X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:date:message-id:subject:from:to :content-type; q=dns; s=default; b=C7G2fCP5Iw9C53l/2GbHPQcITb34Z XTA693oPRPB74VMOuYO3dkjGx9pvDZC2K/bmKuQ/IdZ0vKTaD8uXNtMHJ9SmTVBg JwiccwAiNgpB4bGBHg844v+Ul/kZ2hemCfyj4Kkan9m2Gp6gVwz355OZdb3nP84u 6uv//+0chxbCNI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:date:message-id:subject:from:to :content-type; s=default; bh=V16lhZGD3a1li6NobjTUPsjIDBQ=; b=YGF n5DAanIsXu50VVE/6LTe+4U0s0EUJQmdBONBOb4KyoBAbP0mKNjGcINPoJ1yaDBG 9aKoiv+x7HvqHO2fzwkm2bdiXUwQ+KxfbIlUTawiLR0ya2f3WzIh+vSAHJxwAGd/ 267Tdrxcw1fTPR/yBSqxsk+FV5ejuVB07EOWbxSQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 X-HELO: mail-wi0-f181.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=/0j+1bIiiEoIm+YwEhKZ8G5ncL0WDfimjFT00FHTMgs=; b=MWYCRBByqHGMpghHojWT9T3lX4qN9cR6Vv3ruNwktGR2nn04KSY4jk65CwjJtZ0LJ1 dtW0R6OAyY+5teMnkr7XKMdMvvBx0sLDLcFH4sCw2B5ananj3rC0h/aSJF4+YfYnPILR pYQtf5UyGDJwr7WJLFrpjAURwdxzaDpS5PKYMPzA2nhQ4SRZRYh34vlIACSrMQYKjCdD II+c5fnpAACXXDbmQfTNAGbDOsmhtPTc21xoQXX8naUfoubwuqy5n37xPRUpz/zeFbxJ H5vioFiYsfmQ0Y9ZKkiSV7kwNkSmWF32FqW+HhytWNt0Uj9ifA1e3/WeaSCDOgFOg/+f xgSA== X-Gm-Message-State: ALoCoQnw+7mX2hfbBRV65xjxOECUcE7hhQnEC80hsXCX4j0qauOc1iILz9eZCFaCfhFHzIaVkrnP MIME-Version: 1.0 X-Received: by 10.180.75.167 with SMTP id d7mr2432277wiw.63.1426107421674; Wed, 11 Mar 2015 13:57:01 -0700 (PDT) Date: Wed, 11 Mar 2015 20:57:01 +0000 Message-ID: Subject: Local accounts can't login via ssh, but domain accounts can From: Rodney Beede To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=UTF-8 I am having an issue where domain accounts can login to my Cygwin OpenSSH server, but local user accounts cannot. I have tested on two separate computers with the following setup: Windows 7 64-bit (both Ultimate and Enterprise editions) w/SP1 Cygwin - setup-x86_64.exe setup-version 2.870 (64-bit) Cygwin version: CYGWIN_NT-6.1 1.7.35(0.287/5/3) 2015-03-04 12:09 OpenSSH_6.7p1, OpenSSL 1.0.1k 8 Jan 2015 I ran the following (as cygwin shell with Run as admin) ssh-host-config yes to StrictModes yes to privilege separation yes to local account sshd yes to install as service left blank value of CYGWIN no to different name yes to new privileged user account 'machine_name\cyg_server' Provided a password net start sshd Verified I can login with a domain username and password no problem. I create a local user account (not admin) and attempt to login. Access denied. "To many authentication failures for invalid user rodtest from 192.168.145.1 port 50338 ssh2" (also seen in Windows event viewer). I try changing the local user to be in the Administrators group. Same error. I use mkpasswd -l > /etc/passwd I use mkgroup -l > /etc/group Same issue. Domain users can still login, but local user accounts cannot. I also tried "fixing" the /etc/passwd and /etc/group ownership and permissions so cyg_server owns them. No change. The local user can login to Windows via RDP. So to recap I can login with *domain* accounts via ssh, but I cannot login with *local* user accounts. cyg_server is a local user account not a domain account. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple