Need admin privs before something can inherit them (was Re: ssh-host-config doesn't "inherit" user admin privilege)
Brian Inglis
Brian.Inglis@Shaw.ca
Fri Jan 15 04:38:47 GMT 2021
On 2021-01-14 19:55, art wrote:
> On Thursday, January 14, 2021 6:05 PM, L A Walsh wrote:
>> On 2021/01/14 17:21, art wrote:
>>> I get a security code 5 when ssh-host-config tries to install cygsshd. I
>>> was logged into Win 10 pro/x64 as an admin user. The "fix" was to start a
>>> Cygwin64 Terminal with Admin and then run ssh-host-config within this script.
>> You say ssh-host-config tries to install cygsshd. How was ssh-host-config
>> called (started)? When Cygwin64 Terminal was run, it was run with Admin
>> at the start. Was that done when ssh-host-config was run?
>>
>> How was it run?
> Yes, I did a right-click on the cygwin terminal icon and chose a "run as
> administrator" option. This is like doing a sudo to start a linux shell...
> everything run in the shell inherits "admin"/"root" as appropriate. Followed
> by using this shell to do:
>
> cd /usr/bin
> ./ssh-host-config
>
> I entered 'yes' responses to the various setup questions including yes to
> privileged separation. I never bumped into this sort of inheritance problem
> in Windows 7 and earlier. Seems to be a Windows 10 "feature". This past week
> I ran into the same problem using an Intel supplied command script to
> install their hydra_mpi server. Another knowledgeable Windows 10 user reports
> he, too, has encountered this issue.
It's been years but I don't remember anything being different under Win 7, for
"non-native" Windows programs that are not prepared to handle elevation, whereas
Cygwin setup is and does.
> After installation I do some local tweaks to sshd_config such as disablng
> plain-text password logins. I'm able to succesfully connect using ssh/sftp
> from other platforms to this system using public key authentication. Windows
> is configured to autostart cygsshd.
>
> I can add that I previously added C:\cygwin64 to the list of Windows
> Defender exceptions.
You always had to start cmd or bash with Run as Admin to run anything elevated
e.g. C:\cygwin64\bin\bash /bin/script.
Similarly in Windows scheduled tasks: Run as SYSTEM, whether logged in or not,
Do not store password, with highest privileges.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
More information about the Cygwin
mailing list