X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Thu, 19 Feb 2009 10:09:58 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd w/o admin?
Message-ID: <20090219090958.GA15770@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <c4e763ac0902172203k559a0f3dg99af0d680edc4431 AT mail DOT gmail DOT com> <499C384F DOT 2070708 AT cygwin DOT com> <c4e763ac0902181650k23c5dd02t9b3ce0b20130531d AT mail DOT gmail DOT com> <499CBDE4 DOT 6020109 AT cygwin DOT com> <c4e763ac0902181850p4ffd8cadhe6a530f7102de442 AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c4e763ac0902181850p4ffd8cadhe6a530f7102de442@mail.gmail.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Feb 19 10:50, Aaron Davies wrote:
> I tried moving all my keys aside (outside of ~/.ssh). Now "ssh
> localhost" on the local box takes my password, prints the banner, then
> quits with "Connection to localhost closed."
> 
> % ssh localhost
> adavies AT localhost's password:
> Last login: Thu Feb 19 10:41:39 2009 from localhost
> Connection to localhost closed.
> 
> The same setreuid error is left in the event log
> 
> Why exactly does it need to setreuid to me when it's already me? This
> sshd process is started by and running under the same id it's trying
> to become.

That's due to the way password authentication works.  If you use
password authentication, a new user token is created under the hood.
When seteuid is called, it tries to use the user token, but it can't
because switching the user context requires a special user privilege
(SeImpersonatePrivilege, "Impersonate a client after authentication"),
which only Administrators and Services have by default.

Usually you simply use public key authentication.  Be sure that
all sshd related files belong to you:

  $ chown YOU /var/empty /etc/ssh*

Append your public key to your authorized_keys file:

  $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

For testing, start sshd in debug mode from one console window:

  $ /usr/sbin/sshd -d

And start a session in another console:

  $ ssh localhost

This works fine for me.  If you start sshd in a running GUI session
as above, you also won't have problems with network drives.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/