This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: 1.7.1: problem with public key authentication on domain accounts

From: Thomas Nisbach <nisbach at cityweb dot de>
To: cygwin at cygwin dot com
Date: Wed, 6 Jan 2010 20:31:09 +0000 (UTC)
Subject: Re: 1.7.1: problem with public key authentication on domain accounts
References: <18e742db1001041142j5322d164t2a83f2a3ef0138d4@mail.gmail.com> <loom.20100105T001743-66@post.gmane.org> <4B427F97.6030806@cygwin.com> <loom.20100106T132435-551@post.gmane.org> <4B44A50E.2010007@cygwin.com>

Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:

> 
> On 01/06/2010 07:35 AM, Andrew Ng wrote:
> > I've also been seeing problems with sshd (and inetd) since upgrading to 
1.7.1.
> >> From my investigations it does look to be something to do with launching 
via
> > cygrunsrv. If I manually start sshd then everything seems to work fine.
> 
> While this is an interesting data point, I want to reiterate that starting 
> 'sshd' in
> this way is unsupported by this list, which means if you have problems in the
> future with 'sshd', reports sent to this list about them are likely to fall 
on
> "deaf ears".  The configuration of 'sshd' under Cygwin is involved, which is 
why
> the process is automated by configuration scripts.  No one is forced to use
> these scripts but those that don't understand the complexities behind them
> shouldn't be ignoring them.  So please, do not take the report above as
> advice about how 'sshd' should be run under Cygwin.  If you do, you do so
> at your own peril.
> 
I'll be back and like to give you some more information about what I found. 
But first I have to clarify two things:
1. on my system I just use local accounts, not domain accounts (as at top of 
these thread)
2. I runned ssh-host-config with/without privilege separation and got 
different problems, described above

NOW THE INTERESTING FACTS I FOUND: 
* Configuring sshd via ssh-host-config, running under SYSTEM account, enables 
me to log in as SYSTEM with private key but logging in as any other user leads 
to the error message, described at top of this thread.

* Running 'sshd' under another user's account allow me to log in as this user, 
but now longer as SYSTEM

Therefore I conclude (but needs further investigation), that the problem is 
somewhere in fork/setuid.
Perhaps this problem does not raise if sshd is runned in an environment with 
another configuration - i try to find out.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: 1.7.1: problem with public key authentication on domain accounts
  - From: Thomas Nisbach

References:
- 1.7.1: problem with public key authentication on domain accounts
  - From: Bob Burger
- Re: 1.7.1: problem with public key authentication on domain accounts
  - From: Thomas Nisbach
- Re: 1.7.1: problem with public key authentication on domain accounts
  - From: Larry Hall (Cygwin)
- Re: 1.7.1: problem with public key authentication on domain accounts
  - From: Andrew Ng
- Re: 1.7.1: problem with public key authentication on domain accounts
  - From: Larry Hall (Cygwin)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]