DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 53M8w07u1481081
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 53M8w07u1481081
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=eyHGa4oK
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9300B3857C5D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1745312278;
	bh=ZSEGhvjUv/rqpdBkH48IMtRw2Dw7o7RR7x38kJaJwOY=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=eyHGa4oKSWHzh/WdWC5FY2OGeOtBLoHVOP09dcs3YkHDEG0/69ZdQ6WL7LPgQbPgE
	 u/bGiXM2gVbQxaR16Bla17xUdX/M6iIQDF9cgNiI7owJeptUEFmuK1sPOHclp14Wzo
	 2j20jCgrVeCZ9qZNgbOXE+YixEZUwrHRpbREI0TU=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 29A263858420
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 29A263858420
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745312248; cv=none;
 b=awnvfQtqaOEnTrFi3/92D1rVb9O5GCsY6TV82pU1mu8NQ8wY5i5qRLJ0uqDE3FSzRlbafYZ8cXZH0Iv5dswPSLwDmliGwLsZ6eE2zqXFrArb8ZARRLmVSHnbqt7JnWUx2BTC/QsK2cP+5lYK9p91zbj/RlGbOgKqNRsggfmRJvY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1745312248; c=relaxed/simple;
 bh=OuuOb7UoH4s3aLGwdQh8ikrWl/zpfdy0gvW4Ug97enk=;
 h=Message-ID:Date:MIME-Version:Subject:To:From;
 b=Fc/RygB6hOMmTDW+BHIZmw5iFHWrAm02hDGE3tZqyctHvnTTqbHj0lncyfNTryYPpmJPRtWtY4S4fz8zjXCOgaU037b8gGS8Vju7wlLDcG7sqgTdT9VLEm3r3c1EfwVYN7AQjOSL7wh6lpXd449Sy9F4tjDPLJbHLYkXc+qrm5k=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 29A263858420
X-Virus-Scanned: Debian amavisd-new at smtp02.aussiebb.com.au
Message-ID: <45ec3ed2-a3a6-45bd-bad4-3a150f78fb90@shaddybaddah.name>
Date: Tue, 22 Apr 2025 18:57:20 +1000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Cygwin SSHD session unable to access cloud/OneDrive files
To: cygwin AT cygwin DOT com
References: <434339af-faac-4907-a256-db2f321b7c72 AT shaddybaddah DOT name>
 <87mscxt9sg.fsf@> <71f5b20c-2070-4adf-bab2-a43d86d20147 AT shaddybaddah DOT name>
 <f5cb9ba7-8091-4e8f-b73b-2555b0fb5727 AT shaddybaddah DOT name>
 <Z_UFIjfG7JgSrN6S AT calimero DOT vinschen DOT de>
Content-Language: en-US
In-Reply-To: <Z_UFIjfG7JgSrN6S@calimero.vinschen.de>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Shaddy Baddah via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Shaddy Baddah <lithium-cygwin AT shaddybaddah DOT name>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 53M8w07u1481081

Hi,

On 8/04/2025 9:14 pm, Corinna Vinschen via Cygwin wrote:
> On Apr  4 16:23, Shaddy Baddah via Cygwin wrote:
>> On 4/04/2025 10:02 am, Shaddy Baddah via Cygwin wrote:
>>> Hi,
>>>
>>> On 4/04/2025 4:49 am, ASSI via Cygwin wrote:
>>>> Shaddy Baddah via Cygwin writes:
>>>>> If I connect an SSH session via the "native" OpenSSH instance
>>>>> integrated into Windows, I can do something like the following to a,
>>>>> at the time, online only, not yet downloaded file, and OneDrive will
>>>>> download it ahead of outputing it:
>>>> […]
>>>>> But if I connect an SSH session via the Cygwin instance running on a
>>>>> different port to 22, it does not trigger the provider to download the
>>>>> file, and I see this error:
>>>> […]
>>>>> The fact that the native SSH session is OK suggests to me that there
>>>>> is some newer type of security token that that service obtains that
>>>>> the Cygwin SSH service does not. But I've not looked into it too hard.
>>>> No, that suggests that you have logged into your SSh session without
>>>> providing a password.  Windows will revoke all network access that
>>>> requires authentication for such sessions.
>>> Thanks for the reminder, but it's not that. I definitely logged in. And
>>> amazingly, it's more than 20 years ago I was helped on this list to
>>> understand this nuance, I think with regards to running Oracle's sqlplus
>>> command line. Speculating... it appears registry keys for the sync'ed
>>> portions of the filesystem are usually subkeys under
>>> HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SyncRootManager/
>>> That suggests tie-in with Explorer... which suggests the Shell
>>> extensions are not active somehow? I speak with complete lack of
>>> authority of course. One thing I could maybe do though, is profile the
>>> forked process layout in Process Explorer, maybe look at which DLLs are
>>> in scope for the relevant shell processes. I don't know how much that
>>> would help. -- Regards, Shaddy
>>>
>> Apologies for the formatting error.
>>
>> Thanks for the reminder, but it's not that. I defintiely logged
>> in. And amazingly, it's more than 20 years ago I was helped on this
>> list to understand this nuance, I think with regards to running
>> Oracle's sqlplus command line.
>>
>> Speculating... it appears registry keys for the sync'ed portions of
>> the filesystem are usually subkeys under
>> HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SyncRootManager/
>> That suggests tie-in with Explorer... which suggests the Shell
>> extensions are not active somehow? I speak with complete lack of
>> authority of course.
> I checked the Windows OpenSSH code and I don't see any relevant
> difference between the way MSFT OpenSSH uses LsaLogonUser and the way
> Cygwin does it.  If it's using something with  Shell Extensions, we're
> probably out.
>
> What you still can do is using password auth the good old Interix way:
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3

Thanks. I took up the suggestion (I think), but I still get different
behaviour.

I think I should clarify a couple of things. When I said "I definitely
logged in.", I meant logged in with a password. As I mentioned, it was
your good self who helped me those 20-odd years ago to get past the
sqlplus issue. So I always try that ahead of key authentication.

Also, I should point out that, "native" SSH works even if the logged
in user isn't also logged in via console/RDP session. ie. you can SSH
to the newly restarted host, try to dump the contents of the
online-only text file, and it will be downloaded, presumably by a
forked instance of the One Drive executable.

Works for both One Drive, and surprisingly, for Nextcloud.

With regards to the old Interix way... I realised that I am quite out
of date. I recall, I think in the Vista days, forcing LSA on to
overcome some issue... turning it on for any other installation I
made, and then encountering some years ago, cyglsa-config
disappearing... noting it didn't seem to matter to my original issue,
and just not bothering anymore.

If I am in the right ballpark, is the suggestion to just cygserver on
it's own? If that is the case, I did configure one using
cygserver-config, restarted, logged in to check it was running (tick)
and attempting the same above scenario (cat an online-only text
file).

I still see permission denied. I think at this stage, this is just an
FYI, unless I've missed the point on cygserver. Because if cygserver
can't solve this, I suspect some MS special magic here.

Small diversion, it should be noted that cygserver-config is
effectively broken. It looks like (from an old cygcheck.old of mine),
the service used to be installed under the name cyg_server. The
(overridable) default is now just cygserver.

Well the script appears to now have some oversight in how it checks for
an existing cygserver "service" process in this code:

   # Check for running cygserver processes first.
   if ps -ef | grep -v grep | grep -q ${service_name}
   then
     echo
     echo "There is a cygserver (${service_name}) already running. Nothing to do, apparently."
     echo
     exit 1
   fi

Obviously it's trying to filter out it's own grep process and
expecting that no other process is listed to proceed. But the script
matches ${service_name} by name... which used to be fine, because it
wasn't an exact match (as cyg_server).

To overcome, I just copied the script and commented it out, because
I want to retain the default name... and I don't remember how I have
performed exact matches in the past to suggest the patch.

-- 
Regards,
Shaddy


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple