This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: W2K and sshd, ssh - asks for password


Corinna Vinschen wrote:
> > I think that only the POSIX file mode using ACLs requires NTFS. The rest of what
> > ntsec does just requires an NT OS, and FAT will do.
> 
> You're right.  You just don't get real POSIX permissions on files,
> but on process level ntsec still works.
>

Well you guys just clarified and confirmed what I discovered last night and problem 
now solved (partly) and sshd/ssh appears to be functioning as it should at least 
from the SYSTEM bash shell.

I prepared and did the following test as Max described:
> The server needs to run under the SYSTEM account, so you will need to get a
> shell running under this account: As an administrator, run 'at hh:mm
> /interactive C:\cygwin\cygwin.bat', where hh:mm is current time +1m. Once the
> minute rolls over, you will have a bash shell running as SYSTEM. Now run
> '/usr/sbin/sshd -ddde >sshd-log 2>&1'. Now, in a separate shell (not as SYSTEM),
> try to log in - 'ssh myuser@localhost' As soon as you get the password prompt,
> Ctrl-C. The sshd will exit as it is running in debug mode. Send sshd-log to
> cygwin@cygwin.com in the body of an email.

and I had the file all prepared to email and then decided based on his other 
comments about ntsec that I would just give it a try (which I should have done in 
the first place and saved everyone a lot of grief - but I was afraid of the NTFS 
requirement and screwing something up big time).  Lo and behold with sshd started as 
Max described and with NTSEC as part of my CYGWIN variable - I could type in:

ssh localhost

and there I was - the message of the day and logged in via SSH without it asking for 
a password.

I then decided to try sshd as a service again (installed and started from within the 
SYSTEM bash shell I had running) but this time however it was back to asking for my 
password.  I tried testing various combinations of using the bash shell with user 
SYSTEM (as Max described above) and ntsec in my CYGWIN variable and essentially 
discovered the following:

If I start sshd as a service it doesn't matter if I have ntsec in the CYGWIN 
environmental variable or not - it still will ask me for the password.  Whereas if I 
start sshd as Max described above without ntsec then ssh will ask for a password, 
but with ntsec then ssh will simply logon to the server and not ask for the 
password.

One thing I have noticed though is that when I use cygrunsrv to install sshd as a 
service (with the cygwin variable specified with ntsec specified) and then go look 
at the service that was created - I see where it references cygrunsrv.exe but see no 
reference to those parameters about the cygwin variable.  This is on a Windows 2000 
system - where is this information kept that would cause sshd to start as a service 
with the cygwin variable set as required?  This is probably the big question that 
will fix my service problem.

So I now have learned (and you folks confirmed) that ntsec does affect part of the 
system even when you don't NTFS.

Good to know and thanks for the clarification from both of you.  Now any ideas why 
running from the SYSTEM bash shell (with ntsec in use) sshd/ssh doesn't require the 
password but running as a service it does?  Is this as I surmise a problem with the 
way the service is created and thus being run.

bk



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]