This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Problems with ssh connection

I have Cygwin installed on a couple of servers in a domain environment. Of all machines regular user accounts can ssh to only one box.
Once installed I configured Cygwin using the following in a .bat file.

c:\cygwin\bin\bash --login -c "chmod +r /etc/passwd"

c:\cygwin\bin\bash --login -c "chmod u+w /etc/passwd"

c:\cygwin\bin\bash --login -c "chmod +r /etc/group"

c:\cygwin\bin\bash --login -c "chmod u+w /etc/group"

c:\cygwin\bin\bash --login -c "chown -R domain_account /var/empty"

c:\cygwin\bin\bash --login -c "chmod 755 /var/empty"

c:\cygwin\bin\bash --login -c "chown domain_account /etc/ssh*"

c:\cygwin\bin\bash --login -c "chmod 755 /var/"

c:\cygwin\bin\bash --login -c "touch /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "chown domain_account /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "chmod 664 /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "editrights -l -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeAssignPrimaryTokenPrivilege -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeCreateTokenPrivilege -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeTcbPrivilege -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeServiceLogonRight -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -l -u domain_account"

c:\cygwin\bin\bash --login -c "/bin/ssh-host-config -y -c ntsec -u domain_account -w âpassword"

Somehow the permissions on the sshd_config file are diferent on the box where the sftp connection works

-rw-r--r-- 1 my_domain_account root 3679 Jul 24 12:44 /etc/sshd_config
where on all others I see
-rw-r--r-- 1 domain_account Administrators 3584 Jul 26 20:51 /etc/sshd_config where the domain_account is the account under which the Cygwin service is running.

When checking NTFS permissions I see in both cases the domain_account as the owner. I read somewhere that I need to run chown root:system /etc/password to fix the permissions
but the account reports as invalid. Same if I try just root or just system.
Am I even close focusing on the permissions of sshd_config? No idea why they're different. I think I used the same method on all servers but there were not installed at the same time so it's possible I messed something up. I don't want to break the working box keeping it as a reference. On others I noticed that a regular domain user can connect when their accounts get added to local admins which is what I would like to avoid.

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]