This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[1.7] Use of SSH public/private keys requires administrator rights


Hello,

I seem to have found a bug with SSH under Cygwin 1.7 (beta).  Luckily
I also found a workaround as I was writing this email, which is near
the bottom.

I've installed Cygwin 1.7 yesterday using the normal setup.exe method
for all users on the system, and installing a few extra packages (gcc,
subversion, make, some other dev tools) including openssh.  I've run
"ssh-host-config" (using CYGWIN="ntsec tty", and answering all other
questions with yes) and "cygserver-config" to run both of these as
services, no other services have been started.

If I ssh from any other machine (including the Cygwin server) to the
Cygwin server, it will connect without any problems.  I can run a
command on the remote machine such as "ssh cygwin_machine hostname", I
can also use sftp, and rsync over ssh to transfer files.  This all
sounds good, and everything is working at this point.

However, if I setup SSH keys using ssh-keygen to allow ssh-ing without
passwords, I start to run into problems.  I can ssh from to the Cygwin
ssh server, but if I try to run the command "ssh cygwin_machine
hostname" or transfer files using rsync over ssh, it will raise an
error.  Sftp will simply close the connection immediately.

I already had an existing SSH public key, but this is how it was
created quite some time ago.
cd ~/.ssh
ssh-keygen -t dsa    (no pass phrases)
On Cygwin server:
copy id_dsa.pub from original host to ~/.ssh/authorized_keys on Cygwin machine
chmod 600 authorized_keys


Here are the errors I get when I try to login from a remote machine
(typically Linux) as the same user.  The account on the windows
machine is the default type of user, not an Administrator.

>From the command "ssh cygwin_machine hostname", error:
      7 [main] sshd 720 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114

>From the command "rsync -ave ssh localdir/ cygwin_machine:/tmp/remotedir"
      7 [main] sshd 768 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(434)

>From the command "sftp cygwin_machine":
Connecting to cygwin_machine...
Connection closed

The /var/log/sshd.log file is empty.  Cygcheck show OpenSSH is at
version 5.2p1-4, and Cygwin is at version 1.7.0-59, and all packages
are OK.

Here is the workaround:

As part of debugging this problem, I tried creating new ssh keys under
Cygwin for the Administrator user.  I then copied id_dsa.pub to
authorized_keys, which should allow password-less SSHing on localhost
(eg: the command "ssh localhost" won't require a password when run on
the Cygwin machine under the Administrator account).  Interestingly,
this worked without any of the errors above.

I then tried modifying the rights of the normal user I had been using,
changing them to be an administrator using the standard Windows "Users
and passwords" tool.  I also ran "mkpasswd -l > /etc/passwd" and
"mkgroup -l > /etc/group" to remake these files, just in case.
Suddenly ssh, sftp, and rsync over ssh are now working fine for this
user.

This was a pretty difficult problem to find.  I'm not sure if its a
bug or a feature, I'm guessing a bug.  Perhaps this workaround should
be added to the FAQ.

Cheers,
Chris

--
Chris LeBlanc
Claritas Development
GNS Science


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]