X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5439396EC84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1610685533; bh=O3cdZ8TBpUW8GAVFnYKPaGInNBFfuk6Ixj8V2O4tcac=; h=To:References:Subject:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=sS1+36STcispgfVYwAoqV87G/ebt/m1PfK8xe1lPgS1uR4qmVjxMJKm2aZT7bNYtS Dmaq520oNvm3RdABhxf60j/KfBDerIY8zNRas3XbluUn3dbSnbjTj2u0Huh2Z+AqWD g6WKsm8i+kSTyOE9e3FBxyRm4dHPOt0ZeLi7E69Q= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 88E6B38708DD X-Authority-Analysis: v=2.4 cv=INe8tijG c=1 sm=1 tr=0 ts=60011c58 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=uYT-Tk0qkVT609LjNaIA:9 a=QEXdDO2ut3YA:10 a=nxFJi58FgSUA:10 To: cygwin AT cygwin DOT com References: <4da6176c0a89411c9cae02302b4dd505 AT parrotbyte DOT com> <6000F831 DOT 7080302 AT tlinx DOT org> <5d878506e47f4dc295a2f3c4e6dd8e8a AT parrotbyte DOT com> Organization: Inglis Subject: Re: Need admin privs before something can inherit them (was Re: ssh-host-config doesn't "inherit" user admin privilege) Message-ID: <924ebfc6-5e1b-795a-bbec-ae59c56a7a88@Shaw.ca> Date: Thu, 14 Jan 2021 21:38:47 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <5d878506e47f4dc295a2f3c4e6dd8e8a@parrotbyte.com> Content-Language: en-CA X-CMAE-Envelope: MS4xfKImr5xpFbky0UGZO+D9lxFx+8lV8d0xZN5oCpR26I4g+X5jUVY6hy6BJPwY6zxLlPf4BgJBIVt2xo3TfflLwZ8KwotYnv12MUO0ad/49gp3ClexyQcL Q14OuU630gpd9mUP7aF0oizzkF7ayUf6kvGqrW0wGSeVb0bWlhMVTNfAdRa6K1MkF2bcN3PQhJ+bHQ== X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com> List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>, <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> List-Archive: <https://cygwin.com/pipermail/cygwin/> List-Post: <mailto:cygwin AT cygwin DOT com> List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help> List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>, <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com> Reply-To: Brian DOT Inglis AT Shaw DOT ca Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: cygwin-bounces AT cygwin DOT com Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com> On 2021-01-14 19:55, art wrote: > On Thursday, January 14, 2021 6:05 PM, L A Walsh wrote: >> On 2021/01/14 17:21, art wrote: >>> I get a security code 5 when ssh-host-config tries to install cygsshd. I >>> was logged into Win 10 pro/x64 as an admin user. The "fix" was to start a >>> Cygwin64 Terminal with Admin and then run ssh-host-config within this script. >> You say ssh-host-config tries to install cygsshd. How was ssh-host-config >> called (started)? When Cygwin64 Terminal was run, it was run with Admin >> at the start. Was that done when ssh-host-config was run? >> >> How was it run? > Yes, I did a right-click on the cygwin terminal icon and chose a "run as > administrator" option. This is like doing a sudo to start a linux shell... > everything run in the shell inherits "admin"/"root" as appropriate. Followed > by using this shell to do: > > cd /usr/bin > ./ssh-host-config > > I entered 'yes' responses to the various setup questions including yes to > privileged separation. I never bumped into this sort of inheritance problem > in Windows 7 and earlier. Seems to be a Windows 10 "feature". This past week > I ran into the same problem using an Intel supplied command script to > install their hydra_mpi server. Another knowledgeable Windows 10 user reports > he, too, has encountered this issue. It's been years but I don't remember anything being different under Win 7, for "non-native" Windows programs that are not prepared to handle elevation, whereas Cygwin setup is and does. > After installation I do some local tweaks to sshd_config such as disablng > plain-text password logins. I'm able to succesfully connect using ssh/sftp > from other platforms to this system using public key authentication. Windows > is configured to autostart cygsshd. > > I can add that I previously added C:\cygwin64 to the list of Windows > Defender exceptions. You always had to start cmd or bash with Run as Admin to run anything elevated e.g. C:\cygwin64\bin\bash /bin/script. Similarly in Windows scheduled tasks: Run as SYSTEM, whether logged in or not, Do not store password, with highest privileges. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple