Cygwin 1.7 Windows 7/2008 Public key intermittent problem
Hi, I have about 8 machines experiencing problems while trying to use passwordless public key authentication, via passwd -R. Happening on W7, w2k8, x86 x64 sshd running on all as a domain user, with the correct local security policy changes made, and /var/empty owner by sshd user etc. pub key auth always works for the user sshd is been run as, but not any other user - connection closed by... error - windows event log does show sshd pid xxx fatal initgroups permission denied error If I reboot any of the above, generally passwordless pub key auth doesn't work - if I then rdp to windows machine, login as another user, log out - I can then ssh using keys to that machine as the user I RDP'd as - until it gets rebooted again. And then - after several more reboots - without any changes been made on the machines - I can use keys to login to the machine as any user successfully - until it gets rebooted and reverts to the usual problem I have tried installing cyglsa - but after installing and rebooting - I don't notice any difference - although I'm unsure if there is something else needed for cyglsa to function or is adding the users to the passwd/groups sufficient? Thanks for any suggestions - the fact that it intermittently works is baffling me Cheers Shane -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: 1.7 Public Key Authentication problem
Thanks for the info - I wasn't aware of passwd -R - just tried it and it works which is a good relief. It's a dev lab - anyone with access to the keys is allowed full rights to the machines - so security not a major concern. BTW - I had installed cyglsa-config and rebooted and gave the users the Act as part of OS right - but it doesn't work for me. I must be missing something . Thanks again - you've saved me considerable problems! On 2010/02/03 10:07 PM, shane fenton wrote: Hi, First time poster - so hopefully will get it right :) Cygwin 1.7 installed on approx 10 machines - XP /2008 domain cyg_server user created Added above user to Quotas/create token/replace token log on as service local admins on pc's added cyg_server to passwd file ssh-host-config (found above user and used it and did the right perms on /var/empty /var/log/sshd.log ) added domain user accounts to passwd domain users group group You didn't mention whether you set up the LSA authentication package (with /usr/bin/cyglsa-config), or used 'passwd -R' for each user. Did you try either of those? The Cygwin User Guide goes into great detail about the methods of changing user context, in this chapter: http://cygwin.com/cygwin-ug-net/ntsec.html The gist of that chapter is this: If you want to be able to login via ssh as a user that is not running the sshd daemon, you have basically two options: (1) Provide a valid Windows password to the sshd daemon, either interactively (which you obviously don't want to do, since you're attempting public key auth), or stored statically in the registry via 'passwd -R'. (2) Use the LSA authentication package. Bear in mind that if you use this option to avoid giving sshd your password entirely, I believe that certain privileges are withheld from the logged in user. [I don't remember exactly what privs are missing in this case... access to network resources maybe?] Hope this helps, -SM -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
1.7 Public Key Authentication problem
Hi, First time poster - so hopefully will get it right :) Cygwin 1.7 installed on approx 10 machines - XP /2008 domain cyg_server user created Added above user to Quotas/create token/replace token log on as service local admins on pc's added cyg_server to passwd file ssh-host-config (found above user and used it and did the right perms on /var/empty /var/log/sshd.log ) added domain user accounts to passwd domain users group group I can ssh in the machines as any user using password logon. But I can only successfully login using keys as the cyg_server user itself. Using keys for any user logs me in successfully, but I get the below error and most things don't work 4 [main] -bash 1368 fork: child -1 - CreateProcessW failed, errno 13 -bash: fork: Permission denied If I change the ssh daemon to run as a different domain user, with the required privliges set in the local security policy - I get the same result. ie. the daemon user can log in passwordless with keys, but all other users generate the same error - yet password logons always work. Please help! I've been trying for a few days and have not been able to make any progress - I've been reading the faq's/mailing lists but I couldn't find the same issue. Thanks in advance Shane -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
