problems setting up openssh 2.9p2-2 with keyfiles

Hans Sturm hans.sturm@consors.de
Tue Jul 17 07:02:00 GMT 2001


I set the env var CYGWIN to contain `ntsec' in the system env and when installing sshd as service e.g.
but same problem.
Then i installed the new snapshot cygwin1.dll (20010716) but same problem again.
my user keys get accepted but then there seems to go something wrong with the switching of the uid.
I then used a NT-exploit to become the local system user and started sshd as system with -d -e options.
This is the output that it gave:

C:\cygwin\usr\sbin>id
uid=18(SYSTEM) gid=18(SYSTEM) groups=0(Jeder),544(Administratoren)

C:\cygwin\usr\sbin>sshd -d -e
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.1.64 port 1750
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 126/256
debug1: bits set: 1067/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1050/2049
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user Administrator service ssh-connection method no
ne
debug1: attempt 0 failures 0
Failed none for Administrator from 192.168.1.64 port 1750 ssh2
debug1: userauth-request for user Administrator service ssh-connection method pu
blickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 500/513 (e=18)
debug1: matching key found: file /home/Administrator/.ssh/authorized_keys2, line
 3
debug1: restore_uid
Postponed publickey for Administrator from 192.168.1.64 port 1750 ssh2
debug1: userauth-request for user Administrator service ssh-connection method pu
blickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 500/513 (e=18)
debug1: matching key found: file /home/Administrator/.ssh/authorized_keys2, line
 3
debug1: restore_uid
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
Accepted publickey for Administrator from 192.168.1.64 port 1750 ssh2
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 channel 0 request pty-req reply 0
debug1: session_pty_req: session 0 alloc /dev/tty1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 channel 0 request shell reply 0
debug1: channel 0: rfd 7 isatty
debug1: fd 7 setting O_NONBLOCK
debug1: fd 3 setting O_NONBLOCK
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 116
debug1: session_exit_message: session 0 channel 0 pid 116
debug1: session_exit_message: release channel 0
debug1: channel 0: write failed
debug1: channel 0: output open -> closed
debug1: channel 0: close_write
debug1: session_pty_cleanup: session 0 release /dev/tty1
debug1: session_free: session 0 pid 116
Read error from remote host: errno ESHUTDOWN triggered
debug1: Calling cleanup 0x423968(0x0)
debug1: Calling cleanup 0x415ec4(0x0)

C:\cygwin\usr\sbin>


>On Tue, Jul 17, 2001 at 12:46:45PM +0200, Hans Sturm wrote:
>> Hello,
>>
>> I installed cygwin 1.3.2 and OpenSSH 2.9p2-2 using ntsec and a good 
>> passwd/group.
>> the sshd is installed as service under system account with cygrunsrv.
>> i want to log in with keyfiles only (which is configured in sshd_config) 
>> and the right authorized_keys and authorized_keys2 are in place with the 
>> right owner and readable for system.
>> when i try to login i get asked for the passphrase for my keys but after 
>> that sshd closes the connection.
>> in the eventlog i find a entry from sshd stating:
>> ":sshd : Win32 Process Id = 0xAF : Cygwin Process Id = 0xAF : fatal: setuid 
>> 500: Not owner."
>
>Did you set the env var CYGWIN to contain `ntsec' in the system env
>or when installing sshd as service e.g.
>
>        cygrunsrv -I sshd ... -e "CYGWIN=... ntsec ..."
>
>?
>
>If that doesn't help, could you try the latest developer snapshot
>of Cygwin?
>
>> I chowned system:system sshd.exe but same problem again.
>
>That's irrelevant. The ownership of the ssh files in /etc is
>the problem typically but that seems not to be related here.
>
>Corinna
>
>-- 
>Corinna Vinschen                  Please, send mails regarding Cygwin to
>Cygwin Developer                                mailto:cygwin@cygwin.com
>Red Hat, Inc.
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list