This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

OpenSSH problems: StrictModes and PublicKeyAuthentication


I'm testing an upgrade to latest versions and hope I've just got a configuration problem...

Configuration
Cygwin 1.3.12-1 and OpenSSH 3.4p2
Freshly installed Windows 2000 Server + all the hotfix rot.
Default settings from ssh-host-config
Password Auth works, Pubkey Auth does not.

------------------------------

Problem 1: StrictModes on == Cannot log on.
If the ACLs on the ~/.ssh/authorized_keys have SYSTEM:Read, then authentication fails with improper ownership or mode.
If the ACL on the file do not have SYSTEM:READ, then authentication fails because the SSHD cannot open the file.

I look at the Application event log on the system and Cygwin does record that the userid is switching to the user logging in before opening the authorized_keys file, but the Security log shows failed file accesses by SYSTEM when the call comes to open the file.

So, I turned off StrictModes and set <user> and SYSTEM to have perms on the file and ran into the second problem.

------------------------------------

Problem2: Successful RSA authentication is ignored?
To make a long story short, after the thread running the PubKey PAM auths the user, the next message is an auth failure

Client:
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/administrator/.ssh/identity
debug3: no such identity: /home/administrator/.ssh/identity
debug1: try privkey: /home/administrator/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply

Server:
debug1: userauth-request for user administrator service ssh-connection method publickey.
debug1: attempt 1 failures 1.
debug2: input_userauth_request: try method publickey.
debug3: mm_key_allowed entering.
debug3: mm_request_send entering: type 20.
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED.
debug3: mm_request_receive_expect entering: type 21.
debug3: mm_request_receive entering.
debug3: monitor_read: checking request 20.
debug3: mm_answer_keyallowed entering.
debug3: mm_answer_keyallowed: key_from_blob: 0x100b3a78.
debug1: temporarily_use_uid: 500/513 (e=18).
debug1: trying public key file /home/Administrator/.ssh/authorized_keys.
debug1: matching key found: file /home/Administrator/.ssh/authorized_keys, line 1.
Found matching RSA key: eb:36:79:4c:fa:63:b4:41:96:7d:07:7d:ff:d0:7b:2f.
debug1: restore_uid.
debug3: mm_answer_keyallowed: key 0x100b3a78 is allowed.
debug3: mm_request_send entering: type 21.
debug3: mm_request_receive entering.
debug3: mm_key_verify entering.
debug3: mm_request_send entering: type 22.
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY.
debug3: mm_request_receive_expect entering: type 23.
debug3: mm_request_receive entering.
debug3: monitor_read: checking request 22.
debug1: ssh_rsa_verify: signature correct.
debug3: mm_answer_keyverify: key 0x100b3a78 signature verified.
debug3: mm_request_send entering: type 23.
Accepted publickey for administrator from 171.64.x.x port 2373 ssh2.
debug1: monitor_child_preauth: administrator has been authenticated by privileged process.
debug3: mm_get_keystate: Waiting for new keys.
debug3: mm_request_receive_expect entering: type 24.
debug3: mm_request_receive entering.
debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa.
Failed publickey for administrator from 171.64.x.x port 2373 ssh2.

-Ross Wilper
Stanford University


--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]