X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=ehbEN7ShPL5a0oKu uZvkeAvBNvsoldrtgUhxBZEkpWxsdcckeS0p5Ih4JAMPrQV0UdqzgVLGLLBtMXtp gLFnvzf3ZbidVgPkWhDCLl28CI5n9cMhxSE2eMBSKPScVJ3tHSdM8cvjrloAGa/P reaQEbA3hQpOgWmuTG0Hgf9krCs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=fWpd0PTO0T9WhFZT73Ib7J R4LIQ=; b=n7xEeZ2XK7yMYAJAIEjJzvnkV3+AvkDUT+LWdtRLArz23KR48NhkoQ KFg/tr3XctrTLagCgxVbTyBGnWcc7xTZ3q7/BXOL8ZiEeXfl24M+HnD1AkWKTJCO cvAKgXtar80MHbJwgxi7jPuzA9MUrfDW+3cLa2/ttacvMm2hgI7Rw= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,KHOP_THREADED autolearn=ham version=3.3.2 X-HELO: vms173005pub.verizon.net Message-id: <52376683.1000804@cygwin.com> Date: Mon, 16 Sep 2013 16:13:55 -0400 From: "Larry Hall (Cygwin)" Reply-to: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Fwd: Way to test cyglsa? References: <5237373E DOT 1070905 AT cygwin DOT com> <523748CD DOT 5070205 AT cygwin DOT com> <523752B8 DOT 2010306 AT cygwin DOT com> <52375AF0 DOT 6030600 AT cygwin DOT com> In-reply-to: Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 9/16/2013 3:56 PM, Evan Rowley wrote: > The user cyg_server was generated by the ssh-host-config script and > while the server itself is on a domain, all the users involved with > cygwin / ssh / sshd are local users. > > I've noticed that along with the local cyg_server account, there is > also a local sshd account. It appears to be disabled. Is that normal? Yes. That's for privilege separation. It's fine. > What can I do to be sure that seteuid can be called by cyg_server? The > user is in the Administrators group and to my knowledge, that should > be a qualifier to run seteuid. The only thing I can think of here is that cyglsa isn't doing what it should. Why don't you send along your cygcheck output () in case there's something there that would help there. > I went ahead and reconfigured /etc/passwd, the sshd service via > ssh-host-config, and the LSA passwords for the users. I'm still > experiencing the same problem but now with a new and odd variation. > Attempting to connect via ssh yeilds the same result as before but > additionally causes the sshd service to stop. No errros are being > reported in the event logs and the /var/log/sshd.log file looks the > same as before. Output is below: Yep, that's expected when you run sshd as debug. That's another reason I set up a separate service for the debug version. Keeps me from needing to edit anything to switch back and forth and I never have to worry about the "limitations" of running a debug version when I don't mean to be. :-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple