X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:message-id:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=GzX
	tuVfReqpbRiloOfdTpX4eSrs1b/0y1DqPXITVhJ9HWOa4utWRX/80b7Qw3QXy3VR
	ODADyKrqxEjvfbZk2MNyzDB0VFcCeJY6SIyoMjswUefg1Xjlo5YNwPzjOFGyAPtI
	NEVB0nUs8QCTVNXW9XWqWfiy9KZbWpwfX2Mz/emw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:message-id:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=3f7US2yr/
	lj4nmZwXh1w07icgcM=; b=NIIAnmcd9iM/34P0MmFUj6sn5798KaqCpHbEPWP6E
	HlsdLUwvyW9AeRwOtz/IdlDQIrftS9lII+dBWXhRYye++TudSggdHFVB3kS+rf3D
	fHXzvgnFjGKtU/JIWnY+eQMOup9VPbdGOZcLrb6MuOLiBux1fYpZrPb9UfcYKorx
	UU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SCAM_SUBJECT,SPF_PASS autolearn=no version=3.3.2 spammy=pty, tty, accounts
X-HELO: mail-qg0-f53.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20130820;        h=x-gm-message-state:from:subject:to:message-id:date:user-agent         :mime-version:content-transfer-encoding;        bh=ImYHizVEEBtUTfOHHeOTzK8BLR6lqxvNOEuVSKEZlFE=;        b=OfmdhMSuHPhLBrOgzxgPhofA7r6R6hwQtIfXYPw3ZiBpVkx5rZX6+klhgIQdjijJjI         E7aCrAYGBbDBbXpLzvUY3PTBL5HVmdDDySW4j38tC9IIbKoMsYADum7EhRyvJVyO83fl         6kfRBv3h+F9ziemdUsxE8SLWk1bgyDcu20Ax0ePvarOw8xkccfKpnfEKQ/GmE46luoSx         eE3OJrx8otwTcZ31/bBpcJZzYjq+HRYnYo7VhE5e/va19BcMaNRLtV8YLswx+TLdDRQH         a+jiS3uRvIY0UXJQbPevfJS3lVRIuLfoxTu8ts1Chg4nDmMonKR6x5nwzVDVbdslRPvW         OP3Q==
X-Gm-Message-State: AOPr4FWpSZpXTIpNh5rhSIuy2/QBcUtL/adSvja/jHiqBm5l8q5sm0CrqqqZXhW0YcKUTA==
X-Received: by 10.140.104.146 with SMTP id a18mr17718421qgf.26.1463172852720;        Fri, 13 May 2016 13:54:12 -0700 (PDT)
From: Andrei Remenchuk <andrei144 AT gmail DOT com>
Subject: Can't login to Cygwin SSH server with domain account
To: cygwin AT cygwin DOT com
Message-ID: <1c0a4627-4650-ade9-788d-e6bde4fffc64@gmail.com>
Date: Fri, 13 May 2016 16:54:15 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

I am running Cygwin SSH server under local cyg_server account, and I 
can't login with domain accounts (using password).
Connection and authentication succeed, from what I can tell, but then 
the server immediately closes connection:

         $ ssh domaintest AT localhost
         domaintest AT localhost's password:
         Last login: Fri May 13 13:14:44 2016 from ::1
         Connection to localhost closed.

The only clue in server log is "Received SIGCHLD" message:

         debug1: Allocating pty.
         debug1: session_pty_req: session 0 alloc /dev/pty3
         debug1: server_input_channel_req: channel 0 request shell reply 1
         debug1: session_by_channel: session 0 channel 0
         debug1: session_input_channel_req: session 0 req shell
         Starting session: shell on pty3 for domaintest from ::1 port 
49287 id 0
         debug1: Setting controlling tty using TIOCSCTTY.
         debug1: Received SIGCHLD.
         debug1: session_by_pid: pid 3464

At the same time, logins into local accounts do work.
When I switch the service to run under domain account instead, the 
opposite happens -  I can log in with domain accounts, but cannot login 
using local accounts anymore. Only in that case, the error is different:

     /bin/bash: Operation not permitted

In all cases, it looks like authentication succeeds, but then some 
privileges don't match up.

https://cygwin.com/ml/cygwin/2010-01/msg00334.html talks about similar 
problem in relation to passwordless logons, and says that in order to 
ssh into domain accounts, I also have to run the service under domain 
account. That makes sense, however I am using password logons, which 
theoretically should work in all cases, as far as I understand.

Ideally, I'm looking for SSH setup where both local and domain users can 
login. Is that even possible ?




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple