RE: RESOLVED: Problem configuring ssh with public key Authenticat ion - help!
OK, my bad - I did overlook that minor (!) detail in the readme... Sometimes things need to be in capital letters and stuck on my breakfast plate for me to notice! :) Thanks again, Ken -Original Message- From: Larry Hall [mailto:[EMAIL PROTECTED] Sent: Thursday, 12 August 2004 11:34 AM To: Leong, Kenneth (HEALTH); '[EMAIL PROTECTED]' Subject: Re: RESOLVED: Problem configuring ssh with public key Authentication - help! At 08:15 PM 8/11/2004, you wrote: >Hello, > >Just wanted to say thanks for all your responses to my initial email. >In the end, it was just a matter of adding the sshd windows user to the >'Administrators' group. I found this in an earlier post on this topic >(any chance of having this info added to the faq?). > >Special thanks to Mark de Jong for the simple instructions! > >Warm Regards, >Ken > So you're suggesting that the instructions in '/usr/share/doc/Cygwin/openssh.README' didn't work? -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RESOLVED: Problem configuring ssh with public key Authentication - help!
Hello, Just wanted to say thanks for all your responses to my initial email. In the end, it was just a matter of adding the sshd windows user to the 'Administrators' group. I found this in an earlier post on this topic (any chance of having this info added to the faq?). Special thanks to Mark de Jong for the simple instructions! Warm Regards, Ken SSHD, Cygwin and Windows 2003 From: Mark J de Jong To: cygwin at cygwin dot com Date: 15 Sep 2003 15:29:48 -0400 Subject: SSHD, Cygwin and Windows 2003 Hello, I've looked and couldn't find decent docs on this so for those of you who are lookin', this is a quick howto on how to setup the Cygwin/OpenSSH daemon on M$ Windows 2003. This will fix the passwordless (ssh key) login issue. 1. Install Cygwin with the openssh binaries 2. After completing the Cygwin setup, goto the cygwin command prompt and type 'ssh-host-config' 3. Answer 'y' when asked if you want to sshd with privilege separation. 4. Answer 'y' when asked if user sshd should be created by the script. 5. Answer 'y' when asked if you want sshd to be created as a service. 6. Create a new windows user named "sshdproc" or whatever you wish the sshd process account username to be. If you happen to notice the sshd user being disabled, don't enable it! 7. Place the sshdproc user in the "Administrators" group. 8. Give the sshdproc user the following system rights: * Create a token object * Log on as a service * Replace a process level token And for security. * Deny log on locally * Deny access to this computer from the network 9. Reconfigure the "CYGWIN sshd service" to run as the new "sshdproc" user. 10. At the cygwin command prompt type 'mkpasswd -l |grep sshdproc >> /etc/passwd ' 11. Type 'touch /var/log/sshd.log ' 12. Type 'chmod 644 /var/log/sshd.log ' 11. Type 'chown sshdproc /var/empty /var/log/sshd.log /etc/ssh_* ' 12. Type 'cygrunsrv --start sshd ' That should be it.. Hope this helps! :) Best, Mark J. de Jong -Original Message- From: Leong, Kenneth (HEALTH) [mailto:[EMAIL PROTECTED] Sent: Monday, 9 August 2004 5:57 PM To: '[EMAIL PROTECTED]' Subject: Problem configuring ssh with public key Authentication - help! Hi all, After spending several hours trying to get unattended ssh to work, I have run into a brick wall and would like to know if anybody can help me out. I think the solution is just a configuration setting, but its got me quite stumped (even after Googling around). Scenario - ultimately, would like to use SSH from a unix box (Solaris 9) to run a script on a Windows Server 2003 box with Cygwin (1.5.10) installed. I am able to ssh and execute a script (runme.sh) on the win box from the unix box with *password* authentication, no problem. However, when I try public key authentication (putting private key file in the ~/.ssh directory on the unix box and adding the corresponding public key in the ~/.ssh/authorized_keys file on the Windows/Cygwin box), the script does not execute on the win box. According to the debug (attached), there does not appear to be anything wrong with with private/public key authentication - and in fact, the runme.sh script does apparently get called. The only tell tale sign seems to be an exit code of 255 (rather than 0). Has anybody experienced this before and know how to fix it? I have included the following attachments: 1) debug from password authentication (this works fine) 2) debug from public key authentication (note the exit code) 3) sshd_config file on Windows/Cygwin box (pretty much out-of-the-box) 4) various directory/file permissions (I've read widely that these can be a problem) Any help is greatly appreciated! TIA, Ken 1) Password Authentication debug # ssh -v -v -v -l myLogin winServerName ". runme.sh" SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. debug1: Reading configuration data /etc/ssh/ssh_config debug1: ssh_connect: getuid 0 geteuid 0 anon 0 debug1: Connecting to winServerName [winServerIP] port 22. debug1: Allocated local port 964. debug1: Connection established. debug1: identity file //.ssh/identity type 3 debug1: identity file //.ssh/id_rsa type 3 debug1: identity file //.ssh/id_dsa type 3 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.0 debug1: sent kexinit: diffie-hellman-group1-sha1 debug1: sent kexinit: ssh-rsa,ssh-dss debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: s
Problem configuring ssh with public key Authentication - help!
Hi all, After spending several hours trying to get unattended ssh to work, I have run into a brick wall and would like to know if anybody can help me out. I think the solution is just a configuration setting, but its got me quite stumped (even after Googling around). Scenario - ultimately, would like to use SSH from a unix box (Solaris 9) to run a script on a Windows Server 2003 box with Cygwin (1.5.10) installed. I am able to ssh and execute a script (runme.sh) on the win box from the unix box with *password* authentication, no problem. However, when I try public key authentication (putting private key file in the ~/.ssh directory on the unix box and adding the corresponding public key in the ~/.ssh/authorized_keys file on the Windows/Cygwin box), the script does not execute on the win box. According to the debug (attached), there does not appear to be anything wrong with with private/public key authentication - and in fact, the runme.sh script does apparently get called. The only tell tale sign seems to be an exit code of 255 (rather than 0). Has anybody experienced this before and know how to fix it? I have included the following attachments: 1) debug from password authentication (this works fine) 2) debug from public key authentication (note the exit code) 3) sshd_config file on Windows/Cygwin box (pretty much out-of-the-box) 4) various directory/file permissions (I've read widely that these can be a problem) Any help is greatly appreciated! TIA, Ken 1) Password Authentication debug # ssh -v -v -v -l myLogin winServerName ". runme.sh" SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. debug1: Reading configuration data /etc/ssh/ssh_config debug1: ssh_connect: getuid 0 geteuid 0 anon 0 debug1: Connecting to winServerName [winServerIP] port 22. debug1: Allocated local port 964. debug1: Connection established. debug1: identity file //.ssh/identity type 3 debug1: identity file //.ssh/id_rsa type 3 debug1: identity file //.ssh/id_dsa type 3 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.0 debug1: sent kexinit: diffie-hellman-group1-sha1 debug1: sent kexinit: ssh-rsa,ssh-dss debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: none debug1: sent kexinit: none debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh a1 debug1: got kexinit: ssh-rsa,ssh-dss debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none,zlib debug1: got kexinit: none,zlib debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug2: mac_init: found hmac-sha1 debug1: kex: server->client unable to decide common locale debug1: kex: server->client aes128-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server unable to decide common locale debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: Sending SSH2_MSG_KEXDH_INIT. debug1: bits set: 519/1024 debug1: Wait SSH2_MSG_KEXDH_REPLY. debug1: Got SSH2_MSG_KEXDH_REPLY. debug1: Host 'winServerName' is known and matches the RSA host key. debug1: Found key in //.ssh/known_hosts:1 debug1: bits set: 522/1024 debug1: ssh_rsa_verify: signature correct debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner Hello from winServerName! debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug3: start over, passed a different list debug3: authmethod_lookup publickey debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: key does not exist: //.ssh/identity debug1: key does not exist: //.ssh/id_rsa debug1: key does not exist: //.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup publicke