DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=FwCbr9aGxqAvs4ux
	qReyddeWZNjIjyshn/Hf1z3RtM/ms86rdm1n3+Y7ZgP26r9JdGWALdkh+ofyndYv
	rH+RkVMWIiuLgM4NAEdbY0aEeBxgf406wX0r+wACMM3ivDLh8MWqKxEyUO3uXkko
	bx2gDaYEp6Tn/J3pQvPTQNtgwvg=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Message-id: <525DA24B.2060309@cygwin.com>
Date: Tue, 15 Oct 2013 16:15:07 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: SSH Key Authentication is not working
References: <CALHkaY86UwRho0880z4-as_ca3w0rB1_d_ZhHTFKxfkDxpfANg AT mail DOT gmail DOT com> <CALHkaY99CETJOMiRGO5Gs1-TJDtT0vX+FCA5=GBS3n_Ur1OG9A AT mail DOT gmail DOT com> <CALHkaY-zcMO19=jUrVSQ6hd1CzH3eot8JccRPPziTFYj3zEhmg AT mail DOT gmail DOT com>
In-reply-to: <CALHkaY-zcMO19=jUrVSQ6hd1CzH3eot8JccRPPziTFYj3zEhmg@mail.gmail.com>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit

On 10/15/2013 12:29 AM, Tadej Animalix wrote:
> Thanks for quick reply. Any idea why I didn't receive email about this reply?

Typical etiquette for this list is to correspond through the list, though
some may make an extra effort to explicitly include your email address if
you request it.  That courtesy may break down over the course of the thread
though, which is at least part of the reason for the preference to do
everything through the list.

> First I would need to tell you think "sshd.log" may not be from the
> same session, so please ignore it.

Since you didn't include it, I think that's easy to do. ;-)

> After installation of CYGWIN with OpenSSH I added path of bin
> directory to global variables and I ran these commands:
> chmod +r  /etc/passwd
> chmod u+w /etc/passwd
> chmod +r  /etc/group
> chmod u+w /etc/group
> chmod  755  /var
> touch /var/log/sshd.log
> chmod 664 /var/log/sshd.log

None of this should be required but probably isn't causing a problem.
The only difference I saw between what you have above and what I have
is /var/log/sshd.log is 644.

> Then I started "ssh-host-config" and entered:
> "ntsec tty" for saemon

Both of these are deprecated.  See:

<http://cygwin.com/cygwin-ug-net/using-cygwinenv.html#cygwinenv-removed-options>

> answered all with yes
>
> and I changed name to "sshd" and entered a password.

This sounds like a problem to me.  The 'sshd' user is already created
automatically if you ask for "privilege separation", which you did by
answering "yes" to all questions.  Please re-run 'ssh-host-config' and
allow it to use the default 'cyg-server' user name for the service.  If
you absolutely must change it to something else, do not use 'sshd' or
any other existing name.

> After that I ran "cyglsa-config" and answered Yes and rebooted computer.

While this is certainly a valid way to run sshd, I'm curious why you
went this route?  Assuming the above advice isn't helpful, try without
cyglsa.

> Then in cmd I ran "ash" and re-based all with "/usr/bin/rebaseall".
>
> Then I opened CYGWIN terminal and executed lines bellow:
> chown system /etc/ssh*
> chown system /var/empty

Why are you doing this?  'ssh-host-config' takes care of setting the
permissions and ownership as required.  What you've done above is
wrong.  The owner of these files should be the user that is running
the 'sshd' service (i.e. 'cyg-server' by default).

> mkgroup -l > ..\etc\group
> mkpasswd -l > ..\etc\passwd

The above also should not be necessary and, depending on where you
invoked it from, may not have had any affect at all.

> After that I was able to start "CYGWIN sshd" as service and I was able
> to connect with user-pwd authentication, but key login doesn't work at
> this point.
>
> I've also tried to CHMOD ".ssh" folder and "authorized_keys" but that
> didn't help.

Right.  Again, 'ssh-user-config' script sets these permissions properly.
Just remove '.ssh' and re-run 'ssh-user-config'.

> Am I missing something?

Given all the changes you've made, I get the feeling that you've missed
the '/usr/share/doc/Cygwin/openssh.README' file which, toward the end of
the file, has very explicit and simple directions for configuring your
OpenSSH installation.  It is possible with all the "external" advice
you've found and tried, you may find it easier to just wipe your install
and start over.  If you do so, I recommend that rely only on the config
scripts provided to configure your system.  If you choose to try to
undo what you've done, the scripts can be a good guide to what needs
altering.  Any future correspondence with the list on this issue should
be accompanied by the output of 'cygcheck -svr'.  Please *attach* (rather
than append) this output.


-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple