This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
setreuid: permission denied for sshd under non-system account
- From: Paul Chorley <paulch at rhetorical dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 03 Nov 2003 12:11:45 +0000
- Subject: setreuid: permission denied for sshd under non-system account
Hi,
I have installed the cygwin port of openssh on a Win2k box and set up
passwordless authentication using .ssh/id_rsa and .ssh/authorized_hosts
in the normal way. Everything works fine and I can ssh to the Windows
box without a password. My problem arises when I change the user that
runs the sshd service.
Following Corrina's instructions, I set up a local user (sshsvc) as a
member of the Administrators group and have given that user the
following user rights:
Act as part of operating system.
Create a token object.
Replace a process level token.
Log on as a service.
After setting the ownership of the /etc/ssh*, /var/empty (when using
privaledge separation) and /var/log/sshd.log I can start the service.
With the client and server in debug mode I try to connect and the
client appears to log in, but immediately logs back out again. The
server log shows that a call to permanently_set_uid is followed by a
call to setreuid, which fails with 'permission denied'.
I guess that this is Windows refusing to allow the sshsvc user to switch
to the real user that i'm trying to log in as.
I was lead to believe from the docs and from Corinna's posts that the
user rights settings would have dealt with this problem, but they don't.
What am I doing wrong here? Any help is appreciated.
Paul.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/