This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Run OpenSSH service with Local System Account

William Zhang wrote:
Thank you Larry! Please see my comment below.

On Thu, Nov 20, 2008 at 3:48 PM, Larry Hall (Cygwin)
<blah-blah-blah> wrote:
<>.  Thanks.
Why do you believe that you can set this Local System Account to interact
with the desktop but not cyg_server?

In the Windows Services property Log On page, we have two option for the service to run as: One is to use Local System Account. When this option is selected, you have the "allow service to interact with desktop" enabled. The second option is to use an account you specified but "allow service to interact with desktop" option is disabled when it is selected.

Ah yes. I've gotten so used to the '-i' or 'cygrunsrv', which 'ssh-host-config' uses to configure the 'sshd' service that I forgot that the check box isn't there in the GUI for any other user. Regardless, you can add it to 'ssh-host-config' if you want. Of course, this ability is disabled in Vista and Longhorn according to 'cygrunsrv' so I don't think this will help for 2008 (and maybe 2003?)

By this you mean specifically what?  Perhaps you should provide the
output you get and/or you should run 'ssh -v -v -v' to get some insight
as to where it chokes.

When the ssh-host-config script ask if i want to create a cyg_server
user, I answer no so it defaults to use the system local account.
Below are the debug output and it failed at
ssh_exchange_identification. I guess the cyg_server account is used to
handle ssh_exchange_identification on windows 2003.

cyg_server is the account used to start services, 'sshd' in this case. It has no direct association to ssh_exchange_identificatton.

Can I work around
this with the local system account?

Authentication hasn't started yet so I doubt the account makes much difference. But I see nothing wrong with trying it. My guess is you're going to need to start a debug server session to get better insight. At least that's what I would do.

$ ssh -v -v -v localhost
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [] port 22.
debug1: Connection established.
debug1: identity file /home/root/.ssh/identity type -1
debug1: identity file /home/root/.ssh/id_rsa type -1
debug1: identity file /home/root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

If you don't care about using pubkey authetication and are fine with
typing in your Windows password each time you invoke 'ssh', you should
be able to use the Local System Account.

I don't want any user interaction during the automation test. Can the password be provided automatically?

No. That's why there's public key.

Larry Hall                    
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746


A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]