Re: cygwin opensshd on .net enterprise server
I'll second everything Printis said and in addition please check, if you have the correct user-id in your passwd and group. On my W2K cygwin inserted (only) my local admin account to passwd, while I log in with my domain admin account. So id, ls -l etc. all look fine (admin admin), but nothing works, cause it is the false admin account (the false SID). OK, you mention, that you only have local users and no domain users, but make sure, that cygwin thinks the same ;-) Ulrich. - VoCal web publishing GmbH \ \ / /__ / ___|__ _| | [EMAIL PROTECTED] \ \ / / _ \| | / _` | | http://www.vocalweb.de \ V / (_) | |__| (_| | | Tel: (++49) 203-306-1560 \_/ \___/ \\__,_|_| Fax: (++49) 203-306-1561 web publishing -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: cygwin opensshd on .net enterprise server
Ulrich Voss wrote: I'll second everything Printis said and in addition please check, if you have the correct user-id in your passwd and group. On my W2K cygwin inserted (only) my local admin account to passwd, while I log in with my domain admin account. So id, ls -l etc. all look fine (admin admin), but nothing works, cause it is the false admin account (the false SID). OK, you mention, that you only have local users and no domain users, but make sure, that cygwin thinks the same ;-) I have deleted regenerated both the passwd group files a couple of times while playing around with various edits. It is easy to misconfigure them so that logging in via ssh fails, but when they are fresh generated via mkpasswd mkgroup the ssh login succeeds as recorded in the event log, then the connection is immediately dropped. I assume that is because bash or sh also immediately exit when run from a command line under that user. When I run id under anything except the system account it hangs at 100% cpu. It also makes no difference when I set the account policies for the user to 'act as system', 'adjust memory quotoas', 'replace process token'. I didn't have any problems at all with the W2k install. This all happened when I moved to .net server. So far I haven't seen anyone acknowledge that they have cygwin working under .net server, so I don't know if the problem is local to my system, or something that MS has changed in account handling due to their recent 'focus on security'. I did receive a suggestion to run strace, and I have the output of that for anyone that would care to look at it. (It doesn't seem like a good idea to send that to an open list in general, and it is also fairly long.) Short version below: Tony C:\cygroot\binstrace bash --login -i ** Program name: C:\cygroot\bin\bash.exe (3776) App version: 1003.9, api: 0.51 DLL version: 1003.10, api: 0.51 DLL build:2002-02-25 11:14 OS version: Windows NT-5.1 Date/Time:2002-05-17 10:30:09 ** 19943642 [main] bash 3776 environ_init: 0xA010420: !C:=C:\cygroot\bin ... ... ... 10233 1949651 [main] bash 3776 fhandler_console::output_tcsetattr: 0 = tcsetattr (,C50018) (ENABLE FLAGS 3) (lflag 107 oflag 9) 9971 1959622 [main] bash 3776 dtable::init_std_file_from_handle: fd 2, handle 0 xB 9747 1969369 [main] bash 3776 dll_list::init: here 5115 1974484 [main] bash 3776 dll_crt0_1: user_data-main 0x401208 C:\cygroot\bin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: cygwin opensshd on .net enterprise server
That is what I was saying, there are cases where mkpasswd and mkgroup do not create clean files, primarily on Domain Controllers. You need to verify them manually. On Fri, 17 May 2002, Tony Hain wrote: Ulrich Voss wrote: I'll second everything Printis said and in addition please check, if you have the correct user-id in your passwd and group. On my W2K cygwin inserted (only) my local admin account to passwd, while I log in with my domain admin account. So id, ls -l etc. all look fine (admin admin), but nothing works, cause it is the false admin account (the false SID). OK, you mention, that you only have local users and no domain users, but make sure, that cygwin thinks the same ;-) I have deleted regenerated both the passwd group files a couple of times while playing around with various edits. It is easy to misconfigure them so that logging in via ssh fails, but when they are fresh generated via mkpasswd mkgroup the ssh login succeeds as recorded in the event log, then the connection is immediately dropped. I assume that is because bash or sh also immediately exit when run from a command line under that user. When I run id under anything except the system account it hangs at 100% cpu. It also makes no difference when I set the account policies for the user to 'act as system', 'adjust memory quotoas', 'replace process token'. I didn't have any problems at all with the W2k install. This all happened when I moved to .net server. So far I haven't seen anyone acknowledge that they have cygwin working under .net server, so I don't know if the problem is local to my system, or something that MS has changed in account handling due to their recent 'focus on security'. I did receive a suggestion to run strace, and I have the output of that for anyone that would care to look at it. (It doesn't seem like a good idea to send that to an open list in general, and it is also fairly long.) Short version below: Tony C:\cygroot\binstrace bash --login -i ** Program name: C:\cygroot\bin\bash.exe (3776) App version: 1003.9, api: 0.51 DLL version: 1003.10, api: 0.51 DLL build:2002-02-25 11:14 OS version: Windows NT-5.1 Date/Time:2002-05-17 10:30:09 ** 19943642 [main] bash 3776 environ_init: 0xA010420: !C:=C:\cygroot\bin ... ... ... 