This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh: Permission denied


Thank you Corinna & Larry:
the reason why I use AdminCCRD instead of SYSTEM is that I encoutered
access problems with SYSTEM:
- when logging in via ssh I couldn't access some network drives
- whereas I could when logging in interactively or when running sshd with
AdminCCRD account.

Attachments:
- cygcheckadm.out: generated with sshd using AdminCCRD account
- cygchecksys.out: generated with sshd using SYSTEM account
- cygcheckwin.out: generated from interactive Windows login
In all cases I was logged on as "lehnfr". cygcheckwin.out and
cygcheckadm.out are pretty close, but a diff to cygchecksys.out shows the
problem:

< f:  net NTFS   167654Mb  54% CP CS UN PA FC     New Volume
< g:  net NTFS   167654Mb  54% CP CS UN PA FC     New Volume
< h:  net NTFS   26693Mb  89% CP CS UN PA FC
< i:  net NTFS   167654Mb  54% CP CS UN PA FC     New Volume
< m:  net NTFS   15351Mb  74% CP CS UN PA FC     R&D-Software1
< p:  net NTFS   167654Mb  54% CP CS UN PA FC     New Volume
< q:  net NTFS   17359Mb  30% CP CS UN PA FC     R&D-Software2
---
> f:  net        167654Mb  54%
> g:  net        167654Mb  54%
> h:  net          N/A    N/A
> i:  net        167654Mb  54%
> m:  net          N/A    N/A
> p:  net        167654Mb  54%
> q:  net          N/A    N/A


(See attached file: passwd)(See attached file: group)(See attached file:
cygcheckwin.out)(See attached file: cygchecksys.out)(See attached file:
cygcheckadm.out)






|---------+--------------------------->
|         |           Larry Hall      |
|         |           <cygwin-lh@cygwi|
|         |           n.com>          |
|         |           Sent by:        |
|         |           cygwin-owner@cyg|
|         |           win.com         |
|         |                           |
|         |                           |
|         |           20.11.2003 16:25|
|         |           Please respond  |
|         |           to Cygwin List  |
|         |                           |
|---------+--------------------------->
  >-----------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                       |
  |        To:      friedrich_lehn@ch.schindler.com, Cygwin List <cygwin@cygwin.com>                                      |
  |        cc:                                                                                                            |
  |        Subject: Re: ssh: Permission denied                                                                            |
  >-----------------------------------------------------------------------------------------------------------------------|




If AdminCCRD is really an account created to run sshd and has been properly
privileged to allow switching users, then this is really not a good account
to log into with ssh.  Why not use a "regular" account without all these
security risks?

I guess I'm not communicating well, though I'm not sure how I can be more
clear.  You need to provide background details of your installation at
least.  Just knowing what happens and a few log statements isn't enough
in this case.  That's why I've been pointing you to
<http://cygwin.com/problems.html>.  It explains how this list works, how
one should present a problem to the list, and some real specifics of
required information that should be sent (i.e. cygcheck output) that should
be sent with any inquiry.  I've been pointing to save me from
regurgitating what's there and sparing others that read this list from a
rehash of these details.  Have you read this page?  If not, please do so
and process it.

I think you're going to want to install a version of sshd in debug mode as
well.  That will dump allot of info to the sshd.log file, which should help
you out (which is the reason I suggested it ;-) ).  If this doesn't clarify

the issue for you, you should make sure you provide the sshd log file, your

/etc/passwd and /etc/group files, and your cygcheck output with whatever
other pertinent information is necessary when you post to the list for help

on this issue.  It may be an obvious problem but the information provided
so
far doesn't show it.

Larry


At 03:02 AM 11/20/2003, friedrich_lehn@ch.schindler.com you wrote:
>Sorry, my info was too sparse.
>Here is what I could find:
>
>/var/log/sshd.log: no entries on both sides
>
>Windows event log:
>The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The
>local computer may not have the necessary registry information or message
>DLL files to display messages from a remote computer. The following
>information is part of the event: sshd : PID 1884 : Failed password for
>AdminCCRD from 195.65.184.50 port 26978 ssh2.
>
>Strange thing is that the ip address doesn't match with both sides and I
>thought ssh uses port number 22 exclusively (at least that's what out
>network guys opened for me).
>AdminCCRD is a local account on crdw0157, does he try to access the domain
>server? How would I specify a local account then?
>
>AdminCCRD is also the account I configured for the sshd demon when setting
>up the Windows service. He has local admin rights.
>
>Here is the log from the client side:
>
>ssh crdw0157 -vvv -l AdminCCRD
>...
>debug1: Next authentication method: keyboard-interactive
>debug2: userauth_kbdint
>debug2: we sent a keyboard-interactive packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug3: userauth_kbdint: disable: no info_req_seen
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup password
>debug3: remaining preferred:
>debug3: authmethod_is_enabled password
>debug1: Next authentication method: password
>AdminCCRD@crdw0157's password:
>debug3: packet_send2: adding 48 (len 62 padlen 18 extra_pad 64)
>debug2: we sent a password packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>Permission denied, please try again.
>AdminCCRD@crdw0157's password:
>
>
>
>|---------+--------------------------->
>|         |           Larry Hall      |
>|         |           <cygwin-lh@cygwi|
>|         |           n.com>          |
>|         |                           |
>|         |           19.11.2003 19:49|
>|         |           Please respond  |
>|         |           to Cygwin List  |
>|         |                           |
>|---------+--------------------------->
>
>-----------------------------------------------------------------------------------------------------------------------|

>  |
|
>  |        To:      friedrich_lehn@ch.schindler.com, cygwin@cygwin.com
|
>  |        cc:
|
>  |        Subject: Re: ssh: Permission denied
|
>
>-----------------------------------------------------------------------------------------------------------------------|

>
>
>
>
>At 12:02 PM 11/19/2003, friedrich_lehn@ch.schindler.com you wrote:
>>I've installed ssh.
>>I managed to get passwordless access via RSA.
>>However, I didn't manage to get access via password authentication.
>>/etc/passwd seems to be OK, I tried different accounts (local, domain,
>>admin) for login and for the sshd service log on account - no success.
>>
>>TIA for any hints, Friedrich
>
>
>Since password authentication is generally far easier to configure (i.e.
>you generally get it "for free"), I'm going to have to direct you to
><http://cygwin.com/problems.html> with the added comment that you should
>think about what information might be necessary for someone else to see
>what your problem might be.  This process may even present the solution
>without the need for the repost.  I'd recommend that you scrutinize ssh
>and sshd debug output (from their respective debug modes) and log files
>too.
>
>Good luck,
>
>
>
>--
>Larry Hall                              http://www.rfk.com
>RFK Partners, Inc.                      (508) 893-9779 - RFK Office
>838 Washington Street                   (508) 893-9889 - FAX
>Holliston, MA 01746
>
>
>
>
>
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/




Attachment: passwd
Description: Binary data

Attachment: group
Description: Binary data

Attachment: cygcheckwin.out
Description: Binary data

Attachment: cygchecksys.out
Description: Binary data

Attachment: cygcheckadm.out
Description: Binary data

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]