Cygwin ssh and Windows authentication

Jarek yaro_29@hotmail.com
Fri Jul 24 19:05:00 GMT 2015 


On 2015-07-22 23:46, Andrey Repin wrote:
> Greetings, Jarek!
>
>>>>>> So why are they not needed as your comment doesn't really explain that
>>>>> Read 1.7.35 changelog.
>>>>> In short, username resolution was completely reworked, thanks to Corinna, and
>>>>> Cygwin now directly address domain controllers for it.
>>>> OK so it addresses DCs to check some settings or priviliges. I don't
>>>> suppose it just asks 'hey DS, can contoso\johnd access sshd on server1?'
>>> Indirectly, that can be done, i.e., by including a user in "SSH" group and
>>> allow only "DOMAIN+SSH" group to authorize on server.
>> I assume the group name is arbitrary and can be named anything.
> Of course. I have a generic "RemoteUsers" group for all users that allowed
> remote access (VPN, SSH, etc.)
>
>> I went thrugh local rights on my sshserver and I see the Everyone, and
>> Users local groups have Allow to access this computer via network.
>> I take it the 'Act as part of the OS','Create a token object' and
>> 'Replace a process level token' rights are only for the account running
>> the sshd service.
> Yes, these are only used by service itself, and not propagated to the users
> connected.
>
>>> Verbose logging from both client and server may give some insight, too.
>> Here is what I get from the logs on the client when attempting to
>> connect with WinSCP
> Try using only username to login. Without domain prefix.
> And disable other auth mechanics, while you are testing namely I see it trying
> GSSAPI, which wouldn't work unless explicitly configured and allowed.
>
> Please attach long listings as files or provide links to pastebin service of
> your choice.
>
>
Hi Andrey,

As much as I don't like giving up, after lots of testing I found the 
only way I can get a domain user to access my server is by creating the 
/etc/passwd file and adding the users there. I don't understand the 
workings behind this but at least it works. Thank you very much for your 
help and patience. Due to tons of other things I have to work on now I 
wont be persuing this further but hey, Microsoft are yet again working 
on ssh. Maybe they suceed this time.
All the best.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list