This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 2008: Problem is solved now!!!
Dear Cygwin Community,
my problem described is solved now.
The change to Windows Server 2003 is the fact, that the OpenSSHd Server
service must run under a user account, SYSTEM account is not enough!
The choosen user account must have the following privileges:
Create a token object
Logon as a service
Replace a process level token
Increase Quota
It does not work, if you give SYSTEM account all the rights! These
behaviour was described in the year 2007 in a "CopSSH" forum.
No further investigation is needed.
Thanks and
best regards
Carsten Porzler
cygwin-owner@cygwin.com schrieb am 21.01.2010 16:01:28:
> [Bild entfernt]
>
> Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows
2008...
>
> Carsten.Porzler
>
> an:
>
> cygwin
>
> 21.01.2010 16:01
>
> Gesendet von:
>
> cygwin-owner@cygwin.com
>
> Dear Cygwin experts,
>
> we installed Cygwin/OpenSSH V.5.3
>
> CYGWIN_NT-6.1-WOW64 d00atq49 1.7.1(0.218/5/3) 2009-12-07 11:48 i686
Cygwin
> OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
>
> on a Windows 2008 64-bit system.
>
> Unfortunetly the key authentication does not work. The connection
> initiation interrupts on server side with the following errors: seteuid
> <user-id>: Permission denied
>
> debug1: userauth-request for user testuser01 service ssh-connection
method
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 10.2.240.11.
> debug2: parse_server_config: config reprocess config len 229
> debug2: input_userauth_request: setting up authctxt for testuser01
> debug2: input_userauth_request: try method none
> Failed none for testuser01 from 10.2.240.11 port 2467 ssh2
> debug3: Wrote 80 bytes for a total of 1549
> debug1: userauth-request for user testuser01 service ssh-connection
method
> publickey
> debug1: attempt 1 failures 0
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 1011/513 (e=18/544)
> seteuid 1011: Permission denied
> debug1: do_cleanup
>
> The password authentication with the same user on the same server works
> fine.
>
> The OpenSSHd service is running under system account. The file
> cyglsa64.dll is loaded from the registry key
> "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages".
>
> The public key file is owned by the user "testuser01", to which I want
to
> switch to, and is readable for group and all others.
>
> The OpenSSHd service is running without Privilege Separation (we also
> tried this in meantime, but fails, too). It's the same configuration as
we
> have used since years on our Windows Server 2003 systems (32-bit).
>
> What can be the reason(s) for this behaviour?
>
> Thanks for help in advance and
>
> best regards
>
> Carsten Porzler
>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple