* Inaccessible remote volumes when logged in via ssh @ 2004-05-10 21:10 Brindl Ronald 2004-05-10 22:10 ` Joshua Daniel Franklin 0 siblings, 1 reply; 6+ messages in thread From: Brindl Ronald @ 2004-05-10 21:10 UTC (permalink / raw) To: cygwin [-- Attachment #1: Type: text/plain, Size: 1168 bytes --] When i log in to my system via ssh as a normal (non-admin) user, I cannot access network-volumes mounted to a drive letter. For example i have the following setup: \\asterix\shared mounted to local drive letter J: on machine obelix On obelix, when i start a local instance of a cygwin shell, i can do "ls j:" or mount "j:" "/j". If i dont do a "cygwin-mount", i see it under /cygdrive/j/. When i log in to obelix via ssh, i dont see that volume at all. I cant ls it, i cant mount it etc: $ ls /cygdrive/j ls: /cygdrive/j: No such file or directory Or $ mount "j:" "/j" mount: warning - /j does not exist. mount: defaulting to '--no-executable' flag for speed since native path references a remote share. Use '-f' option to override. mount: /j: Permission denied I have all the necessary permissions on that volume. And now comes the strange thing: When i am in a local cygwin-shell and do a "ssh localhost -l bpc" (where bpc is my local user), then I can access everything! Also when I log in remotly via ssh as admin-user. Sshd is running as local system, UsePrivilegeSeparation is off. Are there some sshd-settings which i have to set? Thanks, ron. [-- Attachment #2: cygcheck.out --] [-- Type: application/octet-stream, Size: 13256 bytes --] Cygwin Win95/NT Configuration Diagnostics Current System Time: Mon May 10 22:25:22 2004 Windows 2000 Professional Ver 5.0 Build 2195 Service Pack 4 Path: C:\cygwin\usr\local\bin C:\cygwin\bin C:\cygwin\bin C:\cygwin\usr\X11R6\bin c:\WINNT\system32 c:\WINNT c:\WINNT\System32\Wbem c:\PROGRA~1\GEMEIN~1\Odbc\FILEMA~1 C:\cygwin\bin Output from C:\cygwin\bin\id.exe (nontsec) UID: 500(Administrator) GID: 513(Kein) 513(Kein) Output from C:\cygwin\bin\id.exe (ntsec) UID: 500(Administrator) GID: 513(Kein) 0(root) 513(Kein) 544(Administratoren) 545(Benutzer) SysDir: C:\WINNT\system32 WinDir: C:\WINNT CYGWIN = `ntsec tty' HOME = `C:\cygwin\home\Administrator' MAKE_MODE = `unix' PWD = `/home/Administrator' USER = `Administrator' ALLUSERSPROFILE = `C:\Dokumente und Einstellungen\All Users' COMMONPROGRAMFILES = `C:\Programme\Gemeinsame Dateien' COMPUTERNAME = `OBELIX' COMSPEC = `C:\WINNT\system32\cmd.exe' CVS_RSH = `/bin/ssh' HOMEDRIVE = `C:' HOMEPATH = `\cygwin\home\Administrator' HOSTNAME = `OBELIX' INFOPATH = `/usr/local/info:/usr/info:/usr/share/info:/usr/autotool/devel/info:/usr/autotool/stable/info:' LOGNAME = `Administrator' LOGONSERVER = `\\OBELIX' MAIL = `/var/spool/mail/Administrator' MANPATH = `/usr/local/man:/usr/man:/usr/share/man:/usr/autotool/devel/man::/usr/ssl/man' NUMBER_OF_PROCESSORS = `1' OLDPWD = `/home/Administrator' OS2LIBPATH = `C:\WINNT\system32\os2\dll;' OS = `Windows_NT' PATHEXT = `.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH' PROCESSOR_ARCHITECTURE = `x86' PROCESSOR_IDENTIFIER = `x86 Family 6 Model 4 Stepping 2, AuthenticAMD' PROCESSOR_LEVEL = `6' PROCESSOR_REVISION = `0402' PROGRAMFILES = `C:\Programme' PS1 = `\[\033]0;\w\007 \033[32m\]\u@\h \[\033[33m\w\033[0m\] $ ' SHELL = `/bin/bash' SHLVL = `1' SSH_CLIENT = `xxxxxxxxxxxxxxxxxxxxxxxxx' SSH_CONNECTION = `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' SSH_TTY = `/dev/tty0' SYSTEMDRIVE = `C:' SYSTEMROOT = `C:\WINNT' TEMP = `c:\WINNT\TEMP' TERM = `xterm' TMP = `c:\WINNT\TEMP' TZ = ` -1 -2,M3.5.0/2,M10.5.0/3' USERDOMAIN = `OBELIX' USERNAME = `Administrator' WINDIR = `C:\WINNT' _ = `/usr/bin/cygcheck' POSIXLY_CORRECT = `1' HKEY_CURRENT_USER\Software\Cygnus Solutions HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2 HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\Program Options HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2 (default) = `/cygdrive' cygdrive flags = 0x00000022 HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/ (default) = `C:\cygwin' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin (default) = `C:\cygwin/bin' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/lib (default) = `C:\cygwin/lib' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\Program Options a: fd N/A N/A c: hd NTFS 19610Mb 17% CP CS UN PA FC d: cd N/A N/A j: net NTFS 57670Mb 6% CP CS UN PA FC C:\cygwin / system binmode C:\cygwin/bin /usr/bin system binmode C:\cygwin/lib /usr/lib system binmode . /cygdrive system binmode,cygdrive Found: C:\cygwin\bin\awk.exe Found: C:\cygwin\bin\bash.exe Found: C:\cygwin\bin\cat.exe Found: C:\cygwin\bin\cp.exe Not Found: cpp (good!) Found: C:\cygwin\bin\find.exe Not Found: gcc Not Found: gdb Found: C:\cygwin\bin\grep.exe Not Found: ld Found: C:\cygwin\bin\ls.exe Not Found: make Found: C:\cygwin\bin\mv.exe Found: C:\cygwin\bin\rm.exe Found: C:\cygwin\bin\sed.exe Found: C:\cygwin\bin\sh.exe Found: C:\cygwin\bin\tar.exe 61k 2003/08/09 C:\cygwin\bin\cygbz2-1.dll - os=4.0 img=1.0 sys=4.0 "cygbz2-1.dll" v0.0 ts=2003/8/9 8:35 7k 2003/10/19 C:\cygwin\bin\cygcrypt-0.dll - os=4.0 img=1.0 sys=4.0 "cygcrypt-0.dll" v0.0 ts=2003/10/19 9:57 841k 2004/03/17 C:\cygwin\bin\cygcrypto-0.9.7.dll - os=4.0 img=1.0 sys=4.0 "cygcrypto-0.9.7.dll" v0.0 ts=2004/3/17 23:58 617k 2004/03/22 C:\cygwin\bin\cygcurl-2.dll - os=4.0 img=1.0 sys=4.0 "cygcurl-2.dll" v0.0 ts=2004/3/22 16:52 22k 2004/02/10 C:\cygwin\bin\cygcygipc-2.dll - os=4.0 img=1.0 sys=4.0 "cygcygipc-2.dll" v0.0 ts=2004/2/10 3:48 45k 2001/04/25 C:\cygwin\bin\cygform5.dll - os=4.0 img=1.0 sys=4.0 "cygform5.dll" v0.0 ts=2001/4/25 7:28 35k 2002/01/09 C:\cygwin\bin\cygform6.dll - os=4.0 img=1.0 sys=4.0 "cygform6.dll" v0.0 ts=2002/1/9 7:03 48k 2003/08/09 C:\cygwin\bin\cygform7.dll - os=4.0 img=1.0 sys=4.0 "cygform7.dll" v0.0 ts=2003/8/9 11:25 28k 2003/07/20 C:\cygwin\bin\cyggdbm-3.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm-3.dll" v0.0 ts=2003/7/20 9:58 30k 2003/08/11 C:\cygwin\bin\cyggdbm-4.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm-4.dll" v0.0 ts=2003/8/11 4:12 19k 2003/03/22 C:\cygwin\bin\cyggdbm.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm.dll" v0.0 ts=2002/2/20 4:05 15k 2003/07/20 C:\cygwin\bin\cyggdbm_compat-3.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm_compat-3.dll" v0.0 ts=2003/7/20 10:00 15k 2003/08/11 C:\cygwin\bin\cyggdbm_compat-4.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm_compat-4.dll" v0.0 ts=2003/8/11 4:13 69k 2003/08/10 C:\cygwin\bin\cyggettextlib-0-12-1.dll - os=4.0 img=1.0 sys=4.0 "cyggettextlib-0-12-1.dll" v0.0 ts=2003/8/11 0:10 12k 2003/08/10 C:\cygwin\bin\cyggettextpo-0.dll - os=4.0 img=1.0 sys=4.0 "cyggettextpo-0.dll" v0.0 ts=2003/8/11 0:11 134k 2003/08/10 C:\cygwin\bin\cyggettextsrc-0-12-1.dll - os=4.0 img=1.0 sys=4.0 "cyggettextsrc-0-12-1.dll" v0.0 ts=2003/8/11 0:10 17k 2001/06/28 C:\cygwin\bin\cyghistory4.dll - os=4.0 img=1.0 sys=4.0 "cyghistory4.dll" v0.0 ts=2001/1/7 5:34 29k 2003/08/10 C:\cygwin\bin\cyghistory5.dll - os=4.0 img=1.0 sys=4.0 "cyghistory5.dll" v0.0 ts=2003/8/11 1:16 958k 2003/08/10 C:\cygwin\bin\cygiconv-2.dll - os=4.0 img=1.0 sys=4.0 "cygiconv-2.dll" v0.0 ts=2003/8/10 22:57 22k 2001/12/13 C:\cygwin\bin\cygintl-1.dll - os=4.0 img=1.0 sys=4.0 "cygintl-1.dll" v0.0 ts=2001/12/13 10:28 37k 2003/08/10 C:\cygwin\bin\cygintl-2.dll - os=4.0 img=1.0 sys=4.0 "cygintl-2.dll" v0.0 ts=2003/8/10 23:50 26k 2001/04/25 C:\cygwin\bin\cygmenu5.dll - os=4.0 img=1.0 sys=4.0 "cygmenu5.dll" v0.0 ts=2001/4/25 7:27 20k 2002/01/09 C:\cygwin\bin\cygmenu6.dll - os=4.0 img=1.0 sys=4.0 "cygmenu6.dll" v0.0 ts=2002/1/9 7:03 29k 2003/08/09 C:\cygwin\bin\cygmenu7.dll - os=4.0 img=1.0 sys=4.0 "cygmenu7.dll" v0.0 ts=2003/8/9 11:25 15k 2003/11/20 C:\cygwin\bin\cygminires.dll - os=4.0 img=0.97 sys=4.0 "cygminires.dll" v0.0 ts=2003/11/20 2:55 156k 2001/04/25 C:\cygwin\bin\cygncurses++5.dll - os=4.0 img=1.0 sys=4.0 "cygncurses++5.dll" v0.0 ts=2001/4/25 7:29 175k 2002/01/09 C:\cygwin\bin\cygncurses++6.dll - os=4.0 img=1.0 sys=4.0 "cygncurses++6.dll" v0.0 ts=2002/1/9 7:03 226k 2001/04/25 C:\cygwin\bin\cygncurses5.dll - os=4.0 img=1.0 sys=4.0 "cygncurses5.dll" v0.0 ts=2001/4/25 7:17 202k 2002/01/09 C:\cygwin\bin\cygncurses6.dll - os=4.0 img=1.0 sys=4.0 "cygncurses6.dll" v0.0 ts=2002/1/9 7:03 224k 2003/08/09 C:\cygwin\bin\cygncurses7.dll - os=4.0 img=1.0 sys=4.0 "cygncurses7.dll" v0.0 ts=2003/8/9 11:24 15k 2001/04/25 C:\cygwin\bin\cygpanel5.dll - os=4.0 img=1.0 sys=4.0 "cygpanel5.dll" v0.0 ts=2001/4/25 7:27 12k 2002/01/09 C:\cygwin\bin\cygpanel6.dll - os=4.0 img=1.0 sys=4.0 "cygpanel6.dll" v0.0 ts=2002/1/9 7:03 19k 2003/08/09 C:\cygwin\bin\cygpanel7.dll - os=4.0 img=1.0 sys=4.0 "cygpanel7.dll" v0.0 ts=2003/8/9 11:24 62k 2003/12/11 C:\cygwin\bin\cygpcre-0.dll - os=4.0 img=1.0 sys=4.0 "cygpcre-0.dll" v0.0 ts=2003/12/11 18:01 63k 2003/04/11 C:\cygwin\bin\cygpcre.dll - os=4.0 img=1.0 sys=4.0 "cygpcre.dll" v0.0 ts=2003/4/11 10:31 9k 2003/12/11 C:\cygwin\bin\cygpcreposix-0.dll - os=4.0 img=1.0 sys=4.0 "cygpcreposix-0.dll" v0.0 ts=2003/12/11 18:01 61k 2003/04/11 C:\cygwin\bin\cygpcreposix.dll - os=4.0 img=1.0 sys=4.0 "cygpcreposix.dll" v0.0 ts=2003/4/11 10:31 22k 2002/06/09 C:\cygwin\bin\cygpopt-0.dll - os=4.0 img=1.0 sys=4.0 "cygpopt-0.dll" v0.0 ts=2002/6/9 7:45 108k 2001/06/28 C:\cygwin\bin\cygreadline4.dll - os=4.0 img=1.0 sys=4.0 "cygreadline4.dll" v0.0 ts=2001/1/7 5:34 148k 2003/08/10 C:\cygwin\bin\cygreadline5.dll - os=4.0 img=1.0 sys=4.0 "cygreadline5.dll" v0.0 ts=2003/8/11 1:16 171k 2004/03/17 C:\cygwin\bin\cygssl-0.9.7.dll - os=4.0 img=1.0 sys=4.0 "cygssl-0.9.7.dll" v0.0 ts=2004/3/17 23:58 61k 2003/12/04 C:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0 "cygz.dll" v0.0 ts=2003/12/4 4:03 1100k 2004/03/19 C:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0 "cygwin1.dll" v0.0 ts=2004/3/19 5:05 Cygwin DLL version info: DLL version: 1.5.9 DLL epoch: 19 DLL bad signal mask: 19005 DLL old termios: 5 DLL malloc env: 28 API major: 0 API minor: 112 Shared data: 4 DLL identifier: cygwin1 Mount registry: 2 Cygnus registry name: Cygnus Solutions Cygwin registry name: Cygwin Program options name: Program Options Cygwin mount registry name: mounts v2 Cygdrive flags: cygdrive flags Cygdrive prefix: cygdrive prefix Cygdrive default prefix: Build date: Thu Mar 18 23:05:18 EST 2004 Shared id: cygwin1S4 Cygwin Package Information Last downloaded files to: C:\cygwin-packages Last downloaded files from: ftp://ftp.gwdg.de/pub/linux/sources.redhat.com/cygwin Package Version _update-info-dir 00227-1 ash 20040127-1 base-files 2.6-1 base-passwd 1.1-1 bash 2.05b-16 bzip2 1.0.2-5 cron 3.0.1-11 crypt 1.1-1 curl 7.11.1-1 cygipc 2.03-2 cygrunsrv 1.0-1 cygwin 1.5.9-1 diffutils 2.8.7-1 editrights 1.01-1 fileutils 4.1-2 findutils 4.1.7-4 gawk 3.1.3-4 gdbm 1.8.3-7 grep 2.5-1 groff 1.18.1-2 gzip 1.3.5-1 inetutils 1.3.2-27 less 381-1 libbz2_1 1.0.2-5 libgdbm 1.8.0-5 libgdbm-devel 1.8.3-7 libgdbm3 1.8.3-3 libgdbm4 1.8.3-7 libgettextpo0 0.12.1-3 libiconv2 1.9.1-3 libintl1 0.10.40-1 libintl2 0.12.1-3 libncurses5 5.2-1 libncurses6 5.2-8 libncurses7 5.3-4 libpcre 4.1-1 libpcre0 4.5-1 libpopt0 1.6.4-4 libreadline4 4.1-2 libreadline5 4.3-5 login 1.9-7 man 1.5k-3 minires 0.97-1 mktemp 1.5-3 ncurses 5.3-4 openssh 3.8.1p1-1 openssl 0.9.7d-1 postgresql 7.4.1-3 readline 4.3-5 sed 4.0.9-2 sh-utils 2.0.15-4 ssmtp 2.60.4-3 tar 1.13.25-5 termcap 20021106-2 terminfo 5.3_20030726-1 texinfo 4.2-4 textutils 2.0.21-1 unzip 5.50-5 vim 6.2.098-1 wget 1.9.1-1 which 1.5-2 zip 2.3-6 zlib 1.2.1-1 Use -h to see help about each section [-- Attachment #3: Type: text/plain, Size: 218 bytes --] -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Inaccessible remote volumes when logged in via ssh 2004-05-10 21:10 Inaccessible remote volumes when logged in via ssh Brindl Ronald @ 2004-05-10 22:10 ` Joshua Daniel Franklin 2004-05-11 14:05 ` AW: " Brindl Ronald 0 siblings, 1 reply; 6+ messages in thread From: Joshua Daniel Franklin @ 2004-05-10 22:10 UTC (permalink / raw) To: rbrindl, cygwin On Mon, 10 May 2004 22:50:27 +0200, Brindl Ronald <rbrindl@gmx.at> wrote: > Sshd is running as local system, Are you logging in with a password or publickey? Are you using the 'net use' command? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* AW: Inaccessible remote volumes when logged in via ssh 2004-05-10 22:10 ` Joshua Daniel Franklin @ 2004-05-11 14:05 ` Brindl Ronald 2004-05-13 6:31 ` Larry Hall 0 siblings, 1 reply; 6+ messages in thread From: Brindl Ronald @ 2004-05-11 14:05 UTC (permalink / raw) To: 'Joshua Daniel Franklin', cygwin I am logging in using password (i already heard of troubles using publickey, altough i can log in as normal user using public key) The volume is mounted using the explorer menu (extra -> connect drive, i dont know if thats correct because i have a german version), and it is configured to mount automatically at startup. I just tried to use "net use" in my ssh-session and noticed it doesnt work (system error 1312) It is the same case as in http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php And in http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php And http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php It has something to do with user-privileges and that the sshd runs as user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and not as user which logged in. What i dont understand is, why it works when i log in locally via ssh (ssh localhost -l bpc). It should also run as user system without network-privileges. I tried the following: At <current-time + 1> /INTERACTIVE cmd Which should open a cmd-shell in one minute which runs as SYSTEM. The shell opens and i also have no access to the network. So i tried to start the sshd service as user "sshd" (changed owner of all files, adjusted the security policies etc). The service starts but the strange result is, that i cant login with password anymore, only with public key !!! And i still dont have acces to network . When i do a ps -W -f i get: sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe bpc 1716 1680 1 14:11:46 /usr/bin/ps 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe So i assume, the shell still run under SYSTEM account Trying around with UsePrivilegeSeperation i had trouble starting the service at all. (complained about wrong privileges of /var/empty) Ron. -----Ursprüngliche Nachricht----- Von: Joshua Daniel Franklin [mailto:joshuadfranklin@gmail.com] Gesendet: Montag, 10. Mai 2004 22:21 An: rbrindl@gmx.at; cygwin@cygwin.com Betreff: Re: Inaccessible remote volumes when logged in via ssh On Mon, 10 May 2004 22:50:27 +0200, Brindl Ronald <rbrindl@gmx.at> wrote: > Sshd is running as local system, Are you logging in with a password or publickey? Are you using the 'net use' command? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh 2004-05-11 14:05 ` AW: " Brindl Ronald @ 2004-05-13 6:31 ` Larry Hall 2004-05-21 9:10 ` Rob S.i.k.l.o.s 0 siblings, 1 reply; 6+ messages in thread From: Larry Hall @ 2004-05-13 6:31 UTC (permalink / raw) To: Brindl Ronald, cygwin At 09:01 AM 5/11/2004, you wrote: >I am logging in using password (i already heard of troubles using >publickey, altough i can log in as normal user using public key) >The volume is mounted using the explorer menu (extra -> connect drive, i >dont know if thats correct because i have a german version), and it is >configured to mount automatically at startup. Well, something is wrong with your password authentication then because the behavior you're getting is exactly the same as with public key authentication. >I just tried to use "net use" in my ssh-session and noticed it doesnt >work (system error 1312) >It is the same case as in >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php >And in >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php > >And >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php > >It has something to do with user-privileges and that the sshd runs as >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and >not as user which logged in. No, that's not quite right. *If* you use password authentication when you 'ssh' into your Cygwin ssh server, you will be authenticated by Windows and have full access to whatever resource (including shares) Windows allows you. *If* you use public key authentication, you can access any resource that does not require Windows authentication (including public shares). Either way, you are running the 'ssh' session as the user you specify (or default to) for that session. Only 'sshd' runs as SYSTEM (by default). Running 'sshd' allows switching the user context from SYSTEM to the requested user for the 'ssh' session. >What i dont understand is, why it works when i log in locally via ssh >(ssh localhost -l bpc). It "works" because you're already authenticated with Windows on that machine as the user you're shelling in as. So Windows knows this user and therefore will provide access to the restricted resources. >It should also run as user system without >network-privileges. No that's incorrect. >I tried the following: >At <current-time + 1> /INTERACTIVE cmd > >Which should open a cmd-shell in one minute which runs as SYSTEM. >The shell opens and i also have no access to the network. That's expected. >So i tried to start the sshd service as user "sshd" (changed owner of >all files, adjusted the security policies etc). The service starts but >the strange result is, that i cant login with password anymore, only >with public key !!! And i still dont have acces to network . >When i do a ps -W -f i get: > > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe > bpc 1716 1680 1 14:11:46 /usr/bin/ps > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe Don't know why you tried this but as you can see, it doesn't buy you anything. >So i assume, the shell still run under SYSTEM account No. Now it would be run as user 'sshd', with whatever privileges the 'sshd' user has. By default, this user has no ability to switch user contexts so no matter who you log in as, you will always be 'sshd'. >Trying around with UsePrivilegeSeperation i had trouble starting the >service at all. (complained about wrong privileges of /var/empty) If you start changing the user that 'sshd' runs as, you're going to need to be careful about resetting file ownership on many files and directories that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as any user other than SYSTEM (unless you're running on W2K3 - see the openssh README for details on running on that platform). At this point, you're probably best off removing 'openssh' from your system, cleaning up any leftover files, and reinstalling, using the install scripts and directions provided with the package. If you're still have problems, we need to know the steps you took, any messages you got, log files generated, configuration file settings, etc. But keep in mind you can find out allot about what 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned on. See the man pages for details. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh 2004-05-13 6:31 ` Larry Hall @ 2004-05-21 9:10 ` Rob S.i.k.l.o.s 2004-05-21 9:33 ` Larry Hall 0 siblings, 1 reply; 6+ messages in thread From: Rob S.i.k.l.o.s @ 2004-05-21 9:10 UTC (permalink / raw) To: cygwin Hello, I just noticed that I am also using this problem. For example: $ mount C:\cygwin\bin on /usr/bin type system (binmode) C:\cygwin\lib on /usr/lib type system (binmode) C:\cygwin on / type system (binmode) c: on /c type system (binmode,noumount) w: on /w type system (binmode,noumount) z: on /z type system (binmode,noumount) $ ssh rsiklos@localhost rsiklos@localhost's password: Last login: Thu May 20 22:00:01 2004 from localhost You are successfully logged in to this server!!! $ mount C:\cygwin\bin on /usr/bin type system (binmode) C:\cygwin\lib on /usr/lib type system (binmode) C:\cygwin on / type system (binmode) c: on /c type system (binmode,noumount) I have no idea why this is happening. I know I had it working with sshd on win2k, but I'm running XP now. Other than the o/s change, and updating cygwin every once in a while (including today), I haven't done anything different. I just reinstalled cygwin from scratch (wanted to do it anyways) and the problem is still there. Anything I can do to to figure out what the problem is? Thanks a million, Rob. ----- Original Message ----- From: "Larry Hall" <cygwin-lh@cygwin.com> To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com> Sent: Wednesday, May 12, 2004 10:53 PM Subject: Re: AW: Inaccessible remote volumes when logged in via ssh > At 09:01 AM 5/11/2004, you wrote: > >I am logging in using password (i already heard of troubles using > >publickey, altough i can log in as normal user using public key) > >The volume is mounted using the explorer menu (extra -> connect drive, i > >dont know if thats correct because i have a german version), and it is > >configured to mount automatically at startup. > > > Well, something is wrong with your password authentication then because > the behavior you're getting is exactly the same as with public key > authentication. > > > >I just tried to use "net use" in my ssh-session and noticed it doesnt > >work (system error 1312) > >It is the same case as in > >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php > >And in > >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php > > > >And > >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php > > > >It has something to do with user-privileges and that the sshd runs as > >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and > >not as user which logged in. > > > No, that's not quite right. *If* you use password authentication when you > 'ssh' into your Cygwin ssh server, you will be authenticated by Windows and > have full access to whatever resource (including shares) Windows allows you. > *If* you use public key authentication, you can access any resource that does > not require Windows authentication (including public shares). Either way, > you are running the 'ssh' session as the user you specify (or default to) > for that session. Only 'sshd' runs as SYSTEM (by default). Running 'sshd' > allows switching the user context from SYSTEM to the requested user for > the 'ssh' session. > > > >What i dont understand is, why it works when i log in locally via ssh > >(ssh localhost -l bpc). > > > It "works" because you're already authenticated with Windows on that machine > as the user you're shelling in as. So Windows knows this user and therefore > will provide access to the restricted resources. > > > >It should also run as user system without > >network-privileges. > > > No that's incorrect. > > > >I tried the following: > >At <current-time + 1> /INTERACTIVE cmd > > > >Which should open a cmd-shell in one minute which runs as SYSTEM. > >The shell opens and i also have no access to the network. > > > That's expected. > > > >So i tried to start the sshd service as user "sshd" (changed owner of > >all files, adjusted the security policies etc). The service starts but > >the strange result is, that i cant login with password anymore, only > >with public key !!! And i still dont have acces to network . > >When i do a ps -W -f i get: > > > > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv > > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd > > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe > > bpc 1716 1680 1 14:11:46 /usr/bin/ps > > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe > > > Don't know why you tried this but as you can see, it doesn't buy you > anything. > > > >So i assume, the shell still run under SYSTEM account > > > No. Now it would be run as user 'sshd', with whatever privileges the 'sshd' > user has. By default, this user has no ability to switch user contexts so > no matter who you log in as, you will always be 'sshd'. > > > >Trying around with UsePrivilegeSeperation i had trouble starting the > >service at all. (complained about wrong privileges of /var/empty) > > > If you start changing the user that 'sshd' runs as, you're going to need > to be careful about resetting file ownership on many files and directories > that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as > any user other than SYSTEM (unless you're running on W2K3 - see the openssh > README for details on running on that platform). At this point, you're > probably best off removing 'openssh' from your system, cleaning up any > leftover files, and reinstalling, using the install scripts and directions > provided with the package. If you're still have problems, we need to know > the steps you took, any messages you got, log files generated, configuration > file settings, etc. But keep in mind you can find out allot about what > 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned > on. See the man pages for details. > > > > -- > Larry Hall http://www.rfk.com > RFK Partners, Inc. (508) 893-9779 - RFK Office > 838 Washington Street (508) 893-9889 - FAX > Holliston, MA 01746 > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh 2004-05-21 9:10 ` Rob S.i.k.l.o.s @ 2004-05-21 9:33 ` Larry Hall 0 siblings, 0 replies; 6+ messages in thread From: Larry Hall @ 2004-05-21 9:33 UTC (permalink / raw) To: Rob S.i.k.l.o.s, cygwin I can confirm the problem on XP as well as the inverse on W2K (I'm just mapping and 'subst'ing to a local share). For the moment at least, beyond debugging it of course, I don't have any good suggestions for you. It may well be that XP disallows this functionality though. If you investigate, please follow up on the list with your results. Larry At 10:04 PM 5/20/2004, you wrote: >Hello, > >I just noticed that I am also using this problem. > >For example: > >$ mount >C:\cygwin\bin on /usr/bin type system (binmode) >C:\cygwin\lib on /usr/lib type system (binmode) >C:\cygwin on / type system (binmode) >c: on /c type system (binmode,noumount) >w: on /w type system (binmode,noumount) >z: on /z type system (binmode,noumount) > >$ ssh rsiklos@localhost >rsiklos@localhost's password: >Last login: Thu May 20 22:00:01 2004 from localhost >You are successfully logged in to this server!!! > >$ mount >C:\cygwin\bin on /usr/bin type system (binmode) >C:\cygwin\lib on /usr/lib type system (binmode) >C:\cygwin on / type system (binmode) >c: on /c type system (binmode,noumount) > >I have no idea why this is happening. I know I had it working with sshd on >win2k, but I'm running XP now. Other than the o/s change, and updating >cygwin every once in a while (including today), I haven't done anything >different. I just reinstalled cygwin from scratch (wanted to do it anyways) >and the problem is still there. > >Anything I can do to to figure out what the problem is? > >Thanks a million, > >Rob. > >----- Original Message ----- >From: "Larry Hall" <cygwin-lh@cygwin.com> >To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com> >Sent: Wednesday, May 12, 2004 10:53 PM >Subject: Re: AW: Inaccessible remote volumes when logged in via ssh > > >> At 09:01 AM 5/11/2004, you wrote: >> >I am logging in using password (i already heard of troubles using >> >publickey, altough i can log in as normal user using public key) >> >The volume is mounted using the explorer menu (extra -> connect drive, i >> >dont know if thats correct because i have a german version), and it is >> >configured to mount automatically at startup. >> >> >> Well, something is wrong with your password authentication then because >> the behavior you're getting is exactly the same as with public key >> authentication. >> >> >> >I just tried to use "net use" in my ssh-session and noticed it doesnt >> >work (system error 1312) >> >It is the same case as in >> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php >> >And in >> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php >> > >> >And >> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php >> > >> >It has something to do with user-privileges and that the sshd runs as >> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and >> >not as user which logged in. >> >> >> No, that's not quite right. *If* you use password authentication when you >> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows >and >> have full access to whatever resource (including shares) Windows allows >you. >> *If* you use public key authentication, you can access any resource that >does >> not require Windows authentication (including public shares). Either way, >> you are running the 'ssh' session as the user you specify (or default to) >> for that session. Only 'sshd' runs as SYSTEM (by default). Running >'sshd' >> allows switching the user context from SYSTEM to the requested user for >> the 'ssh' session. >> >> >> >What i dont understand is, why it works when i log in locally via ssh >> >(ssh localhost -l bpc). >> >> >> It "works" because you're already authenticated with Windows on that >machine >> as the user you're shelling in as. So Windows knows this user and >therefore >> will provide access to the restricted resources. >> >> >> >It should also run as user system without >> >network-privileges. >> >> >> No that's incorrect. >> >> >> >I tried the following: >> >At <current-time + 1> /INTERACTIVE cmd >> > >> >Which should open a cmd-shell in one minute which runs as SYSTEM. >> >The shell opens and i also have no access to the network. >> >> >> That's expected. >> >> >> >So i tried to start the sshd service as user "sshd" (changed owner of >> >all files, adjusted the security policies etc). The service starts but >> >the strange result is, that i cant login with password anymore, only >> >with public key !!! And i still dont have acces to network . >> >When i do a ps -W -f i get: >> > >> > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv >> > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd >> > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe >> > bpc 1716 1680 1 14:11:46 /usr/bin/ps >> > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe >> >> >> Don't know why you tried this but as you can see, it doesn't buy you >> anything. >> >> >> >So i assume, the shell still run under SYSTEM account >> >> >> No. Now it would be run as user 'sshd', with whatever privileges the >'sshd' >> user has. By default, this user has no ability to switch user contexts so >> no matter who you log in as, you will always be 'sshd'. >> >> >> >Trying around with UsePrivilegeSeperation i had trouble starting the >> >service at all. (complained about wrong privileges of /var/empty) >> >> >> If you start changing the user that 'sshd' runs as, you're going to need >> to be careful about resetting file ownership on many files and directories >> that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as >> any user other than SYSTEM (unless you're running on W2K3 - see the >openssh >> README for details on running on that platform). At this point, you're >> probably best off removing 'openssh' from your system, cleaning up any >> leftover files, and reinstalling, using the install scripts and directions >> provided with the package. If you're still have problems, we need to know >> the steps you took, any messages you got, log files generated, >configuration >> file settings, etc. But keep in mind you can find out allot about what >> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned >> on. See the man pages for details. >> >> >> >> -- >> Larry Hall http://www.rfk.com >> RFK Partners, Inc. (508) 893-9779 - RFK Office >> 838 Washington Street (508) 893-9889 - FAX >> Holliston, MA 01746 >> >> >> -- >> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >> Problem reports: http://cygwin.com/problems.html >> Documentation: http://cygwin.com/docs.html >> FAQ: http://cygwin.com/faq/ >> >> > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-05-21 4:33 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2004-05-10 21:10 Inaccessible remote volumes when logged in via ssh Brindl Ronald 2004-05-10 22:10 ` Joshua Daniel Franklin 2004-05-11 14:05 ` AW: " Brindl Ronald 2004-05-13 6:31 ` Larry Hall 2004-05-21 9:10 ` Rob S.i.k.l.o.s 2004-05-21 9:33 ` Larry Hall
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).