X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <c2888f8c0804111711u49c2e41ala1137cd3514ca470@mail.gmail.com>
Date: Sat, 12 Apr 2008 01:11:54 +0100
From: "Robert McKay" <robert AT mckay DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: How do I run sshd as a particular user?
In-Reply-To: <FAB87074-2F1D-4F53-835C-271E735A29E9@von-campe.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <D06D8751-81CE-408B-931B-66DA714FE1CC AT von-campe DOT com> 	 <47C4A0DB DOT 6020007 AT cygwin DOT com> 	 <6ADC05D7-7602-4123-81EF-1DE06D26E91F AT von-campe DOT com> 	 <D1627F08-4387-4C0A-94B2-5AFC6C1EA325 AT von-campe DOT com> 	 <006301c890e8$4fa2f070$2708a8c0 AT CAM DOT ARTIMI DOT COM> 	 <FB6643AB-610F-46F7-B019-389E82E687C8 AT von-campe DOT com> 	 <20080402132726 DOT GG4468 AT calimero DOT vinschen DOT de> 	 <69CA7E11-E788-4149-9246-DCDF5063FBB2 AT von-campe DOT com> 	 <FAB87074-2F1D-4F53-835C-271E735A29E9 AT von-campe DOT com>
X-Google-Sender-Auth: 61f5fa6b75b0b01e
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Fri, Apr 11, 2008 at 8:22 PM, Alfred von Campe <alfred AT von-campe DOT com> wrote:
> On Apr 11, 2008, at 11:48, I wrote:
>
>
> > Well, I spoke a little too soon.  I got this working on two systems, but
> can not get it to work on a third.  The ssh daemon appears to start (neither
> cygrunsrv -S nor starting it from the Services Panel gives an error), but it
> really does not.
> >
>
>  I managed to solve this by rebooting the system and re-running
> ssh-host-config (and then changing permissions, etc.).  I now have all three
> build systems working as expected.
>
>  Thanks again for all the help,

I'm a bit late to this discussion.. I set this up a while ago and one
interesting thing that I noticed is that you can:

net use \\whatever /user:domain\user

instead of

net use x: \\whatever /user:domain\user

(ie: without specifying a drive letter).

If you don't specify a drive letter then it works even when you are
logged in without a password. Taking this one step further, you can
make a symlink

ln -s '\\whatever' /remotefilesystem
and then just access files in /remotefilesystem instead of /cygdrive/X

This pretty much solved the issue of accessing network drives when
logged in without a password.

Later a requirement was introduced that we run sshd as an unprivileged
user and so I switched to having a service that logs in with a
password as you are now doing.

In order to run sshd as an unprivileged user I had to use a nasty
hexedit hack on the sshd.exe file to replace the seteuid() call (which
fails / returns -1 without admin privileges and causes sshd to exit)
with a call to isalpha() which has (almost) the same function
prototype, but always returns 0 unless your userid 'is an alphanumeric
charater' :)

If you run without admin privileges sshd can't actually verify
passwords for passworded logins, but ssh keys seemed to work just fine
which is what we wanted anyway. Obviously you can only log in as that
one user that's running ssh, but again this was acceptable.


Rob.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/