X-Recipient: archive-cygwin AT delorie DOT com
Resent-Message-ID: <20090821013250 DOT 11924 DOT qmail AT sourceware DOT org>
MIME-Version: 1.0
Date: Thu, 20 Aug 2009 15:52:12 +1200
Message-ID: <c342c1150908192052t63be41c7h9df10b2dd75e118e@mail.gmail.com>
Subject: [1.7] Use of SSH public/private keys requires administrator rights
From: Chris LeBlanc <crleblanc AT gmail DOT com>
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Resent-From: root AT sourceware DOT org
Resent-Date: Fri, 21 Aug 2009 01:32:50 +0000
Resent-To: cygwin AT cygwin DOT com
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hello,

I seem to have found a bug with SSH under Cygwin 1.7 (beta).  Luckily
I also found a workaround as I was writing this email, which is near
the bottom.

I've installed Cygwin 1.7 yesterday using the normal setup.exe method
for all users on the system, and installing a few extra packages (gcc,
subversion, make, some other dev tools) including openssh.  I've run
"ssh-host-config" (using CYGWIN="ntsec tty", and answering all other
questions with yes) and "cygserver-config" to run both of these as
services, no other services have been started.

If I ssh from any other machine (including the Cygwin server) to the
Cygwin server, it will connect without any problems.  I can run a
command on the remote machine such as "ssh cygwin_machine hostname", I
can also use sftp, and rsync over ssh to transfer files.  This all
sounds good, and everything is working at this point.

However, if I setup SSH keys using ssh-keygen to allow ssh-ing without
passwords, I start to run into problems.  I can ssh from to the Cygwin
ssh server, but if I try to run the command "ssh cygwin_machine
hostname" or transfer files using rsync over ssh, it will raise an
error.  Sftp will simply close the connection immediately.

I already had an existing SSH public key, but this is how it was
created quite some time ago.
cd ~/.ssh
ssh-keygen -t dsa    (no pass phrases)
On Cygwin server:
copy id_dsa.pub from original host to ~/.ssh/authorized_keys on Cygwin machine
chmod 600 authorized_keys


Here are the errors I get when I try to login from a remote machine
(typically Linux) as the same user.  The account on the windows
machine is the default type of user, not an Administrator.

From the command "ssh cygwin_machine hostname", error:
      7 [main] sshd 720 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114

From the command "rsync -ave ssh localdir/ cygwin_machine:/tmp/remotedir"
      7 [main] sshd 768 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(434)

From the command "sftp cygwin_machine":
Connecting to cygwin_machine...
Connection closed

The /var/log/sshd.log file is empty.  Cygcheck show OpenSSH is at
version 5.2p1-4, and Cygwin is at version 1.7.0-59, and all packages
are OK.

Here is the workaround:

As part of debugging this problem, I tried creating new ssh keys under
Cygwin for the Administrator user.  I then copied id_dsa.pub to
authorized_keys, which should allow password-less SSHing on localhost
(eg: the command "ssh localhost" won't require a password when run on
the Cygwin machine under the Administrator account).  Interestingly,
this worked without any of the errors above.

I then tried modifying the rights of the normal user I had been using,
changing them to be an administrator using the standard Windows "Users
and passwords" tool.  I also ran "mkpasswd -l > /etc/passwd" and
"mkgroup -l > /etc/group" to remake these files, just in case.
Suddenly ssh, sftp, and rsync over ssh are now working fine for this
user.

This was a pretty difficult problem to find.  I'm not sure if its a
bug or a feature, I'm guessing a bug.  Perhaps this workaround should
be added to the FAQ.

Cheers,
Chris

--
Chris LeBlanc
Claritas Development
GNS Science


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple