This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 2008: Problem is solved now!!!


Dear Cygwin Community,

my problem described is solved now. 

The change to Windows Server 2003 is the fact, that the OpenSSHd Server 
service must run under a user account, SYSTEM account is not enough!

The choosen user account must have the following privileges:

    Create a token object
    Logon as a service
    Replace a process level token
    Increase Quota 

It does not work, if you give SYSTEM account all the rights! These 
behaviour was described in the year 2007 in a "CopSSH" forum. 

No further investigation is needed.

Thanks and

best regards

Carsten Porzler



cygwin-owner@cygwin.com schrieb am 21.01.2010 16:01:28:

> [Bild entfernt] 
> 
> Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 
2008...
> 
> Carsten.Porzler 
> 
> an:
> 
> cygwin
> 
> 21.01.2010 16:01
> 
> Gesendet von:
> 
> cygwin-owner@cygwin.com
> 
> Dear Cygwin experts,
> 
> we installed Cygwin/OpenSSH V.5.3
> 
> CYGWIN_NT-6.1-WOW64 d00atq49 1.7.1(0.218/5/3) 2009-12-07 11:48 i686 
Cygwin
> OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
> 
> on a Windows 2008 64-bit system.
> 
> Unfortunetly the key authentication does not work. The connection 
> initiation interrupts on server side with the following errors: seteuid 
> <user-id>: Permission denied
> 
> debug1: userauth-request for user testuser01 service ssh-connection 
method 
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 10.2.240.11.
> debug2: parse_server_config: config reprocess config len 229
> debug2: input_userauth_request: setting up authctxt for testuser01
> debug2: input_userauth_request: try method none
> Failed none for testuser01 from 10.2.240.11 port 2467 ssh2
> debug3: Wrote 80 bytes for a total of 1549
> debug1: userauth-request for user testuser01 service ssh-connection 
method 
> publickey
> debug1: attempt 1 failures 0
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 1011/513 (e=18/544)
> seteuid 1011: Permission denied
> debug1: do_cleanup
> 
> The password authentication with the same user on the same server works 
> fine.
> 
> The OpenSSHd service is running under system account. The file 
> cyglsa64.dll is loaded from the registry key 
> "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages".
> 
> The public key file is owned by the user "testuser01", to which I want 
to 
> switch to, and is readable for group and all others.
> 
> The OpenSSHd service is running without Privilege Separation (we also 
> tried this in meantime, but fails, too). It's the same configuration as 
we 
> have used since years on our Windows Server 2003 systems (32-bit).
> 
> What can be the reason(s) for this behaviour?
> 
> Thanks for help in advance and
> 
> best regards
> 
> Carsten Porzler
> 
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]