* strange cygwin sshd user generated (user name includes machine name)
@ 2015-10-03 17:12 Peter Moore
2015-10-03 18:27 ` Peter Moore
2015-10-10 4:06 ` