This is the mail archive of the
mailing list for the Cygwin project.
Re: sshd permits logon using disabled user?
- From: Bill Stewart <bstewart at iname dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 24 Jan 2019 09:48:17 -0700
- Subject: Re: sshd permits logon using disabled user?
- References: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA@mail.gmail.com> <20190124154533.GK2802@calimero.vinschen.de>
I performed the following steps:
1. Downloaded cygwin-20190124.tar.xz
2. Extracted it
3. Stopped sshd
4. Renamed existing /bin/cygwin1.dll to cygwin1-20181108.dll
5. Copied cygwin1.dll from download to /bin
6. Started sshd
Did I miss anything?
It still allows logon with disabled account.
On Thu, Jan 24, 2019 at 8:45 AM Corinna Vinschen <firstname.lastname@example.org>
> On Jan 24 06:28, Bill Stewart wrote:
> > I am running Windows 10 (1803) and experimenting with sshd installed as a
> > Windows service.
> > The computer is a domain member. I created a local computer account for
> > testing.
> > I created host keys and a public/private key pair to use to log on the
> > This works, except I notice that if I disable the Windows user account, I
> > can still log on using ssh using that account.
> > In the shell, logged on as the disabled user, the 'whoami' command
> > the name of the disabled user.
> > This seems unexpected and not good.
> > Why does sshd allow logon for a disabled user?
> Because the underlying Cygwin function responsible for changing the user
> account only checks if the account exists. It does not check for any of
> the flags in the user DB. Yet.
> I pushed a patch to disallow changing the user account to a disabled or
> locked out account.
> I just uploaded new developer snapshots containing this change to
> Please give them a try.
> Corinna Vinschen
> Cygwin Maintainer
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple