gmane DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <eqdh7k$bcd$1@sea.gmane.org>
User-Agent: Mutt/1.4.2.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Feb  7 13:44, Brian Kasper wrote:
> Thanks for responding, Corinna.  I obviously wasn't clear in my original
> post -- ssh login attempts to my Win2003 x64 system running Cygwin sshd
> as a service always fail, which is why I tried running sshd from the
> command prompt as a test.
> [...]
> /var/log/sshd.log remains empty, but a "failure audit" event appears in
> my Security event log:
> 
> 	Event Type:	Failure Audit
> 	Event Source:	Security
> 	Event Category:	Privilege Use
> 	Event ID:	577
> 	Date:		2/7/2007
> 	Time:		8:26:55 AM
> 	User:		ABF466\sshd_server
> 	Computer:	ABF466
> 	Description:
> 	Privileged Service Called:
>  		Server:		NT Local Security Authority / Authentication 
>  		Service
>  		Service:		LsaRegisterLogonProcess()
>  		Primary User Name:	ABF466$
>  		Primary Domain:	AERO-ORG
>  		Primary Logon ID:	(0x0,0x3E7)
>  		Client User Name:	sshd_server
>  		Client Domain:	ABF466
>  		Client Logon ID:	(0x0,0x14B91291)
>  		Privileges:	SeTcbPrivilege

Looks like the Tcb privilege ("Act as part of the operating system")
is missing for the sshd_server user.

> I don't know how to activate output to /var/log/sshd.log -- would that
> help to diagnose this problem?

No.  You don't have to activate anything.  If output is created,
it will go to sshd.log.  There's no magic.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/