X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D10153858400
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=onespin.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=onespin.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=KsN1m++ZPE0DRx786Fbk7CtSO+cZh4akWN//W8Bsekqx2zw7EomusQYkJMlEpjq+0ciTCemaqHzm4NrQrPdh4LXUJvGpVtTp/a10rFHovy4GsbXhDEIJ42+U83V6eAwG1zWs6maaKJx+kEFoyANrJMSM6LpfmfSQEIQV9nWrJVF661ct//9SOVUIo4b44VCa5NHtNMc3ACohEQE5OC4gFR3x1+2ei/ft2PS3pvGaBuPRyQ6I3NPR8GYCecLds4Wohnr2unQNFP7a+HJPBZGy05+9U0lTp6XktAyFJB5h8ysWW0teh4GFSiJpGP4v9ShGHe7Bu4KTlqkJcOFxWxANtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=X4w49Kok0ohMF3Jlt5PDe0BVBn6hr1t3+NCcYhYYcbg=;
 b=B8++OopIEKYWgPuPtVvlUxq1cBJnxqJSZN+D9n9c4JU4CsnDvzdiSzeqb4+euw4Mqvt2pxpdnsa0hjELLo4x5gIQoXOdmZ+p8KZBoUZ9sEpv9TQS9IOe7seeM/2nd10fAgmROsYWkX9GU2VOKI49GnqxYAdx3cVIRIR6+IFMUUNwz1it+X9vO6yiqaw1CdFMXS8PcDqBTxTFgZlC7n6io9tMvgDrJqofFmY9afrKjCsBF7ovkZicgRQjDikiT+Gloh5cOjhwa2vZlNL+ooDvePe+s0bislAsWJO39I5aXFX0NUj0+RATsBBnRLwMfagHeXCRQMH+Ddxj/pZNEU7lcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=onespin.com; dmarc=pass action=none header.from=onespin.com;
 dkim=pass header.d=onespin.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onespin.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=X4w49Kok0ohMF3Jlt5PDe0BVBn6hr1t3+NCcYhYYcbg=;
 b=VQ4EDj4FW1Xt8Z0/dzw+4ip6BCmC3nmwjFAhUdcoaZVc4Ixu12nT/yxa6+ZoIptXBT7eIqH2zEwf2r4bdOVRzGW3WJdE+rETbRNtr7PEDcK00+ZG5RXhx3c7zZIvAqsUkMdM8eWHq83zR8dVCXhWcRJTPownnyNy8U2xuKIZ24I=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=onespin.com;
Message-ID: <97042d57-fa36-da97-9c05-493a2c645991@onespin.com>
Date: Wed, 10 Nov 2021 16:28:05 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.0
Subject: Re: Problem with ssh(d)
Content-Language: en-US
To: Bill Stewart <bstewart AT iname DOT com>, cygwin AT cygwin DOT com
References: <2dfb0a68-b9e3-f9fb-817b-651fec02adf5 AT onespin DOT com>
 <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q AT mail DOT gmail DOT com>
From: "Strasser, Dominik (DI SW ICS ICV)" <dominik DOT strasser AT onespin DOT com>
In-Reply-To: <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q@mail.gmail.com>
X-ClientProxiedBy: MWHPR07CA0015.namprd07.prod.outlook.com
 (2603:10b6:300:116::25) To AM9P190MB1618.EURP190.PROD.OUTLOOK.COM
 (2603:10a6:20b:3b4::24)
MIME-Version: 1.0
Received: from [172.30.8.149] (192.94.38.34) by
 MWHPR07CA0015.namprd07.prod.outlook.com (2603:10b6:300:116::25) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11 via Frontend
 Transport; Wed, 10 Nov 2021 15:28:14 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7e62de0a-cf87-42cf-6cd9-08d9a45eb74c
X-MS-TrafficTypeDiagnostic: AM9P190MB1217:
X-Microsoft-Antispam-PRVS: <AM9P190MB12179E0F0CDC825BA60C0AB59B939 AT AM9P190MB1217 DOT EURP190 DOT PROD DOT OUTLOOK DOT COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: M2gB2PC+qsl6kQaZ+Qe1jOB3nLzKMyoG2hyjy6TPT++fKA8HODF257I0WjheEi9z0KHAwWWy56tWVlBh/E2l2nRjya7bg0Y+3JRtt9lX4y3aXJPYIwXkH0hEaBWD/UCzjXmkSyIfofXA3rNJDnb+HkVxDjyKihg9NqXFFyT4e2zH6d3l0XbaoY1+zd42ZpT1u/hs7Wt50awFO8aJkkbnKM4EzWaZ6G0FBCJU/gM/ID+4o+RlJlLyohN3c1ocD2jHkFVClICcOL5a96zi5DWWTaqj17OW7qwxNernyZ134fdTncybS1RwhfYCunS/B2XesAFo7zP46mWB/duoWiYzFZPPcHZCXujVRRukCI+X2QhRVCa8vhDtm+9hBrbziAmAlqLMsNAKyCWPxqqJT5wUA1W2Re6SrXOoUb9Pr+EUpolqhJxnNfNxXm/aWH/rNH0BRrCSZr0ASi4pAyLy+jSoc0sc36HIYByQMACrvGJUQbZyTIxKrcCNmWdl8cdQRnncleRw0CV6O4wx2r8hUz7ixY0DZ4xUcSiuCZC+LQtlJxMIJOI/2oioGXALl/PwheKGTMEzr0Qx3WPLjiGeKdrPRvrYj04NhuZqOwZFjPVpaQS8McG/Uk2Kl1eJwnV3cbUGIsSYyQf0wVtREqy0cUnXi4izDLDl5UhpHnSUn1AsdlLDoUkNRZ3ZpnzKn55cixpq1rAJlmSoCEgEGJPEUbWmRsUDAaER31AxxHWhv8KjzxN0CK1vkKi/D6M3wJfcDFZShKZkcuE3ic9pWOe2EKqUVA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:AM9P190MB1618.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(376002)(136003)(366004)(39840400004)(396003)(346002)(16576012)(316002)(5660300002)(38350700002)(38100700002)(86362001)(31696002)(36756003)(2906002)(31686004)(6486002)(8676002)(6666004)(83380400001)(33964004)(66476007)(186003)(53546011)(66556008)(52116002)(66946007)(8936002)(508600001)(2616005)(956004)(26005)(43740500002)(45980500001);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VjdYdmJPOHZzU0Y3MzRNRnNLam9TeXRHRExFcFFSVUVueXNQMlhqY1cycEI5?=
 =?utf-8?B?aGtYMTRqaUx3eTVTMytmMFZkVWZGWkZIU1FCRTNGemJhckpmNzR6b2w1Qlp2?=
 =?utf-8?B?L3UreDY5b1ZGL3hzRmhzc240WXowMzBHaCs5RWl0T1k0aTlBME5nT0FDdHIr?=
 =?utf-8?B?VHlkaUlLLy8vbjJ6empDWWsweUtlVDllY250SzdYbVV0Tks4QzBRbWtveDhp?=
 =?utf-8?B?NWFrUXhOd1dBRXoyb1ZTTU44TEZ4NEhIWmVWdWEvbHY3enRXWDNwdmhKcW9q?=
 =?utf-8?B?dUQvZ0tPYjNaNGltMFNQTWZzOTcydVVaZlZ0VFVLOENwbjkzS09lbjVqaUxa?=
 =?utf-8?B?NWhHUDliM2Q5RzlkVHRtQU8vOW1YeWxmT0pKdGxOaVlNZmNqTkNBSWx3MGox?=
 =?utf-8?B?TkQzWjVzeXUwYU1COERiN0VaMDVESndUVFp5VkF4eHVMN0llS3VkbVdra3Jv?=
 =?utf-8?B?RkZjZzl1UjFNYXZoUDBacDNuK0d2YlFFZFE0cExQYkdWZ0pTQ2dxclVoTSs5?=
 =?utf-8?B?dytQVUN5dGIzUkRsaDlrbzROMXR2ZHZKOG5pbmQ3Z1lzOVNBR3NDYmU3NFBq?=
 =?utf-8?B?WHE3Y3MydFJxRjdaMDZ4bWNrbVREQlp3Mkd2bTRSNkQxUHA2ejJaQkNodG1u?=
 =?utf-8?B?MFM1TStWYTZ3UWNKM0gyQkxYQmxKUlVFS1IrbmZuWlI2UXNPanRYUmpWRjlq?=
 =?utf-8?B?Rk8zUlZkamlUNHlpZXU4ekpselRxemNRaXpaYzNYdW5ZYnRnK2M2NjZXeTZ2?=
