Run OpenSSH service with Local System Account
Larry Hall (Cygwin)
reply-to-list-only-lh@cygwin.com
Fri Nov 21 12:59:00 GMT 2008
William Zhang wrote:
> Thank you Larry! Please see my comment below.
>
> On Thu, Nov 20, 2008 at 3:48 PM, Larry Hall (Cygwin)
> <blah-blah-blah> wrote:
^^^^^^^^^^^^^^
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>. Thanks.
>> Why do you believe that you can set this Local System Account to interact
>> with the desktop but not cyg_server?
>
> In the Windows Services property Log On page, we have two option for
> the service to run as:
> One is to use Local System Account. When this option is selected, you
> have the "allow service to interact with desktop" enabled.
> The second option is to use an account you specified but "allow
> service to interact with desktop" option is disabled when it is
> selected.
Ah yes. I've gotten so used to the '-i' or 'cygrunsrv', which
'ssh-host-config' uses to configure the 'sshd' service that I forgot that
the check box isn't there in the GUI for any other user. Regardless,
you can add it to 'ssh-host-config' if you want. Of course, this ability
is disabled in Vista and Longhorn according to 'cygrunsrv' so I don't
think this will help for 2008 (and maybe 2003?)
>> By this you mean specifically what? Perhaps you should provide the
>> output you get and/or you should run 'ssh -v -v -v' to get some insight
>> as to where it chokes.
>
> When the ssh-host-config script ask if i want to create a cyg_server
> user, I answer no so it defaults to use the system local account.
> Below are the debug output and it failed at
> ssh_exchange_identification. I guess the cyg_server account is used to
> handle ssh_exchange_identification on windows 2003.
cyg_server is the account used to start services, 'sshd' in this case.
It has no direct association to ssh_exchange_identificatton.
> Can I work around
> this with the local system account?
Authentication hasn't started yet so I doubt the account makes much
difference. But I see nothing wrong with trying it. My guess is
you're going to need to start a debug server session to get better
insight. At least that's what I would do.
> $ ssh -v -v -v localhost
> OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
> debug1: Reading configuration data /etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/root/.ssh/identity type -1
> debug1: identity file /home/root/.ssh/id_rsa type -1
> debug1: identity file /home/root/.ssh/id_dsa type -1
> ssh_exchange_identification: Connection closed by remote host
>
>> If you don't care about using pubkey authetication and are fine with
>> typing in your Windows password each time you invoke 'ssh', you should
>> be able to use the Local System Account.
>
> I don't want any user interaction during the automation test. Can the
> password be provided automatically?
No. That's why there's public key.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
_____________________________________________________________________
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list