10233 1949651 [main] bash 3776 fhandler_console::output_tcsetattr: 0 = tcsetattr (,C50018) (ENABLE FLAGS 3) (lflag 107 oflag 9) 9971 1959622 [main] bash 3776 dtable::init_std_file_from_handle: fd 2, handle 0 xB 9747 1969369 [main] bash 3776 dll_list::init: here 5115 1974484 [main] bash 3776 dll_crt0_1: user_data-main 0x401208 C:\cygroot\bin -- Prentis Brooks | [EMAIL PROTECTED] | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: cygwin opensshd on .net enterprise server
0.9.6c-3 pcre3.7-1 popt1.6.2-1 readline4.2a-1 sed 3.02-1 sh-utils2.0-2 tar 1.13.19-1 tcltk 20001125-1 termcap 20020403-1 terminfo5.2-2 textutils 2.0.21-1 w32api 1.3-2 which 1.5-1 zlib1.1.4-1 Use -h to see help about each section C:\ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Prentis Brooks Sent: Friday, May 17, 2002 11:02 AM To: Tony Hain Cc: Ulrich Voss; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: cygwin opensshd on .net enterprise server That is what I was saying, there are cases where mkpasswd and mkgroup do not create clean files, primarily on Domain Controllers. You need to verify them manually. On Fri, 17 May 2002, Tony Hain wrote: Ulrich Voss wrote: I'll second everything Printis said and in addition please check, if you have the correct user-id in your passwd and group. On my W2K cygwin inserted (only) my local admin account to passwd, while I log in with my domain admin account. So id, ls -l etc. all look fine (admin admin), but nothing works, cause it is the false admin account (the false SID). OK, you mention, that you only have local users and no domain users, but make sure, that cygwin thinks the same ;-) I have deleted regenerated both the passwd group files a couple of times while playing around with various edits. It is easy to misconfigure them so that logging in via ssh fails, but when they are fresh generated via mkpasswd mkgroup the ssh login succeeds as recorded in the event log, then the connection is immediately dropped. I assume that is because bash or sh also immediately exit when run from a command line under that user. When I run id under anything except the system account it hangs at 100% cpu. It also makes no difference when I set the account policies for the user to 'act as system', 'adjust memory quotoas', 'replace process token'. I didn't have any problems at all with the W2k install. This all happened when I moved to .net server. So far I haven't seen anyone acknowledge that they have cygwin working under .net server, so I don't know if the problem is local to my system, or something that MS has changed in account handling due to their recent 'focus on security'. I did receive a suggestion to run strace, and I have the output of that for anyone that would care to look at it. (It doesn't seem like a good idea to send that to an open list in general, and it is also fairly long.) Short version below: Tony C:\cygroot\binstrace bash --login -i ** Program name: C:\cygroot\bin\bash.exe (3776) App version: 1003.9, api: 0.51 DLL version: 1003.10, api: 0.51 DLL build:2002-02-25 11:14 OS version: Windows NT-5.1 Date/Time:2002-05-17 10:30:09 ** 19943642 [main] bash 3776 environ_init: 0xA010420: !C:=C:\cygroot\bin ... ... ... 10233 1949651 [main] bash 3776 fhandler_console::output_tcsetattr: 0 = tcsetattr (,C50018) (ENABLE FLAGS 3) (lflag 107 oflag 9) 9971 1959622 [main] bash 3776 dtable::init_std_file_from_handle: fd 2, handle 0 xB 9747 1969369 [main] bash 3776 dll_list::init: here 5115 1974484 [main] bash 3776 dll_crt0_1: user_data-main 0x401208 C:\cygroot\bin -- Prentis Brooks| [EMAIL PROTECTED] | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
SSHD under SYSTEM account (was: Re: cygwin opensshd on .net enterprise server)
Inc) schrieb: I did copy him on the original note so he would be aware of the issue, but at this point I have completely removed his version (including deleting registry keys) and installed the cygwin environment. It appears that all of cygwin works when run in a system owned command window, but nothing works from an administrator account. Can you please acknowledge whether or not you read openssh*.README so that we know whether you've missed the obvious user rights settings necessary for the administrator account? I read it and still have similar problems and there is this: The system account does of course own that user rights by default. That means SYSTEM is ok and it is the default if I let the ssh-host-config do the service setup. So I expect no problems here. More: Unfortunately, if you choose that way, you can only logon with NT password authentification and you should change /etc/sshd_config to contain the following: PasswordAuthentication yes RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication no Wow this is like a hammer. That means I cannot use PublicKey Authentication? If I cannot use public key authentication, the whole benefit (besides transfering passwords encrypted) is futsch... If I let them try to guess my password several days there will be at least one intruder every month... Is this true that PublicKey auth isn't working? (I cannot believe it). Gerrit -- =^..^= -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSHD under SYSTEM account (was: Re: cygwin opensshd on .net enterprise server)
Larry, Can you please acknowledge whether or not you read openssh*.README so that we know whether you've missed the obvious user rights settings necessary for the administrator account? I read it and still have similar problems and there is this: I'm glad you read it Gerrit and would've expected as much from you. I was enquiring this specifically of Tony, since it's not clear what he's tried and how much he has researched the issue. The system account does of course own that user rights by default. That means SYSTEM is ok and it is the default if I let the ssh-host-config do the service setup. So I expect no problems here. More: Unfortunately, if you choose that way, you can only logon with NT password authentification and you should change /etc/sshd_config to contain the following: PasswordAuthentication yes RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication no Wow this is like a hammer. That means I cannot use PublicKey Authentication? If I cannot use public key authentication, the whole benefit (besides transfering passwords encrypted) is futsch... If I let them try to guess my password several days there will be at least one intruder every month... Is this true that PublicKey auth isn't working? (I cannot believe it). I think you missed the next statement in the file: However you can login to the user which has started sshd with RSA authentication anyway. If you want that, change the RSA authentication setting back to yes: RSAAuthentication yes But if that user is SYSTEM, then this is little consolation. I can't speak to any specifics but I can say that I agree with your interpretation of the prose, minus the one caveat above. Perhaps you'll want to try playing with this and debugging it to see if there's a solution for it that meets your needs. I am debugging this about two weeks now, every day an hour or so. I want to use DSA SSH2 and it works. But when I changed back the sshd_config to 'RSAAuthentication yes' because a collegue wants to use RSA (he just has RSA keys the poor man), it stops working. Strange is that I can login at our Linux box and even with the same config settings at the Linux and my NT server (where it is working if I disable RSA) I cannot login using PublicKey Auth. I will try to find a solution some more days and if there is a way to use PublicKey Auth with RSA SSH1 and DSA SSH2 enabled and PasswordAuthentication no I will find it;) Gerrit -- =^..^= -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: SSHD under SYSTEM account (was: Re: cygwin opensshd on .net enterprise server)
On Thu, May 16, 2002 at 08:10:03PM +0200, Gerrit P. Haase wrote: I will try to find a solution some more days and if there is a way to use PublicKey Auth with RSA SSH1 and DSA SSH2 enabled and PasswordAuthentication no I will find it;) I like that determination! :-) cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: cygwin opensshd on .net enterprise server
Larry Hall wrote: I did copy him on the original note so he would be aware of the issue, but at this point I have completely removed his version (including deleting registry keys) and installed the cygwin environment. It appears that all of cygwin works when run in a system owned command window, but nothing works from an administrator account. Can you please acknowledge whether or not you read openssh*.README so that we know whether you've missed the obvious user rights settings necessary for the administrator account? Yes I read it, along with everything else in /usr/doc/cygwin, /usr/doc/openssh, and http://www.openssh.org/faq.html. I am not having any problem getting sshd to run as a service, that is using the system account as expected. Actually sshd is the only thing in the install that is working as expected. As I have said a couple of times now, I can't get a basic shell to work except from a system owned window. This has nothing to do with ssh. The closest comment I see is in login.README: For usage with NT/W2K security, `login' is patched to allow login of domain users. Setting CYGWIN=ntsec is mandatory for that feature. I am not using a domain, and setting CYGWIN to null or ntsec makes no difference. Again, does anyone have cygwin working on .net server, and if so was there anything unique about the configuration? If people have it working without incident, obviously I have something wrong with my install, or possibly something carries over in a W2k upgrade that isn't there in a fresh install. The way this is acting I suspect there is a change to the way MS handles rights and permissions because I have a simple member-server configured in a workgroup. There is nothing special about the accounts because they are all local. Tony If it makes any difference I last installed from: ftp%3a%2f%2fftp.nas.nasa.gov%2fmirrors%2fcygwin.com%2fpub%2fcygwin at 19:10 pdt on 5/14. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: cygwin opensshd on .net enterprise server
