Local accounts can't login via ssh, but domain accounts can

[Rodney Beede <cygwin at rodneybeede dot com>]

I am having an issue where domain accounts can login to my Cygwin
OpenSSH server, but local user accounts cannot.

I have tested on two separate computers with the following setup:
     Windows 7 64-bit (both Ultimate and Enterprise editions) w/SP1

     Cygwin -  setup-x86_64.exe setup-version 2.870 (64-bit)

     Cygwin version:   CYGWIN_NT-6.1 1.7.35(0.287/5/3) 2015-03-04 12:09

     OpenSSH_6.7p1, OpenSSL 1.0.1k 8 Jan 2015

I ran the following (as cygwin shell with Run as admin)
     ssh-host-config

         yes to StrictModes

         yes to privilege separation

         yes to local account sshd

         yes to install as service

         left blank value of CYGWIN

         no to different name

         yes to new privileged user account 'machine_name\cyg_server'

         Provided a password

         net start sshd

Verified I can login with a domain username and password no problem.

I create a local user account (not admin) and attempt to login.

Access denied.

"To many authentication failures for invalid user rodtest from
192.168.145.1 port 50338 ssh2"  (also seen in Windows event viewer).

I try changing the local user to be in the Administrators group.

Same error.

I use mkpasswd -l > /etc/passwd
I use mkgroup -l > /etc/group

Same issue.  Domain users can still login, but local user accounts cannot.

I also tried "fixing" the /etc/passwd and /etc/group ownership and
permissions so cyg_server owns them.   No change.

The local user can login to Windows via RDP.

So to recap I can login with *domain* accounts via ssh, but I cannot
login with *local* user accounts.   cyg_server is a local user account
not a domain account.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple