X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 	tests=AWL,BAYES_00,SPF_PASS
X-Spam-Check-By: sourceware.org
Message-ID: <4A134D6C.7000700@gmail.com>
Date: Tue, 19 May 2009 20:23:08 -0400
From: Patrick Aikens <paikens AT gmail DOT com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
References: <4A0CEE5B DOT 6060301 AT gmail DOT com> <4A10C051 DOT 3050401 AT gmail DOT com> 	 <4A129310 DOT 9070502 AT gmail DOT com> <guu5d4$hgv$1 AT ger DOT gmane DOT org> 	 <4A129D81 DOT 5010801 AT gmail DOT com> <941a6680905190955y33d3cbebrdf5201fe12585bc2 AT mail DOT gmail DOT com> <4A13230E DOT 2000100 AT cygwin DOT com>
In-Reply-To: <4A13230E.2000100@cygwin.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Larry Hall (Cygwin) wrote:
> On 05/19/2009, Patrick Aikens wrote:
>> I can log in using a password for any user who is a member of the
>> Administrators group. Many of the guides I've seen on installing
>> OpenSSH on windows (especially 2003 server) have you add new users to
>> the Admin group, so this seems to be a common necessity.  If this is a
>> known restriction?  If so, I'll go ahead and stick to allowing
>> key-based authentication only.
> 
> There does appear to be an issue with logging in using password
> authentication if the user is not part of the Administrators group.
> I've been able to reproduce the problem on XP with a new user that
> has never logged in.  Although I tried this with 1.7, I didn't
> enable any fancy authentication options available there, so it
> should be a pretty good match functionally to 1.5's version.  If you
> haven't tried this already, you might try switching the users in
> question to be in the "Adminstrators" group, logging in through ssh
> (or just through Windows), and then switching back, assuming the users
> in question haven't started Cygwin's 'bash' shell before when they
> logged in.  This didn't resolve the log in issues I saw but did
> change them from a permissions issue (i.e. "Permission denied")
> to a successful login that was immediately closed.  I've looked
> some at the latter issue and the server is receiving SIGCHLD,
> which suggests that things are getting killed off right at the
> start of the session but I don't know more than this.  This is
> really Corinna's ballywick but she's on vacation.  So it may have
> to wait for her return to get the real low-down (and it's possible
> it has already been discussed but I wasn't paying attention. ;-) )
> In any case, if public key authentication will serve you fine, I'd
> recommend using it.  It's defintely more secure than password
> authentication.
> 


Thanks for the reply.  I'd rather use public key authentication
anyway... I was concerned that the inability to log in using password
authentication in this case might point to a deeper problem that might
cause me grief later on.  If the extent of the problem is simply with
sshd, I'm fine with using public key authentication.  Thanks for the help.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/