 =?utf-8?B?eVJPRURQaW8ydGhxVEhZRmJHclA0eTRCM2VJVExVQTBQQ0ZoY1dPbVFTZmZF?=
 =?utf-8?B?R2hidkdpV1RLNUR6RUdpZE1TSUxPQXpNbVByMGgzRk1ERFNrYTlNckYwR3Z4?=
 =?utf-8?B?dElsQ1JNbWlLdWhsdTBrOG92UVRMM3dFci9PczEvMGgyNzdhbEhCOHUrL0ho?=
 =?utf-8?B?U0FuVWk5V282aTVtcHpGWlNtWUNIRklhc3I2UWs1Mm1PRFY1MHp3Y3dLbGFs?=
 =?utf-8?B?QzY0WWRXdk1DRitycG9JdGpTeVc5YVMxZXZjYlpRVVNqM2crcWViNVR4ZmpV?=
 =?utf-8?B?NFZ0WEUyR0R2K3IvbFZuMGIzNGVoS3JwQ0ZoUURvQWliL2FuVEtWQUVhd0J5?=
 =?utf-8?B?ZmRQcjRmdmpIM2E1dmRBSkptNnlqU3NLdk00KzNpTTY0RVRLV2k1WXBKbXpP?=
 =?utf-8?B?OEJyTjhXLzhqOGlFVG8zQllrREpqdk95Rk9sUGRkOVR4Zi9NcUZVYitmK2Rq?=
 =?utf-8?B?L21Kb0xWbnhwS2lCeVdBRHgzOFRSNXc0UENZTzhVQ1BZcU5PVHlKWjh3SVd3?=
 =?utf-8?B?WVVodWQycGVjRjJSdUEyMkxzWGlSVnFEYkJRa2tTbTBNSUFycndWaTUwTGtw?=
 =?utf-8?B?YjNnQzNSUE1wb0tybktWUEtia3JJMXVpQ3JHbytoZ3JlanZKamFJeUVUWEt4?=
 =?utf-8?B?N0M5eElxM3FlU1Rvd3Z4dW10R0xKMVVXWCsrYkpiZXdocGcrTHArRUlLMEg4?=
 =?utf-8?B?UHNmQmpXM2RxQkNneSs2Rmhud2tSYUhvdGsvQTZSUVNVQ2VxQU1VY29WRFJY?=
 =?utf-8?B?M3AxNjM5N1MzRng1V3J0YWpqUVg0U290K3h2N3ZyYnlmQTRqc2RIVDJLQ3Fp?=
 =?utf-8?B?cmxZQnZrMXUvek9NdUJBeGZJQlIyelo0UzRYTE1uK2Z4dWlBQ3dqTzd5QXho?=
 =?utf-8?B?aWFHdEViZ3NJbTZDVmRRY3FtUkdURVRTUnhKbEhWRTNtZ2NmS1dWVG02ejk1?=
 =?utf-8?B?Q2prZVdWLzZkLzUyL084Z2dmVDE2RXUvRWdReTBJcWx1SFRDMi9MT0ZqM3A4?=
 =?utf-8?B?ZzM5bUxnYzBnNEJKMFhxUjdueDRZMnZNWkhhaXRLSmprbm9JelpKMVkra01N?=
 =?utf-8?B?UzdOZ08vVlBEMVg3bitBTHhPYnRrSFZyQzlscU5QYW0xSERkUk9yWTVvMStX?=
 =?utf-8?B?Y2JPNnpzMkE4Rm5Ddm9ibEFRNC9DaDgvcWhTZ1I4Kzg2Vm4vU1hjMnJ6c29r?=
 =?utf-8?B?VDVOS1FTM1o2dHJkenF1ZE9aWE8yNlFQakRrR3hDR1lNSkZhS1VnNmkyWmE1?=
 =?utf-8?B?ZmVueU43MDhMMk5pK3FyVWlQTml4amUwVFVqK2dzN283SVhyL3JwWDJpWVND?=
 =?utf-8?B?SE9EaHVoazlPV21DSlZES1R0QUxhcDR2WXJUSWpXelVzM2M1d2hlbHJCODQx?=
 =?utf-8?B?dXRvRGlTZERSa1hQWitzZ2dHZmJhdjVqcUdUTk5iVU9TbWhOS0FDTFpYajIr?=
 =?utf-8?B?dDdjL2UvYW11ZWdzZ3ErU0NHbDVBPT0=?=
X-OriginatorOrg: onespin.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e62de0a-cf87-42cf-6cd9-08d9a45eb74c
X-MS-Exchange-CrossTenant-AuthSource: AM9P190MB1618.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2021 15:28:16.2390 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 145679f0-0524-460c-90fd-ac0b0a11e2f6
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OA9Ky3NpNAxbwnnUcu5Bzy+DVwFmvHl/NFLxCT4FJpQm0gIanjYoKiSQR6GibItfZY8xWlUO6R0B4kwsGSzP6qf9I5idDmupsdCUXK7aS50=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1217
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, HTML_MESSAGE, MSGID_FROM_MTA_HEADER,
 NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,
 SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

