This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: AW: Inaccessible remote volumes when logged in via ssh

I can confirm the problem on XP as well as the inverse on W2K (I'm just 
mapping and 'subst'ing to a local share).  For the moment at least, beyond 
debugging it of course, I don't have any good suggestions for you.  It may 
well be that XP disallows this functionality though.  If you investigate, 
please follow up on the list with your results.

Larry


At 10:04 PM 5/20/2004, you wrote:
>Hello,
>
>I just noticed that I am also using this problem.
>
>For example:
>
>$ mount
>C:\cygwin\bin on /usr/bin type system (binmode)
>C:\cygwin\lib on /usr/lib type system (binmode)
>C:\cygwin on / type system (binmode)
>c: on /c type system (binmode,noumount)
>w: on /w type system (binmode,noumount)
>z: on /z type system (binmode,noumount)
>
>$ ssh rsiklos@localhost
>rsiklos@localhost's password:
>Last login: Thu May 20 22:00:01 2004 from localhost
>You are successfully logged in to this server!!!
>
>$ mount
>C:\cygwin\bin on /usr/bin type system (binmode)
>C:\cygwin\lib on /usr/lib type system (binmode)
>C:\cygwin on / type system (binmode)
>c: on /c type system (binmode,noumount)
>
>I have no idea why this is happening.  I know I had it working with sshd on
>win2k, but I'm running XP now.  Other than the o/s change, and updating
>cygwin every once in a while (including today), I haven't done anything
>different.  I just reinstalled cygwin from scratch (wanted to do it anyways)
>and the problem is still there.
>
>Anything I can do to to figure out what the problem is?
>
>Thanks a million,
>
>Rob.
>
>----- Original Message ----- 
>From: "Larry Hall" <cygwin-lh@cygwin.com>
>To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com>
>Sent: Wednesday, May 12, 2004 10:53 PM
>Subject: Re: AW: Inaccessible remote volumes when logged in via ssh
>
>
>> At 09:01 AM 5/11/2004, you wrote:
>> >I am logging in using password (i already heard of troubles using
>> >publickey, altough i can log in as normal user using public key)
>> >The volume is mounted using the explorer menu (extra -> connect drive, i
>> >dont know if thats correct because i have a german version), and it is
>> >configured to mount automatically at startup.
>>
>>
>> Well, something is wrong with your password authentication then because
>> the behavior you're getting is exactly the same as with public key
>> authentication.
>>
>>
>> >I just tried to use "net use" in my ssh-session and noticed it doesnt
>> >work (system error 1312)
>> >It is the same case as in
>> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
>> >And in
>> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
>> >
>> >And
>> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
>> >
>> >It has something to do with user-privileges and that the sshd runs as
>> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
>> >not as user which logged in.
>>
>>
>> No, that's not quite right.  *If* you use password authentication when you
>> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows
>and
>> have full access to whatever resource (including shares) Windows allows
>you.
>> *If* you use public key authentication, you can access any resource that
>does
>> not require Windows authentication (including public shares).  Either way,
>> you are running the 'ssh' session as the user you specify (or default to)
>> for that session.  Only 'sshd' runs as SYSTEM (by default).  Running
>'sshd'
>> allows switching the user context from SYSTEM to the requested user for
>> the 'ssh' session.
>>
>>
>> >What i dont understand is, why it works when i log in locally via ssh
>> >(ssh localhost -l bpc).
>>
>>
>> It "works" because you're already authenticated with Windows on that
>machine
>> as the user you're shelling in as.  So Windows knows this user and
>therefore
>> will provide access to the restricted resources.
>>
>>
>> >It should also run as user system without
>> >network-privileges.
>>
>>
>> No that's incorrect.
>>
>>
>> >I tried the following:
>> >At <current-time + 1> /INTERACTIVE cmd
>> >
>> >Which should open a cmd-shell in one minute which runs as SYSTEM.
>> >The shell opens and i also have no access to the network.
>>
>>
>> That's expected.
>>
>>
>> >So i tried to start the sshd service as user "sshd" (changed owner of
>> >all files, adjusted the security policies etc). The service starts but
>> >the strange result is, that i cant login with password anymore, only
>> >with public key !!! And i still dont have acces to network .
>> >When i do a ps -W -f i get:
>> >
>> >    sshd    1608       1   ?  14:10:21 /usr/bin/cygrunsrv
>> >    sshd    1348    1720   ?  14:11:09 /usr/sbin/sshd
>> >       0     756       0   ?  14:11:11 C:\cygwin\bin\bash.exe
>> >     bpc    1716    1680   1  14:11:46 /usr/bin/ps
>> >       0    1760       0   ?  14:11:47 C:\cygwin\bin\ps.exe
>>
>>
>> Don't know why you tried this but as you can see, it doesn't buy you
>> anything.
>>
>>
>> >So i assume, the shell still run under SYSTEM account
>>
>>
>> No.  Now it would be run as user 'sshd', with whatever privileges the
>'sshd'
>> user has.  By default, this user has no ability to switch user contexts so
>> no matter who you log in as, you will always be 'sshd'.
>>
>>
>> >Trying around with UsePrivilegeSeperation i had trouble starting the
>> >service at all. (complained about wrong privileges of /var/empty)
>>
>>
>> If you start changing the user that 'sshd' runs as, you're going to need
>> to be careful about resetting file ownership on many files and directories
>> that 'sshd' and 'ssh' use.  It isn't recommended that you run 'sshd' as
>> any user other than SYSTEM (unless you're running on W2K3 - see the
>openssh
>> README for details on running on that platform).  At this point, you're
>> probably best off removing 'openssh' from your system, cleaning up any
>> leftover files, and reinstalling, using the install scripts and directions
>> provided with the package.  If you're still have problems, we need to know
>> the steps you took, any messages you got, log files generated,
>configuration
>> file settings, etc.  But keep in mind you can find out allot about what
>> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
>> on.  See the man pages for details.
>>
>>
>>
>> --
>> Larry Hall                              http://www.rfk.com
>> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
>> 838 Washington Street                   (508) 893-9889 - FAX
>> Holliston, MA 01746
>>
>>
>> --
>> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports:       http://cygwin.com/problems.html
>> Documentation:         http://cygwin.com/docs.html
>> FAQ:                   http://cygwin.com/faq/
>>
>>
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/ 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]