This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: SSHD key based authentication hangs cscript


Hi All, 

Thanks for the suggestions. They look like exactly what we need as we will
only require this for one user to run 3 commands. Two of them already work
as intended, it's just the 3rd that seems to rely on this token.  

I have run into problems though, and it's most likely my ignorance. Is there
a document that explains the process of logging in as the user running the
service? I have attempted to login using the sshd_server user, but this
fails even after all the policies that deny it access in "Default Domain
Controller Security Policy" are removed. 

These are: 

> "Deny Access to this Computer from the network"	
> "Deny logon locally" 

These ones I left alone and then removed them when the above two didn't give
me results:

> "Replace a process level token" 
> "Create a token object"

This I figured was essential and never modified it. 

> "Log on as a service" 

I do understand some of this may compromise security, but at this stage I am
not concerned as this will run in a trusted and firewalled environment. 

I also can't run the service as administrator. Any attempts to change this
hang the service until the cygrunsrv process is killed. Any ideas on what I
am doing wrong? The administrator service is allowed to log on as a service
by default. 

What exactly is the prerequisite for logging into a cygwin sshd server on
the user side? I have found that any new accounts I add to our active
directory don't seem to appear in /etc/passwd? Should they? Also, it seems
that only administrator accounts created prior to the cygwin install are
allowed a login to the server. Is this normal?   

Thanks again for all your suggestions so far folks, 
Stuart 

-----Original Message-----
From: Igor Pechtchanski [mailto:pechtcha@cs.nyu.edu] 
Sent: Thursday, 5 May 2005 1:32 PM
To: Stuart Westbury
Cc: cygwin@cygwin.com
Subject: RE: SSHD key based authentication hangs cscript

On Thu, 5 May 2005, Stuart Westbury wrote:

> Thanks for the prompt response Corinna.
>
> At least I now know.
>
> Can anybody suggest a way of doing this? Can the runas service be used
> to gain a new token or will it suffer the same problem? I have attempted
> to use it, but the results were unusual. It prompted me for a password
> and just drops me back to the shell without the opportunity to even
> enter one.
>
> On a similar note, can anyone who may have had this issue suggest any
> alternative way to run remote commands on a windows box from linux with
> some form of transparent authentication, or am I dreaming? :)

Well, if you only ever log in as one user, you can run sshd as that
particular user (maybe on a special port if you need a regular sshd daemon
as well).  That way, even if public key auth is used, the token will be
valid.  See the --user option to cygrunsrv.

If you need multiple users to log in, you can try to get runas to prompt
you for a password properly, but that may be tricky.  Try playing with the
"tty" value in the CYGWIN variable (see
<http://cygwin.com/cygwin-ug-net/using-cygwinenv.html>).
HTH,
	Igor

> [snip]
>
> -----Original Message-----
> From: cygwin-owner@XXXXXX.XXX [mailto:cygwin-owner@XXXXXX.XXX] On Behalf
Of Corinna Vinschen
> Sent: Wednesday, 4 May 2005 7:03 PM
> To: cygwin@XXXXXX.XXX
> Subject: Re: SSHD key based authentication hangs cscript

Oh, and <http://cygwin.com/acronyms/#PCYMTNQREAIYR>.  Thanks.

> On May  4 11:15, Stuart Westbury wrote:
> > "There are actually two problems here: 1) a problem with CygWin/OpenSSH
> > (after  public  key  authentication  GetUserName()  returns  incorrect
> > value)..........."
> >
> > Is this my problem?
>
> No, that's our problem.  There's nothing we can do about it, I'm sorry.
> [snip]

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]