Hi Bill,

On 10.11.2021 16:10, Bill Stewart wrote:
> On Wed, Nov 10, 2021 at 7:52 AM Strasser, Dominik (DI SW ICS ICV) 
> <dominik DOT strasser AT onespin DOT com> wrote:
>
>     We are in an AD environment. AD holds the needed data for ssh(d) to
>     work. I can log into cygwin using ssh. But if I have a key stored
>     .ssh/authorized_keys for passwordless login, the groups my user is in
>     differs from the one w/o an authorized keys. Unfortunately exactly
>     the
>     group(s) for accessing the shared filesystems is missing. We were
>     investigating a lot and the only workaround we found is that the sshd
>     service runs under the user we want to log in. This unfortunately
>     disables any other user to log into the cygwin machine. When
>     debugging
>     ssh with -vvv, there is no visible difference between the login with
>     authorized_keys or without (of course there is a difference wrt. the
>     login method).
>
>
> The OpenSSH server service should be running as local system, not as a 
> specific user.
I know that this is the standard installation. But we absolutely need 
passwordless login. So this was the workaround we found.
The number of groups differs when sshd is run as local system, and when 
authorized_keys exist or not. Groups are OK, when it is run under the 
one user we absolutely need the passwordless login.

Regards

Dominik
>
> Bill

-- 
Dominik Strasser       | Phone:  +49 89 99013-436
OneSpin Solutions GmbH | Fax:    +49 89 99013-100
Nymphenburgerstr. 20a
80335 Muenchen         |dominik DOT strasser AT onespin DOT com

OneSpin Solutions GmbH
A Siemens business

Geschaeftsfuehrung: Thomas Heurung, Frank Thurauf
Sitz: Muenchen; Amtsgericht Muenchen HRB 139 464
UstID#: DE 814 413 215

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple