From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18800 invoked by alias); 21 May 2004 02:04:44 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 18350 invoked from network); 21 May 2004 02:04:42 -0000 Received: from unknown (HELO square.phpwebhosting.com) (69.0.231.197) by sourceware.org with SMTP; 21 May 2004 02:04:42 -0000 Received: (qmail 22205 invoked from network); 21 May 2004 02:04:06 -0000 Received: from unknown (HELO orange) (216.13.136.178) by square.phpwebhosting.com with SMTP; 21 May 2004 02:04:06 -0000 Message-ID: <000701c43ed7$e49a3a60$920aa8c0@adexainc.com> From: "Rob S.i.k.l.o.s" To: References: <00fc01c43758$24e95e20$0500a8c0@ron> <6.1.0.6.0.20040512222556.031ef9c8@127.0.0.1> Subject: Re: AW: Inaccessible remote volumes when logged in via ssh Date: Fri, 21 May 2004 09:10:00 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2004-05/txt/msg00713.txt.bz2 Hello, I just noticed that I am also using this problem. For example: $ mount C:\cygwin\bin on /usr/bin type system (binmode) C:\cygwin\lib on /usr/lib type system (binmode) C:\cygwin on / type system (binmode) c: on /c type system (binmode,noumount) w: on /w type system (binmode,noumount) z: on /z type system (binmode,noumount) $ ssh rsiklos@localhost rsiklos@localhost's password: Last login: Thu May 20 22:00:01 2004 from localhost You are successfully logged in to this server!!! $ mount C:\cygwin\bin on /usr/bin type system (binmode) C:\cygwin\lib on /usr/lib type system (binmode) C:\cygwin on / type system (binmode) c: on /c type system (binmode,noumount) I have no idea why this is happening. I know I had it working with sshd on win2k, but I'm running XP now. Other than the o/s change, and updating cygwin every once in a while (including today), I haven't done anything different. I just reinstalled cygwin from scratch (wanted to do it anyways) and the problem is still there. Anything I can do to to figure out what the problem is? Thanks a million, Rob. ----- Original Message ----- From: "Larry Hall" To: "Brindl Ronald" ; Sent: Wednesday, May 12, 2004 10:53 PM Subject: Re: AW: Inaccessible remote volumes when logged in via ssh > At 09:01 AM 5/11/2004, you wrote: > >I am logging in using password (i already heard of troubles using > >publickey, altough i can log in as normal user using public key) > >The volume is mounted using the explorer menu (extra -> connect drive, i > >dont know if thats correct because i have a german version), and it is > >configured to mount automatically at startup. > > > Well, something is wrong with your password authentication then because > the behavior you're getting is exactly the same as with public key > authentication. > > > >I just tried to use "net use" in my ssh-session and noticed it doesnt > >work (system error 1312) > >It is the same case as in > >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php > >And in > >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php > > > >And > >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php > > > >It has something to do with user-privileges and that the sshd runs as > >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and > >not as user which logged in. > > > No, that's not quite right. *If* you use password authentication when you > 'ssh' into your Cygwin ssh server, you will be authenticated by Windows and > have full access to whatever resource (including shares) Windows allows you. > *If* you use public key authentication, you can access any resource that does > not require Windows authentication (including public shares). Either way, > you are running the 'ssh' session as the user you specify (or default to) > for that session. Only 'sshd' runs as SYSTEM (by default). Running 'sshd' > allows switching the user context from SYSTEM to the requested user for > the 'ssh' session. > > > >What i dont understand is, why it works when i log in locally via ssh > >(ssh localhost -l bpc). > > > It "works" because you're already authenticated with Windows on that machine > as the user you're shelling in as. So Windows knows this user and therefore > will provide access to the restricted resources. > > > >It should also run as user system without > >network-privileges. > > > No that's incorrect. > > > >I tried the following: > >At /INTERACTIVE cmd > > > >Which should open a cmd-shell in one minute which runs as SYSTEM. > >The shell opens and i also have no access to the network. > > > That's expected. > > > >So i tried to start the sshd service as user "sshd" (changed owner of > >all files, adjusted the security policies etc). The service starts but > >the strange result is, that i cant login with password anymore, only > >with public key !!! And i still dont have acces to network . > >When i do a ps -W -f i get: > > > > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv > > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd > > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe > > bpc 1716 1680 1 14:11:46 /usr/bin/ps > > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe > > > Don't know why you tried this but as you can see, it doesn't buy you > anything. > > > >So i assume, the shell still run under SYSTEM account > > > No. Now it would be run as user 'sshd', with whatever privileges the 'sshd' > user has. By default, this user has no ability to switch user contexts so > no matter who you log in as, you will always be 'sshd'. > > > >Trying around with UsePrivilegeSeperation i had trouble starting the > >service at all. (complained about wrong privileges of /var/empty) > > > If you start changing the user that 'sshd' runs as, you're going to need > to be careful about resetting file ownership on many files and directories > that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as > any user other than SYSTEM (unless you're running on W2K3 - see the openssh > README for details on running on that platform). At this point, you're > probably best off removing 'openssh' from your system, cleaning up any > leftover files, and reinstalling, using the install scripts and directions > provided with the package. If you're still have problems, we need to know > the steps you took, any messages you got, log files generated, configuration > file settings, etc. But keep in mind you can find out allot about what > 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned > on. See the man pages for details. > > > > -- > Larry Hall http://www.rfk.com > RFK Partners, Inc. (508) 893-9779 - RFK Office > 838 Washington Street (508) 893-9889 - FAX > Holliston, MA 01746 > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/