This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
I am trying to diagnose a pubkey authentication problem with cygwin 1.5.25 and openssh 5.1p1-10 on a specific machine. I have successfully setup and used this exact scenario on 21 other machines. I am only having a problem with this one specific machine. I have installed the latest openssh on the target machine. I setup sshd using the "ssh-host-config --yes" command. Because I want access to network resources, I then changed the account that sshd runs under from the generated "sshd" user to the "sa-prx-sshdsrvr" domain user. Again, I have successfully done this on 21 other machines. I set the LogLevel to DEBUG in /etc/sshd_config and started sshd using "net start sshd". If I try to login from another machine (apricot) without pubkey authentication, it works: apricot:~$ ssh -o PubkeyAuthentication=no 10.3.212.67 tschutter@10.3.212.67's password: Last login: Thu Jan 29 17:58:12 2009 from 10.3.212.64 $ When I try to connect using pubkey authentication, it fails: apricot:~$ ssh 10.3.212.67 Connection closed by 10.3.212.67 apricot:~$ While nothing is output to /var/log/sshd.log when it fails, we do see these items in the Event Viewer: sshd: PID 460: debug1: userauth-request for user tschutter service ssh-connection method publickey. sshd: PID 460: debug1: attempt 1 failures 0. sshd: PID 460: debug1: test whether pkalg/pkblob are acceptable. sshd: PID 2960: debug1: temporarily_use_uid: 18718/10513 (e=18846/10513). sshd: PID 2960: fatal: seteuid 18718: Permission denied. sshd: PID 2960: debug1: do_cleanup. We can see that account 18846 is the "sa-prx-sshdsrvr" domain user: $ grep 18846 /etc/passwd sa-prx-sshdsrvr:unused_by_nt/2000/xp:18846:10513:Service Account, Prx-SSHDSrvr,U-DATA\sa-prx-sshdsrvr,S-1-5-21-2555220796-769361577-1294736918-8846:/home/sa-prx-sshdsrvr:/bin/bash And that account 18718 is me: $ grep 18718 /etc/passwd tschutter:unused_by_nt/2000/xp:18718:10513:Schutter, Thomas A.,U-DATA\tschutter,S-1-5-21-2555220796-769361577-1294736918-8718:/cygdrive/c/tschutter:/bin/bash The "sa-prx-sshdsrvr" account that sshd runs under has the necessary privileges: $ editrights -l -u sa-prx-sshdsrvr SeCreateTokenPrivilege SeIncreaseQuotaPrivilege SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeServiceLogonRight The various files used by sshd have the correct ownership: $ ls -ld /etc/ssh* /var/empty /var/log/lastlog /var/log/sshd.log -rwxr-x--- 1 sa-prx-sshdsrvr Domain Users 1482 Jan 30 11:38 /etc/ssh_config -rw------- 1 sa-prx-sshdsrvr Domain Users 668 Jan 30 11:38 /etc/ssh_host_dsa_key -rw-r--r-- 1 sa-prx-sshdsrvr Domain Users 615 Jan 30 11:38 /etc/ssh_host_dsa_key.pub -rw------- 1 sa-prx-sshdsrvr Domain Users 988 Jan 30 11:38 /etc/ssh_host_key -rw-r--r-- 1 sa-prx-sshdsrvr Domain Users 652 Jan 30 11:38 /etc/ssh_host_key.pub -rw------- 1 sa-prx-sshdsrvr Domain Users 1671 Jan 30 11:38 /etc/ssh_host_rsa_key -rw-r--r-- 1 sa-prx-sshdsrvr Domain Users 407 Jan 30 11:38 /etc/ssh_host_rsa_key.pub -rw-r--r-- 1 sa-prx-sshdsrvr Domain Users 3273 Jan 30 14:17 /etc/sshd_config drwxr-xr-x+ 2 sa-prx-sshdsrvr Administrators 0 Jan 28 18:07 /var/empty -rw-r--r-- 1 sa-prx-sshdsrvr Administrators 5166444 Jan 29 17:58 /var/log/lastlog -rw-r--r-- 1 sa-prx-sshdsrvr Domain Users 0 Jan 30 14:17 /var/log/sshd.log So where do I go from here? What other steps can I take to diagnose this problem? I have tried reinstalling ssh and rerunning ssh-host-config. I realize that cygwin 1.7 would probably make this problem go away, but I am not ready to make the leap yet. Thanks, -- Tom Schutter First American - Proxix Solutions 303-440-7272 x6822 512-977-6822
Attachment:
cygcheck.out
Description: Text document
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |