Why you can't load ws2_32.dll (was Re: Can't use key authentication on x64 Server 2003 R2)

Gordon Messmer yinyang@eburg.com
Mon Jan 25 02:18:00 GMT 2010


On 01/08/2010 06:59 AM, Corinna Vinschen wrote:
> I can't reproduce this one, but I can reproduce the other problem
> with pubkey authentication reported  in this thread:
...

I appreciate the time you took to explain this problem.  I've been 
working on it for a while, and still can't get it right.

> If you're running in a domain, then the account running the sshd service
> must be a member of the domain as well.  Instead of creating a local
> cyg_server account, you must create a domain account called cyg_server
> with the specific rights required to create a user token, add it to the
> /etc/passwd file of the machine on which you want to install sshd, and
> *then* run ssh-host-config on that machine.

I've created a "cyg_server" account on my domain controller and added it 
to the password file using:

mkpasswd -d -u cyg_server >> /etc/passwd

First I tried granting the required permissions manually in the domain 
policy.  When that didn't work, I used "editrights" as in 
cygwin-service-installation-helper.sh to set the rights in the local 
policy.  As far as I can tell, I get identical results.

Rights during my most recent test were:

$ editrights.exe -l -u cyg_server
SeAssignPrimaryTokenPrivilege
SeCreateTokenPrivilege
SeTcbPrivilege
SeServiceLogonRight
SeDenyRemoteInteractiveLogonRight

> If you did that, the ssh-host-config script will note that such an
> account exists in /etc/passwd and will offer to use that account for the
> sshd service.

Hopefully I did something as simple as adding the account to the 
password file incorrectly.  When I run ssh-host-config, I get the 
following warning:

*** Warning: cyg_server is in /etc/passwd, but the local
*** Warning: machine's SAM does not know about cyg_server.
*** Warning: Perhaps cyg_server is a pre-existing domain account.
*** Warning: Continuing, but check if this is ok.

Regardless, I can use the account and sshd will run.  When I log in with 
a password, I get a shell, but I see this warning:

  1 [main] sshd 2724 spawn_guts: CreateWindowStation failed, Win32 error 5

If I log in with a key, the server just drops the connection.  The 
(Linux) client reports:
Connection closed by 192.168.99.6

The server's event log indicates:

The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. 
The local computer may not have the necessary registry information or 
message DLL files to display messages from a remote computer. You may be 
able to use the /AUXSOURCE= flag to retrieve this description; see Help 
and Support for details. The following information is part of the event: 
sshd: PID 6632: fatal: seteuid 11287: Permission denied.

The event viewer indicates that the user is DOMAIN\cyg_server, which is 
the same username that appears in the Local Security Settings admin tool.

Does anyone have any specific advice for using a domain member account 
(DOMAIN\cyg_server) to run sshd?  Without that, it seems I can't run 
Cygwin 1.7's sshd with key authentication.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list