RE: SSH on Cygwin Immediate Drops Connections
On server 2003 I had to add the sshd user into the Administrators group to allow auto logon, the -r option did not work. Big side effect, with auto logon, the user logging in does not have their domain groups because sshd can not impersonate them like it could on w2k, so you will have to fiddle with group permissions. This had the effect that I could not access my tape drive because I am normally a domain admin, but when I logged into via ssh with authorized keys, I was no longer a domain admin. Logging in with keyboard password did not have this problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Eret Sent: Friday, September 10, 2004 4:19 AM To: [EMAIL PROTECTED] Subject: RE: SSH on Cygwin Immediate Drops Connections Same thing happens with public key authentication. Server Log: debug2: load_server_config: filename /etc/sshd_config debug2: load_server_config: done config len = 238 debug2: parse_server_config: config /etc/sshd_config len 238 debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: rexec_argv[2]='-d' debug1: rexec_argv[3]='-d' debug1: rexec_argv[4]='-e' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 238 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config: config rexec len 238 debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.1.102 port 3033 debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he llma n-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-9 6,hm ac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-9 6,hm ac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he llma n-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-9 6,hm ac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-9 6,hm ac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP se
Re: SSH on Cygwin Immediate Drops Connections
On Sep 10 02:19, Mark Eret wrote: > debug1: permanently_set_uid: 1107/513 > setreuid 1107: Permission denied What's the user and group id of the account you're running sshd under? You can't change the account in this mode so the uid/gid must be the same as the account you want to login to. > Any ideas what is happening? Other than that, no. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: SSH on Cygwin Immediate Drops Connections
_make_modes: 41 0 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 1 debug3: tty_make_modes: 93 0 debug2: channel 0: request shell confirm 0 debug2: fd 4 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug3: Trying to reverse map address 192.168.1.102. Last login: Fri Sep 10 02:13:15 2004 from 127.0.0.1 debug1: permanently_set_uid: 1107/513 setreuid 1107: Permission denied debug1: do_cleanup debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug2: channel 0: rcvd close debug2: channel 0: close_read debug2: channel 0: input open -> closed debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) debug3: channel 0: close_fds r -1 w -1 e 7 c -1 debug3: fd 1 is not O_NONBLOCK debug3: fd 2 is not O_NONBLOCK Connection to xerses closed. debug1: Transferred: stdin 0, stdout 0, stderr 30 bytes in 0.3 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 119.5 debug1: Exit status 255 Any ideas what is happening? Mark Eret "Yields falsehood when appended to its own quotation," yields falsehood when appended to its own quotation. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Corinna Vinschen Sent: Friday, September 10, 2004 2:05 AM To: [EMAIL PROTECTED] Subject: Re: SSH on Cygwin Immediate Drops Connections On Sep 10 01:33, Mark Eret wrote: > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) > debug2: we sent a password packet, wait for reply > debug1: Authentication succeeded (password). Password authentication won't work on the command line. > debug1: permanently_set_uid: 1107/513 > setreuid 1107: Permission denied That's what happens in that case. Try public key authentication. Otherwise I don't see anything wrong here. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSH on Cygwin Immediate Drops Connections
On Sep 10 01:33, Mark Eret wrote: > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) > debug2: we sent a password packet, wait for reply > debug1: Authentication succeeded (password). Password authentication won't work on the command line. > debug1: permanently_set_uid: 1107/513 > setreuid 1107: Permission denied That's what happens in that case. Try public key authentication. Otherwise I don't see anything wrong here. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: SSH on Cygwin Immediate Drops Connections
y_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 8 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 0 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 0 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 1 debug3: tty_make_modes: 93 0 debug2: channel 0: request shell confirm 0 debug2: fd 4 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug3: Trying to reverse map address 127.0.0.1. Address 127.0.0.1 maps to xerses.car.lambdacalcul.us, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! Last login: Fri Sep 10 01:23:11 2004 from 127.0.0.1 debug1: permanently_set_uid: 1107/513 setreuid 1107: Permission denied debug1: do_cleanup debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug2: channel 0: rcvd close debug2: channel 0: close_read debug2: channel 0: input open -> closed debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) debug3: channel 0: close_fds r -1 w -1 e 7 c -1 debug3: fd 1 is not O_NONBLOCK debug3: fd 2 is not O_NONBLOCK Connection to localhost closed. debug1: Transferred: stdin 0, stdout 0, stderr 33 bytes in 0.2 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 178.4 debug1: Exit status 255 Thank you very much in advance for any help you can give me. Mark Eret "Yields falsehood when appended to its own quotation," yields falsehood when appended to its own quotation. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Corinna Vinschen Sent: Thursday, September 09, 2004 2:57 AM To: [EMAIL PROTECTED] Subject: Re: SSH on Cygwin Immediate Drops Connections On Sep 9 02:22, Mark Eret wrote: > I am already running 1.5.11 and OpenSSH 3.9p1. I'm running with the > options "-D -d -d -d". This is the debugging output I get. Unfortunately the rest of the debug output is in your event log. If you want all debug output in your console, you have to use the -e option as well: /usr/sbin/sshd -d -d -d -e In another console, start the client with /bin/ssh -v -v -v $HOST Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSH on Cygwin Immediate Drops Connections