Ok, The setgid is a none error to me. This happens when the passwd files are not built properly. Not your fault, some interesting Windows installations give mkpasswd and mkgroup headaches, particularly on Domain Controllers. If you check your /etc/passwd and /etc/group, you will find one of the following: 1) You have duplicate entries in /etc/passwd for the user you are trying to login as 2) You will find that the GID of your user in /etc/passwd does not exist in /etc/group (most likely for the setgid error). Check your /etc/passwd and /etc/group files, make sure that your Primary NT group is in the /etc/group file and that it has the correct GID. In some cases I saw mkgroup create a Domain group as GID 513 and /etc/passwd would use 10513 (I only saw this on a domain controller where this is both a local and a domain group) or vice versa. I think it was the other way when I saw it. In short, fix your /etc/passwd and /etc/group so that they match and your problem should be corrected. On Wed, 15 May 2002, Tony Hain wrote: I am looking for any clues on how to make cygwin opensshd work on a .net enterprise server, and found nothing in the mail archive. I had been running Mark's opensshd specific environment on W2k server without trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I thought I would try the full cygwin. That is failing in the same way, so after a couple of days experimenting I am stuck. With the intent of sending Mark a trace, I followed his instructions for debugging by using a scheduled task to get a system account command window (if it is of any use, I have put a copy of the debug trace at the end). What I found in the process is that there appears to be some permissions related problem, because I get logged in as any valid user over the ssh channel, but that immediately exits. Trying to figure that out I found that the only process/user that can run the shell is the system account. When I run sh, bash, or the cygwin.bat from any other account it just exits, but they appear to work fine in the system initiated command window. This is also true of many of the exe's in /bin, although some of them just hang with 100% cpu for the non-system user. One thing I found in the process is that the old passwd file is useless. The only way I could log in using ssh with either Mark's sshd subset, or the full cygwin was to use the mkpasswd mkgroup process to build those files from scratch with the NT UIDs. What the log showed before I did that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.' Simply changing that got me to the point of 'password accepted', but until the shell runs for all accounts, that does no good. I tried setting bash to W2k compatibility mode (actually all modes), and turning off the 'protect my computer from unauthorized activity' checkbox in the run as ... option, but those made no difference. I also tried setting the file owner for the entire subdirectory tree to system, again no difference. cygrunsrv.exe and sshd.exe are running as system, but it appears they end up running the shell in user space. Any clues what to try next??? Tony C:\Program Files\NetworkSimplicity\sshsshd -d -d -d -f sshd_config debug1: sshd version OpenSSH_3.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 87 on 0.0.0.0. Server listening on 0.0.0.0 port 87. debug1: Server will not fork when running in debugging mode. Connection from 192.168.123.34 port 4354 debug1: Client protocol version 1.99; client software version 3.0.0 SSH Secure S hell for Windows debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2:
Re: SSHD under SYSTEM account (was: Re: cygwin opensshd on .net enterprise server)
Prentis schrieb: I think these docs are out of date. this is fixed now, since I am doing it. Ok. PublicKey is working, I figured out to set it up with PublicKey Auth only and using my DSA key and only allowed protocol was SSH2. I know that and that is the reason why I'm still trying to figure out how to use both (RSA DSA over pubkey auth). As I added 'RSAAuthentication yes' to the config it stops working and I don't understand why. My collegue has just some RSA keys and was angry if I asked him to get some DSA keys too, so I tried to use both, SSH1 SSH2 and RSA DSA with no passwords, only pubkey. It seems to be tricky... Well we have options, I could make some RSA keys and we would both use RSA or he makes some DSA keys. But now I have tasted blood (we say in Germany: Blut geleckt...), I want to use both with our existing keys just like we do at a Linux box we are both accessing where it works well. On Thu, 16 May 2002, Gerrit P. Haase wrote: Inc) schrieb: I did copy him on the original note so he would be aware of the issue, but at this point I have completely removed his version (including deleting registry keys) and installed the cygwin environment. It appears that all of cygwin works when run in a system owned command window, but nothing works from an administrator account. Can you please acknowledge whether or not you read openssh*.README so that we know whether you've missed the obvious user rights settings necessary for the administrator account? I read it and still have similar problems and there is this: The system account does of course own that user rights by default. That means SYSTEM is ok and it is the default if I let the ssh-host-config do the service setup. So I expect no problems here. More: Unfortunately, if you choose that way, you can only logon with NT password authentification and you should change /etc/sshd_config to contain the following: PasswordAuthentication yes RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication no Wow this is like a hammer. That means I cannot use PublicKey Authentication? If I cannot use public key authentication, the whole benefit (besides transfering passwords encrypted) is futsch... If I let them try to guess my password several days there will be at least one intruder every month... Is this true that PublicKey auth isn't working? (I cannot believe it). Gerrit -- =^..^= -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: cygwin opensshd on .net enterprise server
Ok, I typed too fast... none is supposed to be known... sorry On Thu, 16 May 2002, Prentis Brooks wrote: Ok, The setgid is a none error to me. This happens when the passwd files are not built properly. Not your fault, some interesting Windows installations give mkpasswd and mkgroup headaches, particularly on Domain Controllers. If you check your /etc/passwd and /etc/group, you will find one of the following: 1) You have duplicate entries in /etc/passwd for the user you are trying to login as 2) You will find that the GID of your user in /etc/passwd does not exist in /etc/group (most likely for the setgid error). Check your /etc/passwd and /etc/group files, make sure that your Primary NT group is in the /etc/group file and that it has the correct GID. In some cases I saw mkgroup create a Domain group as GID 513 and /etc/passwd would use 10513 (I only saw this on a domain controller where this is both a local and a domain group) or vice versa. I think it was the other way when I saw it. In short, fix your /etc/passwd and /etc/group so that they match and your problem should be corrected. On Wed, 15 May 2002, Tony Hain wrote: I am looking for any clues on how to make cygwin opensshd work on a .net enterprise server, and found nothing in the mail archive. I had been running Mark's opensshd specific environment on W2k server without trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I thought I would try the full cygwin. That is failing in the same way, so after a couple of days experimenting I am stuck. With the intent of sending Mark a trace, I followed his instructions for debugging by using a scheduled task to get a system account command window (if it is of any use, I have put a copy of the debug trace at the end). What I found in the process is that there appears to be some permissions related problem, because I get logged in as any valid user over the ssh channel, but that immediately exits. Trying to figure that out I found that the only process/user that can run the shell is the system account. When I run sh, bash, or the cygwin.bat from any other account it just exits, but they appear to work fine in the system initiated command window. This is also true of many of the exe's in /bin, although some of them just hang with 100% cpu for the non-system user. One thing I found in the process is that the old passwd file is useless. The only way I could log in using ssh with either Mark's sshd subset, or the full cygwin was to use the mkpasswd mkgroup process to build those files from scratch with the NT UIDs. What the log showed before I did that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.' Simply changing that got me to the point of 'password accepted', but until the shell runs for all accounts, that does no good. I tried setting bash to W2k compatibility mode (actually all modes), and turning off the 'protect my computer from unauthorized activity' checkbox in the run as ... option, but those made no difference. I also tried setting the file owner for the entire subdirectory tree to system, again no difference. cygrunsrv.exe and sshd.exe are running as system, but it appears they end up running the shell in user space. Any clues what to try next??? Tony C:\Program Files\NetworkSimplicity\sshsshd -d -d -d -f sshd_config debug1: sshd version OpenSSH_3.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 87 on 0.0.0.0. Server listening on 0.0.0.0 port 87. debug1: Server will not fork when running in debugging mode. Connection from 192.168.123.34 port 4354 debug1: Client protocol version 1.99; client software version 3.0.0 SSH Secure S hell for Windows debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2:
