This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)

From: Patrick Aikens <paikens at gmail dot com>
To: cygwin at cygwin dot com
Date: Tue, 19 May 2009 12:55:14 -0400
Subject: Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
References: <4A0CEE5B.6060301@gmail.com> <4A10C051.3050401@gmail.com> <4A129310.9070502@gmail.com> <guu5d4$hgv$1@ger.gmane.org> <4A129D81.5010801@gmail.com>

I can log in using a password for any user who is a member of the
Administrators group. Many of the guides I've seen on installing
OpenSSH on windows (especially 2003 server) have you add new users to
the Admin group, so this seems to be a common necessity.  If this is a
known restriction?  If so, I'll go ahead and stick to allowing
key-based authentication only.

On Tue, May 19, 2009 at 7:52 AM, Patrick Aikens <paikens@gmail.com> wrote:
> Thorsten Kampe wrote:
>> * Patrick Aikens (Tue, 19 May 2009 07:08:00 -0400)
>>> Patrick Aikens wrote:
>>>> Patrick Aikens wrote:
>>>>> I've installed cygwin 1.5 on my WHS box as Administrator. I've
>>>>> opened a cygwin terminal and executed the mkpasswd -l > /etc/passwd
>>>>> and mkgroup -l > /etc/group commands, executed ssh-host-setup and
>>>>> used privilege separation, and everything seems to have executed
>>>>> OK. I can ssh to that machine as Administrator just fine using
>>>>> password auth. However, I can't ssh in as any other user on that
>>>>> machine using password authentication - I get told that the
>>>>> password is incorrect, which I know it isn't. I can use key-based
>>>>> auth to login as any user, so I do have a workaround, but I'm
>>>>> curious as to why no user but Administrator can use password auth
>>>>> to log in? I've logged in via remote desktop as the user I wish to
>>>>> SSH as and ran ssh-user-config as that user (that's how I got the
>>>>> key-based login working). I haven't done that as Administrator,
>>>>> though, and it still lets me log in just fine there.
>>>>>
>>>>> Sorry if this is a bit rambling, but I've been working on this
>>>>> problem for a while and it's getting late where I am...
>>>>> cygcheck.out is attached.
>>>> So, is this expected behavior then? Is it only possible to log in as
>>>> the user that installed the server using password authentication?
>>> Is 1.5 not supported anymore? I only see 1.7 questions getting
>>> answered, and nobody even tells me to get lost in 4 days... I
>>> apologize if I've violated some sort of mailing list rule with my ssh
>>> question, I thought I had fulfilled all the requirements of asking a
>>> question (including the cygcheck output), but it was late.
>>
>> I don't think cygcheck will help in this case. Run ssh with -v's and
>> sshd with -d's. Check the application eventlog and /var/log/...
>>
>> Thorsten
>>
>>
>> --
>> Unsubscribe info: ? ? ?http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports: ? ? ? http://cygwin.com/problems.html
>> Documentation: ? ? ? ? http://cygwin.com/docs.html
>> FAQ: ? ? ? ? ? ? ? ? ? http://cygwin.com/faq/
>>
>
>
> /var/log/sshd.log is empty
>
> Attached is output from ssh -v to the server from my desktop and output
> from 'ls -l /var/log' on the server... I'll try running sshd with -d as
> soon as I can and provide that output. ?It might be later, but maybe
> something will jump out at someone with only this data.
>
> Thanks for the reply... this being a home server, it's important to me
> that all the user accounts get ssh access. ?Up until now, I've only
> needed to set up single user ssh access to my home Windows machines.
>
> total 584
> -rw-r--r-- ?1 SYSTEM ? ? ? ?Administrators ? ? ?0 May 14 22:55 cygserver.log
> ----------+ 1 cyg_server ? ?Administrators 282348 May 19 07:42 lastlog
> -rw-r--r-- ?1 duckpuppy ? ? None ? ? ? ? ? ? ? ?0 May 19 ?2009 ls.txt
> ----rwx---+ 1 Administrator Users ? ? ? ? ? 20514 May 14 17:12 setup.log
> ----rwx---+ 1 Administrator Users ? ? ? ? ?440712 May 14 17:12 setup.log.full
> -rw-r--r-- ?1 cyg_server ? ?None ? ? ? ? ? ? ? ?0 May 14 17:24 sshd.log
>
> Script started on Tue May 19 07:40:05 2009
> ?[32;1m[~/.ssh]$ ?[0mssh -v speedforce
> OpenSSH_5.1p1, OpenSSL 0.9.8k 25 Mar 2009
> debug1: Reading configuration data /etc/ssh_config
>
> debug1: Connecting to speedforce [192.168.1.2] port 22.
>
> debug1: Connection established.
>
> debug1: identity file /home/DuckPuppy/.ssh/identity type -1
>
> debug1: identity file /home/DuckPuppy/.ssh/id_rsa type 1
>
> debug1: identity file /home/DuckPuppy/.ssh/id_dsa type 2
>
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
>
> debug1: match: OpenSSH_5.1 pat OpenSSH*
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_5.1
>
> debug1: SSH2_MSG_KEXINIT sent
>
> debug1: SSH2_MSG_KEXINIT received
>
> debug1: kex: server->client aes128-cbc hmac-md5 none
>
> debug1: kex: client->server aes128-cbc hmac-md5 none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug1: Host 'speedforce' is known and matches the RSA host key.
>
> debug1: Found key in /home/DuckPuppy/.ssh/known_hosts:4
>
> debug1: ssh_rsa_verify: signature correct
>
> debug1: SSH2_MSG_NEWKEYS sent
>
> debug1: expecting SSH2_MSG_NEWKEYS
>
> debug1: SSH2_MSG_NEWKEYS received
>
> debug1: SSH2_MSG_SERVICE_REQUEST sent
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> debug1: Next authentication method: publickey
>
> debug1: Trying private key: /home/DuckPuppy/.ssh/identity
>
> debug1: Offering public key: /home/DuckPuppy/.ssh/id_rsa
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
>
> debug1: Offering public key: /home/DuckPuppy/.ssh/id_dsa
>
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> debug1: Next authentication method: keyboard-interactive
>
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> debug1: Next authentication method: password
>
> DuckPuppy@speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> Permission denied, please try again.
>
> DuckPuppy@speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> Permission denied, please try again.
>
> DuckPuppy@speedforce's password:
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
>
> debug1: No more authentication methods to try.
>
> Permission denied (publickey,password,keyboard-interactive).
>
> ?[32;1m[~/.ssh]$ ?[0m
> ?[32;1m[~/.ssh]$ ?[0mexit
>
> Script done on Tue May 19 07:40:36 2009
>
>



-- 
SELECT * FROM users WHERE clue > 0

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Larry Hall (Cygwin)

References:
- [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Patrick Aikens
- Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Patrick Aikens
- Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Patrick Aikens
- Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Thorsten Kampe
- Re: [1.5] Problem with OpenSSH on Windows Home Server (Win2003)
  - From: Patrick Aikens

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]