On Sep 9 02:22, Mark Eret wrote: > I am already running 1.5.11 and OpenSSH 3.9p1. I'm running with the options > "-D -d -d -d". This is the debugging output I get. Unfortunately the rest of the debug output is in your event log. If you want all debug output in your console, you have to use the -e option as well: /usr/sbin/sshd -d -d -d -e In another console, start the client with /bin/ssh -v -v -v $HOST Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: SSH on Cygwin Immediate Drops Connections
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Corinna Vinschen > Sent: Thursday, September 09, 2004 1:55 AM > To: [EMAIL PROTECTED] > Subject: Re: SSH on Cygwin Immediate Drops Connections > > > On Sep 8 14:08, Larry Hall wrote: > > At 01:50 PM 9/8/2004, you wrote: > > >Mark Eret cs.colorado.edu> writes: > > > > > >> ... > > >> I have looked at these lists and tried all the solutions. I've > > >> added '-r' to the sshd startup command. > > >> ... > > > > > >I just wanted to chip in that I have tried the -r setting without > > >success also (using priviledge separation). I've had success > > >reverting to the previous version of openssh (3.8.1p1-1). > > > > > > OK. Any of you out there that are having this problem up for tracking > > this > > down? Even if you can't look at code, there's plenty of tracking that can > > done before getting to that stage. See: > > > > >Problem reports: http://cygwin.com/problems.html > > > > for initial guidelines. And don't forget that the server has a debug > > mode too and the output of that is much more telling than that of the > > client. > > And also note that the Cygwin bug which prevented reexec'ing to work together with privilege separation is fixed in > 1.5.11. I'm running OpenSSH 3.9p1 with PrivSep and no -r option on my XP machine. > > > Corinna I am already running 1.5.11 and OpenSSH 3.9p1. I'm running with the options "-D -d -d -d". This is the debugging output I get. debug2: load_server_config: filename /etc/sshd_config debug2: load_server_config: done config len = 238 debug2: parse_server_config: config /etc/sshd_config len 238 debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-D' debug1: rexec_argv[2]='-d' debug1: rexec_argv[3]='-d' debug1: rexec_argv[4]='-d' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 238 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 Attached is the output of "cygcheck -s -v -r". Thanks in advance for any help you can give me. Mark Eret cygcheck.out Description: Binary data -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSH on Cygwin Immediate Drops Connections
On Sep 8 14:08, Larry Hall wrote: > At 01:50 PM 9/8/2004, you wrote: > >Mark Eret cs.colorado.edu> writes: > > > >> ... > >> I have looked at these lists and tried all the solutions. I've added '-r' > >> to the sshd startup command. > >> ... > > > >I just wanted to chip in that I have tried the -r setting without success also > >(using priviledge separation). I've had success reverting to the previous > >version of openssh (3.8.1p1-1). > > > OK. Any of you out there that are having this problem up for tracking this > down? Even if you can't look at code, there's plenty of tracking that can > done before getting to that stage. See: > > >Problem reports: http://cygwin.com/problems.html > > for initial guidelines. And don't forget that the server has a debug mode > too and the output of that is much more telling than that of the client. And also note that the Cygwin bug which prevented reexec'ing to work together with privilege separation is fixed in 1.5.11. I'm running OpenSSH 3.9p1 with PrivSep and no -r option on my XP machine. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSH on Cygwin Immediate Drops Connections
At 01:50 PM 9/8/2004, you wrote: >Mark Eret cs.colorado.edu> writes: > >> ... >> I have looked at these lists and tried all the solutions. I've added '-r' >> to the sshd startup command. >> ... > >I just wanted to chip in that I have tried the -r setting without success also >(using priviledge separation). I've had success reverting to the previous >version of openssh (3.8.1p1-1). OK. Any of you out there that are having this problem up for tracking this down? Even if you can't look at code, there's plenty of tracking that can done before getting to that stage. See: >Problem reports: http://cygwin.com/problems.html for initial guidelines. And don't forget that the server has a debug mode too and the output of that is much more telling than that of the client. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSH on Cygwin Immediate Drops Connections
Mark Eret cs.colorado.edu> writes: > ... > I have looked at these lists and tried all the solutions. I've added '-r' > to the sshd startup command. > ... I just wanted to chip in that I have tried the -r setting without success also (using priviledge separation). I've had success reverting to the previous version of openssh (3.8.1p1-1). -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/