Re: SSHD under SYSTEM account (was: Re: cygwin opensshd on .net enterprise server)
On Thu, May 16, 2002 at 08:10:03PM +0200, Gerrit P. Haase wrote: I am debugging this about two weeks now, every day an hour or so. I want to use DSA SSH2 and it works. But when I changed back the sshd_config to 'RSAAuthentication yes' because a collegue wants to use RSA (he just has RSA keys the poor man), it stops working. Strange is that I can login at our Linux box and even with the same config settings at the Linux and my NT server (where it is working if I disable RSA) I cannot login using PublicKey Auth. I will try to find a solution some more days and if there is a way to use PublicKey Auth with RSA SSH1 and DSA SSH2 enabled and PasswordAuthentication no I will find it;) Am I wrong or didn't you read my message, answering to your problems: http://cygwin.com/ml/cygwin/2002-05/msg00836.html Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: cygwin opensshd on .net enterprise server
On Wed, May 15, 2002 at 12:30:26PM -0700, Tony Hain wrote: I am looking for any clues on how to make cygwin opensshd work on a .net enterprise server, and found nothing in the mail archive. I had been running Mark's opensshd specific environment on W2k server without trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I thought I would try the full cygwin. That is failing in the same way, so after a couple of days experimenting I am stuck. With the intent of sending Mark a trace, I followed his instructions for debugging by using a scheduled task to get a system account command window (if it is of any use, I have put a copy of the debug trace at the end). What I found in the process is that there appears to be some permissions related problem, because I get logged in as any valid user over the ssh channel, but that immediately exits. Trying to figure that out I found that the only process/user that can run the shell is the system account. When I run sh, bash, or the cygwin.bat from any other account it just exits, but they appear to work fine in the system initiated command window. This is also true of many of the exe's in /bin, although some of them just hang with 100% cpu for the non-system user. One thing I found in the process is that the old passwd file is useless. The only way I could log in using ssh with either Mark's sshd subset, or the full cygwin was to use the mkpasswd mkgroup process to build those files from scratch with the NT UIDs. What the log showed before I did that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.' Simply changing that got me to the point of 'password accepted', but until the shell runs for all accounts, that does no good. I tried setting bash to W2k compatibility mode (actually all modes), and turning off the 'protect my computer from unauthorized activity' checkbox in the run as ... option, but those made no difference. I also tried setting the file owner for the entire subdirectory tree to system, again no difference. cygrunsrv.exe and sshd.exe are running as system, but it appears they end up running the shell in user space. Any clues what to try next??? Why don't you ask Mark? cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: cygwin opensshd on .net enterprise server
Christopher Faylor wrote: I am looking for any clues on how to make cygwin opensshd work on a .net enterprise server, and found nothing in the mail archive. I had been running Mark's opensshd specific environment on W2k server without trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I thought I would try the full cygwin. That is failing in the same way, so after a couple of days experimenting I am stuck. ... snip Any clues what to try next??? Why don't you ask Mark? cgf I did copy him on the original note so he would be aware of the issue, but at this point I have completely removed his version (including deleting registry keys) and installed the cygwin environment. It appears that all of cygwin works when run in a system owned command window, but nothing works from an administrator account. Does anyone have it working on .net server, and if so was there anything unique about the configuration? I see there are lots of comments about setup being fixed and postinstall not working, could there be a coorelation with what appear to be privlidge issues and the version I used: setup-timestamp: 1021345807 setup-version: 2.218.2.4 ? Tony -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
