X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Mon, 15 Dec 2008 11:47:49 +0000 (GMT) From: Paul Keeble Reply-To: csuml AT yahoo DOT co DOT uk Subject: ssh-host-setup is adding user to Deny Terminal Services login To: cygwin AT cygwin DOT com MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Message-ID: <287254.49491.qm@web25505.mail.ukl.yahoo.com> Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id mBGCwZAR015798 The user who runs the ssh-host-setup command is being denied terminal services login, which when you are running the setup over terminal services is a bit of a worry! I don't get kicked off the moment it happens but it needs manually correctly before log out or access to the box remotely will be lost. Environment Cygwin setup - 2.573.2.2 openssh - 5.1p1-9 openssl - 0.9.8i-1 Windows 2003 server Steps to reproduce run ssh-host-config. Don't use privelege separation, do install sshd as a service, keep the settings to just ntsec and enter the account to create as the current user. The problem can be confirmed by using gpedit.msc and finding the Deny Terminal Services login group - the current user account will now be listed when it was not before. Is it necessary to block terminal service access for the running user and if so why? If its not is there a workaround I could use so this does not happen when running ssh-host-config? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/