X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-0.5 required=5.0 	tests=BAYES_00,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Thomas Nisbach <nisbach AT cityweb DOT de>
Subject:  Re: 1.7.1: problem with public key authentication on domain accounts
Date: Wed, 6 Jan 2010 20:31:09 +0000 (UTC)
Lines: 43
Message-ID:  <loom.20100106T212032-94@post.gmane.org>
References:  <18e742db1001041142j5322d164t2a83f2a3ef0138d4 AT mail DOT gmail DOT com> <loom DOT 20100105T001743-66 AT post DOT gmane DOT org> <4B427F97 DOT 6030806 AT cygwin DOT com> <loom DOT 20100106T132435-551 AT post DOT gmane DOT org> <4B44A50E DOT 2010007 AT cygwin DOT com>
Mime-Version:  1.0
Content-Type:  text/plain; charset=us-ascii
Content-Transfer-Encoding:  7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:

> 
> On 01/06/2010 07:35 AM, Andrew Ng wrote:
> > I've also been seeing problems with sshd (and inetd) since upgrading to 
1.7.1.
> >> From my investigations it does look to be something to do with launching 
via
> > cygrunsrv. If I manually start sshd then everything seems to work fine.
> 
> While this is an interesting data point, I want to reiterate that starting 
> 'sshd' in
> this way is unsupported by this list, which means if you have problems in the
> future with 'sshd', reports sent to this list about them are likely to fall 
on
> "deaf ears".  The configuration of 'sshd' under Cygwin is involved, which is 
why
> the process is automated by configuration scripts.  No one is forced to use
> these scripts but those that don't understand the complexities behind them
> shouldn't be ignoring them.  So please, do not take the report above as
> advice about how 'sshd' should be run under Cygwin.  If you do, you do so
> at your own peril.
> 
I'll be back and like to give you some more information about what I found. 
But first I have to clarify two things:
1. on my system I just use local accounts, not domain accounts (as at top of 
these thread)
2. I runned ssh-host-config with/without privilege separation and got 
different problems, described above

NOW THE INTERESTING FACTS I FOUND: 
* Configuring sshd via ssh-host-config, running under SYSTEM account, enables 
me to log in as SYSTEM with private key but logging in as any other user leads 
to the error message, described at top of this thread.

* Running 'sshd' under another user's account allow me to log in as this user, 
but now longer as SYSTEM

Therefore I conclude (but needs further investigation), that the problem is 
somewhere in fork/setuid.
Perhaps this problem does not raise if sshd is runned in an environment with 
another configuration - i try to find out.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple