X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:cc:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=D0DcYTh37CV2gA2KTXcL3eCYhEjT8+5DpocyaZEo0R2005ML3cdUj SbR5JxlwNNGmJwakyYWRfORMCLB9MiRs5cRPgZowUk0VzSZlUu6Wnxyf7m9BNon0 swVFL2SaQ6OLzTec/ojEcOdZtZsZDRWo+rzQz7NW8rrp3Yh9XDUkDc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:cc:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=NeHw/p9K7NbJ0EgwRqLWyn4vxxg=; b=Phos3f58fI+zSEEWcFM/0CDAHE9N udkBCMto03j+3DlpyRq3yb4VtAJzYwXzfHVumgwEar85Cjo26x8qEZ8/HVAR2JJm 1zyQ+s9wHhilr+jdXzYZLRNBdK7O9mNXqNs0MsA16yeqRDjJ3hpmhOx5P7O3f8Vo rfi8uW06kYstQMw= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=H*F:D*cygwin.com, click X-HELO: mout.kundenserver.de Date: Wed, 20 Feb 2019 22:37:32 +0100 From: Corinna Vinschen To: Andy Moreton Cc: cygwin AT cygwin DOT com Subject: Re: cygwin 3.0.1-1 breaks my sshd install Message-ID: <20190220213732.GY4256@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: Andy Moreton , cygwin AT cygwin DOT com References: <19759126 DOT 568100 DOT 1550686604174 DOT ref AT mail DOT yahoo DOT com> <19759126 DOT 568100 DOT 1550686604174 AT mail DOT yahoo DOT com> <47883ab06634fed3ecdaa375016dc3fb AT smtp-cloud8 DOT xs4all DOT net> <20190220202536 DOT GX4256 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cW0eHRJ76X8TDo3d" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) --cW0eHRJ76X8TDo3d Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Feb 20 21:27, Andy Moreton wrote: > On Wed 20 Feb 2019, Corinna Vinschen wrote: >=20 > > On Feb 20 21:01, Houder wrote: > >> On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: > >> >=20 > >> > i can confirm the same behaviours on a 3.0.0 system. i've done > >> > several checks and have been unable to find the source of the > >> > problem. ssh -vvv shows that the connection proceeds all the way > >> > through the connection process, sends the appropriate key tokens, > >> > then the server abruptly closes the connection. all accounts on > >> > the system show the same results. > >> >=20 > >> > my 2.11.1 system, with identical ssh[d]_config files has no such > >> > problems. > >> >=20 > >> > on both systems, all relevant files and directories have correct > >> > owners and permissions. > >>=20 > >> Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 > >>=20 > >> Henri > >>=20 > >> 64-@@ uname -a > >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > >>=20 > >> 64-@@ tail /var/log/sshd.log > >> Server listening on 0.0.0.0 port 222. > >> seteuid 1004: Permission denied > > > > Sorry guys, but I can't reproduce this problem at all. I tested ssh > > login on Vista, W7 and W10 1809, in each case on 64 bit and under > > WOW64. On all systems I can login with domain as well as local > > accounts. > > > > For completeness sake I started sshd under SYSTEM as wel as under > > cyg_server account and every time it just worked. >=20 > I've seen a similar failure, on a domain-joined Windows 10 box running > cygsshd using a local cyg_server user account. I've fixed it by: > 1) Open the "Computer Management" app > Select "Services and Applications", then "Services", and > choose the cygsshd service from the list. > 2) Stop the service > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > 4) Restart the service. >=20 > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > to "LocalSystem". That actually fixed it for you? I'm a bit surprised but at least that's a neat solution, given that the new way to switch the user context doesn't require the cyg_server account anymore. SYSTEM is the way to go in future. While talking about it, i have a couple of OpenSSH upstream patches in the loop: - Rename Cygwin's sshd service to "cygsshd" becasue Microsoft hijacked the "sshd" service name for their own sshd. - The ssh-host-config script will install the service under SYSTEM in future, unless you're trying to install under Windows 7 WOW64, which will still require the cyg_server account. - Allowing to login with case-insensitive usernames. This also enables case-insensitive user and group name matching in=20 sshd_config "Match" rules. The first patch has been merged already, I'm still waiting for feedback on the other two patches... Corinna --=20 Corinna Vinschen Cygwin Maintainer --cW0eHRJ76X8TDo3d Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxtyJwACgkQ9TYGna5E T6BTPA/+M/23zQnGvsFdd2h3s1EcOmu2BpKDoTyLj5EYPbyJWGPQckXxxS/54nVL +paokn/X3grZV9tbp0zEQkPlegr/xPDzzMlt2N7oHkDqkX0n3PSMz5lgmxEELsRU 81qam6D2HP8IrYrdxhj9ugMi9NmvHP3OVhriz9A975qfIy2w/EhJxWpNvDG22gMP yH3Y/x7azNTtUfw4ONhytOMn3JNbxSzjmbUtVk/ocTlls99JZgncwIfz49YpJzLf OSw+1R9cNxTFsTBsLtabKPXg7atBMYIjZEZXAleSrha76NRQGuCyGY79UhbShCHo AQbtJAcGvSKgdsobQYtNdQh+5mHCrWM3pU9lalGjIWBJaSLeSWyAtMLVV9p0PsIY u+ZTHS2/kmkMZ1TH1fvfkP3RGRm6uN/URbN9iwrORtfLhB4zlF3B9nSIyHv5y3GW FcG323o8LWQHv/Q/9PxwebyeGfxatXiD/OzKpJ3F7H7I98E4cCOzJKhNzkgcyg9l fBOhP69d7w88OzbvFihRss4vhV93NXZw6G++CWbczdU0mPbqiEVxUy77HyAo6INO tJnkROIBH+Pz2OH2ftUK3X9zDQmxYOy+hP503Y5n7qUJpGX7eO+9zV/TwzWmy5M1 mkr/Ah9+b+cEgnYgdBC9GXHrG5gRRR+KTGAQXs13KurUdPZpw54= =DDTK -----END PGP SIGNATURE----- --cW0eHRJ76X8TDo3d--