X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:date:message-id:subject:from:to :content-type; q=dns; s=default; b=EVpYk+7FULS2X9zyoXnMXydzbVgEZ YOKK8ngnY4cfN/erL7kAVkmRhu0HmXdJmFgSGnvP5Kmos2+FAgNmrE4//Tf2Z4I1 CFWunOZXRUvmlyDKr8YDSX7ZZxXAcBD85AuH35R8oWiJuPsdli5474ocVuvzfJ2+ yST5bBf1eKW9Yk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:date:message-id:subject:from:to :content-type; s=default; bh=Em2EvobDHiLSufPMl9cWDJPRC+A=; b=WQ6 ie8nItnU48lDYB29KSNs+owkTNDCBZ+STQPbZVTDKECKJ/DqkpgZraYsNKd4zTxQ kjx5br0lozAXWZMxDKUZEdf4peQCueckq48PhRY6at4iIGZ0QAGDTcYobdDc/ur2 6UWtc7yg1sfkuzI8Uc1DTe4v940YfKtfG4XqkBAo= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Spam-SWARE-Status: No, score=2.2 required=5.0 tests=BAYES_50,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RDNS_NONE,SPF_NEUTRAL autolearn=no version=3.3.1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=31VBpy3eL6ZVOT7+A/rNhK+h2s9lxRgDql4hTxRK7Cw=; b=be65s6XMt1Wv6B2MqILvBbT/snItzAcKGLOf/o4HSSoRDLD/GGu8/iOcMEknsNYQ5Q paH/rKIQ3gN28/VtKgmmSTZ1oLnJylU/hkfxQzAi8qWnXFdPWn6BIeFKhQRamVCUEgbJ xHguUtdeqRuMP4SAT2u6ydXeSfgTqlhRCC0OZMtBjggUJ7CY/LoBgHDRiFbeJ6AO6uz0 oB05/ADraAQa5BvWEu/GxZxoAU43dogre5qETchlY/865YHRh58JYjTm99NiczuTzBWx o9BG77oEeRI4exyd33HyXnd6NAnGayBlwgk+dWxUQgxWbj1ez1sNxCmRa2CZhbRNHaL2 K/vA== X-Gm-Message-State: ALoCoQk6XxMPH56tPD+VCj76VzlTQfK3db66Em8Vp+11c76xJPhBI2VTckzqlMAAi7vxKXApcrPv MIME-Version: 1.0 X-Received: by 10.194.76.68 with SMTP id i4mr957548wjw.50.1375894505232; Wed, 07 Aug 2013 09:55:05 -0700 (PDT) Date: Wed, 7 Aug 2013 12:55:05 -0400 Message-ID: Subject: Re: ssh login no longer allowed by local accounts other than main administrator account after taking machine off domain From: Yuki Ishibashi To: cygwin Content-Type: text/plain; charset=ISO-8859-1 I wanted to thank Larry Hall again (and Linda also for her original post). The suggestions you had Larry were helpful, they gave me an idea for what to do... the suggestions to change the profile and the shell didn't actually fix the issue, but based on your recommendation to use ssh-host-config, I decided to completely remove any references to sshd, cyg_server in the Windows users and mkpasswd, "CYGWIN sshd" service, and run ssh-host-config over again, having it create from scratch those users / accounts / permissions, and that's what ultimately ended up working. I followed the defaults from the following link to setup ssh using ssh-host-config: http://www.howtogeek.com/howto/41560/how-to-get-ssh-command-line-access-to-windows-7-using-cygwin/ Once I went through ssh-host-config again and recreated all of the accounts / permissions ssh worked again properly. I would like to thank the cygwin maillist people, I appreciate the generous response and encouragement you have given, and will try to respond to that year-old marco post if he's still having problems.... Thanks all! From: "Larry Hall (Cygwin)" To: cygwin at cygwin dot com Date: Wed, 07 Aug 2013 00:00:14 -0400 Subject: Re: ssh login no longer allowed by local accounts other than main administrator account after taking machine off domain References: Reply-to: cygwin at cygwin dot com ________________________________ On 8/6/2013 6:50 PM, Yuki Ishibashi wrote: (Sorry if this goes to the wrong place, I'm a little unfamiliar to the cygwin mailing list and its usage) I wanted to thank Linda and Larry both for their responses to my original post on Aug 2nd. Linda: Process Monitor was a helpful suggestion, however there are as you have said probably far too many system process messages, and even trying to filter for what I wanted has proved not helpful.... Larry: I did have the new users have ownership of their own /home/user folders... What about the files and dot files underneath? Like I said, I suspect that scripts that are being run as part of the login are actually the cause of the "permission denied" message. You need to look at what those scripts are and what they are running. You may find that changing your shell to '/bin/sh' in your '/etc/passwd' file may help avoid the problem by skipping some of these init scripts. A different alternative is to try adding 'set -x' to '/etc/profile'. This will spit out every line of every script run on login, which should help you localize where the "permission denied" message comes from. also /bin/bash.exe has 755 access, with user:old_admin group:Domain Users. Expected but you might as well change the group ownership to 513 (None). You could also change the user to something that exists on the local system. In my case, it's my user since I'm the one that installed Cygwin in the first place. :-) The problem looks most similar to what the user marco atzeri posted here: http://comments.gmane.org/gmane.os.cygwin/134144 , (unfortunately there was no resolution) Perhaps what might help me is: a) what are the standard permissions *supposed* to be on everything on the cygwin terminal-side (i.e. 'ls -l /etc/*', etc), In general, things will default to be owned by the user that installed them and group 513 for a local user and 10513 for a domain user. Permissions are the most critical though. Those tend to default to 644 or 755, depending in whether the file is meant to be executable or not. But there are programs, like sshd, that require specific ownership and permissions to work properly. As I mentioned, ssh-host-config takes care of setting these permissions and ownerships but you may need to review the settings by hand as I'm not sure if the script will change ownerships/permissions of all the files it requires from a domain setup to a local one. b) what account should the "CYGWIN sshd" service be running as in the Windows side Depends what version of Windows you're running (did you say?) For XP it defaults to SYSTEM. On any later O/S, it should be cyg_server. Again, ssh-host-config will handle this for you. c) what group should local users be in (i.e. 'mkpasswd -l' and 'mkgroup 'l') - currently the local users are in group 513 (in mkgroup -l that's "None"), sounds weird but that's what it was before I took it off the domain, and it was working earlier. 513/None is fine. I'm in 513, 545, and 1001. I don't believe 1001 is significant. d) Do i need to re-sync the mkpasswd -l with /etc/passwd and mkgroup -l with /etc/group ? I had previously appended the newly created local accounts (with associated SSIDs) to /etc/passwd using something like "mkpasswd -l | grep newusername >> etc/passwd" (and something similar for the /etc/group) That should be enough to add 'newusername'. I assume you mean '/etc/passwd' above. If you care to keep the previous contents of these files, what you did is fine. Otherwise, just create new files: mkpasswd -l -c >/etc/passwd mkgroup -l -c >/etc/group I'm running into a brick wall here and not sure how I should approach this... any general advice even would be appreciated, thanks so much! If all else fails or you just get tired of fiddling with the tuning knobs, move your current installation aside, follow the instructions in this FAQ - , reinstall, and reconfigure sshd (run ssh-host-config). If that doesn't solve the permission problems, then you may be in the same boat as Macro (i.e. BLODA). You'll have to start looking at the possibilities there. -- Larry -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple