This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
Re: cygwin & opensshd on .net enterprise server

From: Prentis Brooks <prentis at aol dot net>
To: Tony Hain <tony at tndh dot net>
Cc: cygwin at cygwin dot com, <mark at networksimplicity dot com>
Date: Thu, 16 May 2002 14:42:17 -0400 (EDT)
Subject: Re: cygwin & opensshd on .net enterprise server
Ok, I typed too fast... none is supposed to be known... sorry


On Thu, 16 May 2002, Prentis Brooks wrote:

> Ok, The setgid is a none error to me.  This happens when the passwd
> files are not built properly.  Not your fault, some interesting Windows
> installations give mkpasswd and mkgroup headaches, particularly on
> Domain Controllers.  
> 
> If you check your /etc/passwd and /etc/group, you will find one of the
> following:
> 
> 1) You have duplicate entries in /etc/passwd for the user you are trying
> to login as
> 2) You will find that the GID of your user in /etc/passwd does not exist
> in /etc/group (most likely for the setgid error).
> 
> Check your /etc/passwd and /etc/group files, make sure that your
> "Primary" NT group is in the /etc/group file and that it has the correct
> GID.   In some cases I saw mkgroup create a Domain group as GID 513 and
> /etc/passwd would use 10513 (I only saw this on a domain controller
> where this is both a local and a domain group) or vice versa.  I think
> it was the other way when I saw it.  
> 
> In short, fix your /etc/passwd and /etc/group so that they match and
> your problem should be corrected.
> 
> 
> On Wed, 15 May 2002, Tony Hain wrote:
> 
> > I am looking for any clues on how to make cygwin & opensshd work on a
> > .net enterprise server, and found nothing in the mail archive. I had
> > been running Mark's opensshd specific environment on W2k server without
> > trouble. When I installed a fresh build 3615, OpenSSH_3.1p1 failed, so I
> > thought I would try the full cygwin. That is failing in the same way, so
> > after a couple of days experimenting I am stuck.
> > 
> > With the intent of sending Mark a trace, I followed his instructions for
> > debugging by  using a scheduled task to get a system account command
> > window (if it is of any use, I have put a copy of the debug trace at the
> > end). What I found in the process is that there appears to be some
> > permissions related problem, because I get logged in as any valid user
> > over the ssh channel, but that immediately exits. Trying to figure that
> > out I found that the only process/user that can run the shell is the
> > system account. When I run sh, bash, or the cygwin.bat from any other
> > account it just exits, but they appear to work fine in the system
> > initiated command window. This is also true of many of the exe's in
> > /bin, although some of them just hang with 100% cpu for the non-system
> > user.
> > 
> > One thing I found in the process is that the old passwd file is useless.
> > The only way I could log in using ssh with either Mark's sshd subset, or
> > the full cygwin was to use the mkpasswd & mkgroup process to build those
> > files from scratch with the NT UIDs. What the log showed before I did
> > that was 'Cygwin Process Id = 0xC78 : fatal: setuid 520: Not owner.'
> > Simply changing that got me to the point of 'password accepted', but
> > until the shell runs for all accounts, that does no good.
> > 
> > I tried setting bash to W2k compatibility mode (actually all modes), and
> > turning off  the 'protect my computer from unauthorized activity'
> > checkbox in the run as ... option, but those made no difference. I also
> > tried setting the file owner for the entire subdirectory tree to system,
> > again no difference. cygrunsrv.exe and sshd.exe are running as system,
> > but it appears they end up running the shell in user space.
> > 
> > Any clues what to try next???
> > Tony
> > 
> > 
> > 
> > C:\Program Files\NetworkSimplicity\ssh>sshd -d -d -d -f sshd_config
> > debug1: sshd version OpenSSH_3.1p1
> > debug1: private host key: #0 type 0 RSA1
> > debug3: Not a RSA1 key file /ssh/ssh_host_rsa_key.
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #1 type 1 RSA
> > debug3: Not a RSA1 key file /ssh/ssh_host_dsa_key.
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #2 type 2 DSA
> > debug1: Bind to port 87 on 0.0.0.0.
> > Server listening on 0.0.0.0 port 87.
> > debug1: Server will not fork when running in debugging mode.
> > Connection from 192.168.123.34 port 4354
> > debug1: Client protocol version 1.99; client software version 3.0.0 SSH
> > Secure S
> > hell for Windows
> > debug1: match: 3.0.0 SSH Secure Shell for Windows pat 3.0.*
> > Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_3.1p1
> > debug1: list_hostkey_types: ssh-rsa,ssh-dss
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit:
> > diffie-hellman-group-exchange-sha1,diffie-hellman-gro
> > up1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> > aes192-cbc,aes256-cbc
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> > aes192-cbc,aes256-cbc
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> > ssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> > ssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit:
> > ssh-rsa,ssh-dss,x509v3-sign-dss,x509v3-sign-rsa
> > debug2: kex_parse_kexinit: 3des-cbc
> > debug2: kex_parse_kexinit: 3des-cbc
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
> > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
> > debug2: kex_parse_kexinit: none
> > debug2: kex_parse_kexinit: none
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: mac_init: found hmac-md5
> > debug1: kex: client->server 3des-cbc hmac-md5 none
> > debug2: mac_init: found hmac-md5
> > debug1: kex: server->client 3des-cbc hmac-md5 none
> > debug1: dh_gen_key: priv key bits set: 194/384
> > debug1: bits set: 475/1024
> > debug1: expecting SSH2_MSG_KEXDH_INIT
> > debug1: bits set: 480/1024
> > debug1: kex_derive_keys
> > debug1: newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: waiting for SSH2_MSG_NEWKEYS
> > debug1: newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: KEX done
> > debug1: userauth-request for user ahain service ssh-connection method
> > none
> > debug1: attempt 0 failures 0
> > debug2: input_userauth_request: setting up authctxt for ahain
> > debug2: input_userauth_request: try method none
> > Failed none for ahain from 192.168.123.34 port 4354 ssh2
> > debug1: userauth-request for user ahain service ssh-connection method
> > none
> > debug1: attempt 1 failures 1
> > debug2: Unrecognized authentication method name: none
> > Failed none for ahain from 192.168.123.34 port 4354 ssh2
> > debug1: userauth-request for user ahain service ssh-connection method
> > password
> > debug1: attempt 2 failures 2
> > debug2: input_userauth_request: try method password
> > Accepted password for ahain from 192.168.123.34 port 4354 ssh2
> > debug1: Entering interactive session for SSH2.
> > debug1: fd 3 setting O_NONBLOCK
> > debug1: fd 7 setting O_NONBLOCK
> > debug1: server_init_dispatch_20
> > debug1: server_input_channel_open: ctype session rchan 0 win 10000 max
> > 512
> > debug1: input_session_request
> > debug1: channel 0: new [server-session]
> > debug1: session_new: init
> > debug1: session_new: session 0
> > debug1: session_open: channel 0
> > debug1: session_open: session 0: link with channel 0
> > debug1: server_input_channel_open: confirm session
> > debug1: server_input_channel_req: channel 0 request pty-req reply 0
> > debug1: session_by_channel: session 0 channel 0
> > debug1: session_input_channel_req: session 0 req pty-req
> > debug1: Allocating pty.
> > debug1: session_pty_req: session 0 alloc /dev/tty1
> > debug3: tty_parse_modes: SSH2 n_bytes 0
> > debug1: server_input_channel_req: channel 0 request shell reply 1
> > debug1: session_by_channel: session 0 channel 0
> > debug1: session_input_channel_req: session 0 req shell
> > debug1: fd 4 setting TCP_NODELAY
> > debug1: channel 0: rfd 9 isatty
> > debug1: fd 9 setting O_NONBLOCK
> > debug1: fd 8 setting O_NONBLOCK
> > debug1: server_input_channel_req: channel 0 request window-change reply
> > 0
> > debug1: session_by_channel: session 0 channel 0
> > debug1: Received SIGCHLD.
> > debug1: session_input_channel_req: session 0 req window-change
> > debug3: tvp!=NULL kid 1 mili 100
> > debug2: notify_done: reading
> > debug1: session_by_pid: pid 3964
> > debug1: session_exit_message: session 0 channel 0 pid 3964
> > debug1: channel request 0: exit-status
> > debug1: session_exit_message: release channel 0
> > debug1: channel 0: write failed
> > debug1: channel 0: close_write
> > debug1: channel 0: output open -> closed
> > debug1: session_close: session 0 pid 3964
> > debug1: session_pty_cleanup: session 0 release /dev/tty1
> > Write failed: errno ESHUTDOWN triggered
> > debug1: Calling cleanup 0x41f104(0x0)
> > debug1: channel_free: channel 0: server-session, nchannels 1
> > debug3: channel_free: status: The following connections are open:
> >   #0 server-session (t4 r0 i0/185 o3/0 fd 9/-1)
> > 
> > debug3: channel_close_fds: channel 0: r 9 w -1 e -1
> > debug1: Calling cleanup 0x417030(0x0)
> > 
> > 
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> > 
> 
> 

-- 
Prentis Brooks	| prentis@aol.net | 703-265-0914 | AIM: PrentisBrooks
Senior System Administrator - Web Infrastructure & Security

       A knight is sworn to valor.  His heart knows only virtue.  His blade
       defends the helpless.  His word speaks only truth.  His wrath undoes
       the wicked. - the old code of Bowen, last of the dragonslayers


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
References:
- Re: cygwin & opensshd on .net enterprise server
  - From: Prentis Brooks
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]