This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: SSHD without password permission denied


Hi Prentis

Thank you for you answer. Well I checked those settings, but without
success.
I am not very familar with SSH and I tried to solve my problems with the SSH
book from o'reilly. 500 pages hugh. I thought it is easy.

Here is actually what I wanted to do:

We have a UNIX box, I call it U2. All our homedirs are located on this box.
The other machine we have is a W2K box, I call it w2k.
The cygwin env. is setup to use \\u2\homedirname as the users homedirectory.

U2 trusts the w2k domain for authentication needed by samba.

On U2 we have some scripts running which should start some other scripts on
w2k.
So, for that I thought I can use SSH to have also some security.

What I like to do is, that I can do as normal user ssh from w2k to u2
without sending the password.

I tried several things, but allways ssh complained about either the
permissions in the users homedir (samba mounted) or then I have problems
with the host keys. (no idea why)

Has anybody an idea how to solve this problem. Tell me if I should attach my
sshd_config files or logs.

Best regards,
Anatol



----- Original Message -----
From: "Prentis Brooks" <prentis@aol.net>
To: "Anatol Studler" <studler@ise.ch>
Cc: <cygwin@cygwin.com>; "Andreas Bischoff" <bischoff@ise.ch>
Sent: Monday, August 27, 2001 2:04 PM
Subject: Re: SSHD without password permission denied


> Your problem is most likely an invalid key.  You need to make sure that
the
> host key is on a single line in the ssh_known_hosts file and that there
aren't
> any extraneous characters.  I don't know if the cygwin port of sshd cares
about
> ^M's or not, but it is never a bad idea to remove them.  Most likely, you
have
> a carriage return inside the antares host key.
>
>
> On Mon, 27 Aug 2001, Anatol Studler wrote:
>
> > Hi
> >
> > I installed the latest cygwin (1.3.2) downloaded @ 27.8.2001 an windows
2000
> > server sp2.
> >
> > I did:
> >
> > modified the system variable "CYGWIN=ntea ntsec title strip_title"
> > mkpasswd -d > /etc/passwd
> > mkgroup  -d > /etc/group
> > iu-config (for telnet)
> > inetd --install-as-service
> > ssh-host-config (configured sshd as service and with option "ntsec tty")
> >
> > After that sshd was running fine as a service with the default settings.
> > After changing the settings to our needs:
> >
> > IgnoreRhosts no
> > StrictModes yes
> > RhostsAuthentication yes
> > RhostsRSAAuthentication yes
> > RSAAuthentication yes
> > PasswordAuthentication no
> >
> >
> > modified /etc/hosts.equiv
> > added host antares /etc/ssh_known_hosts (copied ssh_know_hosts from
another
> > host)
> >
> > I got a PERMISSION DENIED.
> >
> > Here is the sshd log:
> >
> > --------------------------
> > $ /usr/sbin/sshd -d
> > debug1: Seeding random number generator
> > debug1: sshd version OpenSSH_2.9p2
> > debug1: private host key: #0 type 0 RSA1
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #1 type 1 RSA
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #2 type 2 DSA
> > debug1: Bind to port 22 on 192.168.90.153.
> > Server listening on 192.168.90.153 port 22.
> > Generating 768 bit RSA key.
> > RSA key generation complete.
> > debug1: Server will not fork when running in debugging mode.
> > Connection from 192.168.90.43 port 33271
> > debug1: Client protocol version 1.5; client software version
OpenSSH_2.9p1
> > debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
> > debug1: Local version string SSH-1.99-OpenSSH_2.9p2
> > debug1: Rhosts Authentication disabled, originating port not trusted.
> > debug1: Sent 768 bit server key and 1024 bit host key.
> > debug1: Encryption type: 3des
> > debug1: Received session key; encryption turned on.
> > debug1: Installing crc compensation attack detector.
> > debug1: Attempting authentication for studler.
> > debug1: Trying rhosts with RSA host authentication for client user
studler
> > debug1: temporarily_use_uid: 11107/10513 (e=10500)
> > debug1: restore_uid
> > debug1: Rhosts RSA authentication: canonical host antares.ise.ch
> > debug1: temporarily_use_uid: 11107/10513 (e=10500)
> > debug1: restore_uid
> > debug1: Rhosts with RSA host authentication denied: unknown or invalid
host
> > key
> > Failed rhosts-rsa for studler from 192.168.90.43 port 33271 ruser
studler
> > debug1: temporarily_use_uid: 11107/10513 (e=10500)
> > debug1: restore_uid
> > Failed rsa for studler from 192.168.90.43 port 33271
> > Connection closed by 192.168.90.43
> > debug1: Calling cleanup 0x415ec4(0x0)
> > --------------------------
> >
> > What is the problem ? Wy do we get
> >
> > Rhosts Authentication disabled, originating port not trusted.
> >
> > Here is also the ssh client log:
> >
> > --------------------------
> > [antares] /home/admin/documentation/win2000 > ssh -v nt115t
> > OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug1: Seeding random number generator
> > debug1: Rhosts Authentication disabled, originating port will not be
> > trusted.
> > debug1: restore_uid
> > debug1: ssh_connect: getuid 20885 geteuid 0 anon 1
> > debug1: Connecting to nt115t [192.168.90.153] port 22.
> > debug1: temporarily_use_uid: 20885/100 (e=0)
> > debug1: restore_uid
> > debug1: temporarily_use_uid: 20885/100 (e=0)
> > debug1: restore_uid
> > debug1: Connection established.
> > debug1: read PEM private key done: type DSA
> > debug1: identity file /home/studler/.ssh/identity type 0
> > debug1: identity file /home/studler/.ssh/id_rsa type 1
> > debug1: identity file /home/studler/.ssh/id_dsa type 2
> > debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p2
> > debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
> > debug1: Local version string SSH-1.5-OpenSSH_2.9p1
> > debug1: Waiting for server public key.
> > debug1: Received server public key (768 bits) and host key (1024 bits).
> > debug1: Host 'nt115t' is known and matches the RSA1 host key.
> > debug1: Found key in /home/studler/.ssh/known_hosts:1
> > debug1: Encryption type: 3des
> > debug1: Sent encrypted session key.
> > debug1: Installing crc compensation attack detector.
> > debug1: Received encrypted confirmation.
> > debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> > debug1: Remote: Accepted for antares.ise.ch [192.168.90.43] by
> > /etc/hosts.equiv.
> > debug1: Remote: Your host key cannot be verified: unknown or invalid
host
> > key.
> > debug1: Server refused our rhosts authentication or host key.
> > debug1: Trying RSA authentication with key 'studler@NT115T'
> > debug1: Server refused our key.
> > Permission denied.
> > debug1: Calling cleanup 0x8064ea0(0x0)
> > --------------------------
> >
> > Thanks in advance for any help
> >
> > ./Anatol
> >
> >
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> >
>
> Prentis Brooks | prentis@aol.net | 703-265-0914 | AIM: PrentisB
> System Administrator - Web Infrastructure & Security
>
>        A knight is sworn to valor.  His heart knows only virtue.  His
blade
>        defends the helpless.  His word speaks only truth.  His wrath
undoes the
>        wicked. - the old code of Bowen, last of the dragonslayers
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]