X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 	tests=AWL,BAYES_00,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Message-ID: <4A13230E.2000100@cygwin.com>
Date: Tue, 19 May 2009 17:22:22 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21) Gecko/20090320 Remi/2.0.0.21-1.fc8.remi Lightning/0.9 Thunderbird/2.0.0.21 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
References: <4A0CEE5B DOT 6060301 AT gmail DOT com> <4A10C051 DOT 3050401 AT gmail DOT com> 	 <4A129310 DOT 9070502 AT gmail DOT com> <guu5d4$hgv$1 AT ger DOT gmane DOT org> 	 <4A129D81 DOT 5010801 AT gmail DOT com> <941a6680905190955y33d3cbebrdf5201fe12585bc2 AT mail DOT gmail DOT com>
In-Reply-To: <941a6680905190955y33d3cbebrdf5201fe12585bc2@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 05/19/2009, Patrick Aikens wrote:
> I can log in using a password for any user who is a member of the
> Administrators group. Many of the guides I've seen on installing
> OpenSSH on windows (especially 2003 server) have you add new users to
> the Admin group, so this seems to be a common necessity.  If this is a
> known restriction?  If so, I'll go ahead and stick to allowing
> key-based authentication only.

There does appear to be an issue with logging in using password
authentication if the user is not part of the Administrators group.
I've been able to reproduce the problem on XP with a new user that
has never logged in.  Although I tried this with 1.7, I didn't
enable any fancy authentication options available there, so it
should be a pretty good match functionally to 1.5's version.  If you
haven't tried this already, you might try switching the users in
question to be in the "Adminstrators" group, logging in through ssh
(or just through Windows), and then switching back, assuming the users
in question haven't started Cygwin's 'bash' shell before when they
logged in.  This didn't resolve the log in issues I saw but did
change them from a permissions issue (i.e. "Permission denied")
to a successful login that was immediately closed.  I've looked
some at the latter issue and the server is receiving SIGCHLD,
which suggests that things are getting killed off right at the
start of the session but I don't know more than this.  This is
really Corinna's ballywick but she's on vacation.  So it may have
to wait for her return to get the real low-down (and it's possible
it has already been discussed but I wasn't paying attention. ;-) )
In any case, if public key authentication will serve you fine, I'd
recommend using it.  It's defintely more secure than password
authentication.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/