Cygwin 2.763 32bit SSHD public key auth. failure on Windows Server 2016 R2 64bit
Aliaksei Hladkikh
Aliaksei.Hladkikh@seavus.com
Mon Feb 5 08:01:00 GMT 2018
Hello
Can't connect to Cygwin SSHD using public key set up, but same Cygwin configuration/OS/client
works with Cygwin 2.763 32bit on Windows Server 2008 R2 64bit.
See var/log/messages extracts.
Seems to be connected with SeTcbPrivilege problem because of
"fatal: seteuid 1049698: Operation not permitted" log record, but ALL existing Local Policy privileges were granted
to dsm user under which Windows service runs or Administrators group where dsm is a member,
gpupdate executed and service restarted.
Going to try x64 Cygwin, but it's scary to change that Server 2016 R2.
Regards
------------------------------------------------------------
sshd_public_key_fail.log:
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method none [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 0 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method publickey [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 1 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:WwiWbTcBCmRCXPeuoN9D792twtGPp0xK0GfUCgqUS1Q [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: temporarily_use_uid: 1049698/1049089 (e=197609/197121)
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: fatal: seteuid 1049698: Operation not permitted
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: do_cleanup
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: Killing privsep child 5592
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS received [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: KEX done [preauth]
sshd_password_ok.log:
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: userauth-request for user dsm service ssh-connection method password [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: attempt 3 failures 2 [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Accepted password for dsm from 37.17.38.141 port 10330 ssh2
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_child_preauth: dsm has been authenticated by privileged process
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_read_log: child log fd closed
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: ssh_packet_set_postauth: called
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Entering interactive session for SSH2.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_init_dispatch
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: input_session_request
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: channel 0: new [server-session]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_new: session 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: session 0: link with channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: confirm session
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req pty-req
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Allocating pty.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_pty_req: session 0 alloc /dev/pty1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req shell
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Starting session: shell on pty1 for dsm from 37.17.38.141 port 10330 id 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: Setting controlling tty using TIOCSCTTY.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: permanently_set_uid: 1049698/1049089
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: fd 5 clearing O_NONBLOCK
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: Forked child 4728.
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: rexec line 96: Deprecated option UsePrivilegeSeparation
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: inetd sockets after dupping: 3, 3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck.out
Type: application/octet-stream
Size: 18568 bytes
Desc: cygcheck.out
URL: <http://cygwin.com/pipermail/cygwin/attachments/20180205/0c74b076/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd_password_ok.log
Type: application/octet-stream
Size: 3198 bytes
Desc: sshd_password_ok.log
URL: <http://cygwin.com/pipermail/cygwin/attachments/20180205/0c74b076/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd_public_key_fail.log
Type: application/octet-stream
Size: 1519 bytes
Desc: sshd_public_key_fail.log
URL: <http://cygwin.com/pipermail/cygwin/attachments/20180205/0c74b076/attachment-0002.obj>
-------------- next part --------------
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list