This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sshd client can't access remote shares

From: Igor Peshansky <pechtcha at cs dot nyu dot edu>
To: Steve Briggs <zzybaloobah at yahoo dot com>
Cc: cygwin at cygwin dot com
Date: Sat, 21 Jan 2006 17:53:40 -0500 (EST)
Subject: Re: sshd client can't access remote shares
References: <20060121224410.92620.qmail@web53902.mail.yahoo.com>
Reply-to: cygwin at cygwin dot com

On Sat, 21 Jan 2006, Steve Briggs wrote:

> --- Igor Peshansky <pechtcha@XX.XXX.XXX> wrote:

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>.  Thanks.

> > On Fri, 20 Jan 2006, Steve Briggs wrote:
> > > I can't access network shares when I connect via sshd.
>
> > >   bash>cygrunsrv -I sshd -p /usr/sbin/sshd -A -d
> >                                              ^^^^^
> > I hope this is a typo (though your sshd output indicates that it isn't).
> > First off, the options should be "-a -D" (otherwise sshd will detach, and
> > won't be under cygrunsrv's control).  Also, the "-d" option will cause
> > sshd to exit after the first connection.
>
> The "-A" is a typo, should be "-a".

That's what I thought.

> I tried both the "-D" (normally used option) and also "-d" during
> testing to get the additional debugging info.

Right, just making sure.

> > >   bash>cygrunsrv -S sshd
> > > then login as Steve via sshd using password authentication
> > > (I have NOT set up authentication with keys), it says:
> > >   "debug1: permanently_set_uid 14896/544"
> > > It lets me login as Steve with my password, but
> > >   bash>"net use s: '\\rem_mach\rem_share'" immedidately gives:
> > >   "System error 1312 has occured."
> >
> > "net helpmsg 1312" shows that this error means that "A specified logon
> > session does not exist. It may already have been terminated."
> >
> > > This also happens with
> > >   bash>net use s: '\\rem_mach\rem_share' /user:Steve
> > > but
> > >   bash>net use s: '\\rem_mach\rem_share' '/user:FDE\Steve' mypassword
> > > works (seems to be the only combination that does work).
> > > It doesn't seem to matter if I ssh in from a remote machine or locally
> > > (bash>ssh localhost).
> >
> > You should also be able to issue a "net use s: '\\rem_mach\rem_share'
> > /user:Steve '*'", which will prompt you for a password.
>
> I tried that, it immediately responds with the 1312 error; does not
> prompt for a password (or if it does, it doesn't wait for a response...)

Probably the same issue that caused the original problem.

> BTW, if I login via ssh and try
> bash>cd //different_rem_mach/different_rem_share
> I get a "permission denied" error

Looks like ssh isn't creating the correct authentication token (even with
a password).  Corinna used to have a program for inspecting the created
tokens -- she might have you run it and report the results at some point.

> > > I thought that if I used password authentication with sshd, that the
> > > process had all the correct user tokens to access shares on the
> > > domain?
> >
> > This should be correct.
>
> > I wonder if this is related to the recent WindowStation changes in
> > Cygwin's fhandler_console...
> >
> > > I've attached the output of "cgycheck -svr".
> >
> > Which looks normal, BTW -- the only weird thing is that the userid for
> > "Steve" is 4896, not 14896 as you indicated in your /etc/passwd quote
> > above.
>
> Yes, let me explain.  For some odd reason, the mkpasswd script
> added 10000 to the Win RIDs of 4896/544 to generate a UID/GID of 14896/
> 10544 in the /etc/passwd file.

This is avoid UID clashes between domain users and local ones.

> When my ssh login problems started, I manually edited the passwd file to
> make the UID/GID 4896/544 to agree with the SID entry in /etc/passwd.
> I've tried both ways (UID=4896 and UID=14896, with reboots in between),
> the error is the same.
>
> I assume that as far as user authentication is concerned, it's the
> SID in /etc/passwd and the user-supplied password that matters, not
> the UNIX UID?

Your assumption is correct.  You don't even need to reboot when you change
the UID.  What threw me off was that your original /etc/passwd quote
contained the larger UID.

> > If you're willing to build Cygwin from CVS, try commenting out lines
> > 149-151 of fhandler_console.cc and see if that makes your problem go
> > away. That should tell us if my guess is correct and the WindowStation
> > changes were the culprit.
>
> Thanks, I may try that later in the week.

Good.  It's likely you'll have to debug it yourself, if other developers
can't reproduce your problem.  Good luck.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Re: sshd client can't access remote shares
  - From: Steve Briggs

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]