sshd: PID 2308: fatal: seteuid 1090146: Permission denied --> Login to domain server windows 2k12r2 not possible
Brian Inglis
Brian.Inglis@SystematicSw.ab.ca
Thu Mar 8 15:50:00 GMT 2018
On 2018-03-08 04:44, Bernhard Finster wrote:
> login via ssh to cygwin on a domain server 2012r2 standardis not possible (see error in mail subject). The login is either with password, nor with publickey possible.
> The package was created with cygwinsetup.exe v 2.877 (32bit) and works fine on every standalone servers. I have createt a setup batch file with the content below:
>
> c:\start\cygwin\setup.exe -q --local-install --root c:\cygwin -l c:\Start\cygwin
> cd C:\cygwin\bin
> bash --login -c "ssh-host-config -y -c "tty ntsec" -u "cyg_server" -w "password" --privileged"
> bash --login -c "mkdir .ssh"
> bash --login -c "cp /cygdrive/c/Start/authorized_keys .ssh/authorized_keys"
> bash --login -c "chmod 700 .ssh"
> bash --login -c "cygrunsrv -S sshd"
> bash --login -c "syslog-ng-config -y"
> bash --login -c "cygrunsrv -S syslog-ng"
>
> The setup is always startet with the user "Administrator@domain" after joining the domain.
> In my test-domain I have enabled the following user right assignement for the domain admin cyg_server:
>
> * Act as part of the operating system
> * Create a token object
> * Log on as a batch job
> * Log on as a service
> * Repace a process level token
> * Deny log on locally
> * Deny logon through Remotedesktop Services
>
> Attachements:
>
> * ssh_config, sshd_config, original copy from the server
> * ssh-ddd.txt is the output of the command "/usr/sbin/sshd -d -d -d"
> * ssh-vvv.txt is the output of a login attempt to the server (usual Administrator@hostname), I have defined in .ssh/config (host * user Administrator)
> * messages.txt is the output of a login attemt to the server from his syslog-ng log
> * cygcheck
>
> Sorry for my bad english, I hope it will get better.
> Please help if you have any idea for me to get out of this desaster.
You might want to try upgrading setup, upgrading installed packages, and
manually running the ...-config scripts elevated, to see if that fixes the problem.
seteuid handling:
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list