X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; q=dns; s=default; b=nmLz6elHgftR4Dvv6e3bJc0/XrysJ J/cWjT9gklhwf32darRPR2ks8JqHBGVENMuINHUX7pYZ8kxUunzjM30f+0ca5HYG FvSQgOf+XL4txESHbsHx9w1V8NuvyYYi6/Ip9lKI33tDxL+3PJAsha3wniIdHdKk aqFB+GEB+Gycis= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; s=default; bh=WxGouLxZBgYdVPH8rM9JNpzyrN8=; b=Q16 snUKFV3dkcJxvEe3MKNEh//c21P8hOkJLWFHbPuCfDy1bEcKqQM8/AJ/lX8OiYgO 0VC7+mTmci7sv8FyfiIkZIGUg/vCHDhmxwupsZFh31AQzd7qDineUlhGCt4XUzm6 8jGczOqVISYn2tgIOBQ0kSSDAaC6Q5e5pgRGhe6o= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=3.6 required=5.0 tests=AWL,BAYES_99,BAYES_999,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: g4t3425.houston.hp.com From: "Blando, Frank (Helion Managed Engineering)" To: "cygwin AT cygwin DOT com" Subject: RE: ssh with password allows commands that fail with ssh via key Date: Fri, 2 Oct 2015 00:13:01 +0000 Message-ID: <3FDF3C3C0433F04C8E22F9B8502B6837826D8526@G9W0741.americas.hpqcorp.net> References: <3FDF3C3C0433F04C8E22F9B8502B6837826D83FB AT G9W0741 DOT americas DOT hpqcorp DOT net> <1689112444 DOT 20151002022631 AT yandex DOT ru> In-Reply-To: <1689112444.20151002022631@yandex.ru> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t920EKIh028650 Thanks you for the pointer. I hope I read this correctly (It is kind of overwhelming), and unfortunately, that does not appear to be it. 1 - Unlike the mentioned description, access to network share works fine either way (Example command that works either way "powershell -command get-childitem \\server\share") - I have enabled CredSSP and I this might be why. 2 - Using passwd -R to register the password did not make the problem go away (In the windows tradition I restarted the service and killed all sessions) Frank Blando Your English beats my non-existent Russian! -----Original Message----- From: Andrey Repin [mailto:anrdaemon AT yandex DOT ru] Sent: Thursday, October 1, 2015 5:27 PM To: Blando, Frank (Helion Managed Engineering) ; cygwin AT cygwin DOT com Subject: Re: ssh with password allows commands that fail with ssh via key Greetings, Blando, Frank (Helion Managed Engineering)! > I suspect this is already answered somewhere, but my googling has not brought up an answer. > Environment: > CygWin with OpenSSH 6.6.1p1-3 on Windows 2012 R2. Using the domain > administrator account as the target on Windows. > Issue: > When I ssh into Windows from Linux, if I use a password, "powershell > -command get-cluster" works. If I use key (store in > .ssh/authorized_keys), "powershell -command get-cluster" returns > access denied. Simpler commands do not appear to make a distinction and work equally well with password or keys. Please read the documentation. It is explicitly explained there in great detail. http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview -- With best regards, Andrey Repin Friday, October 2, 2015 02:24:20 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple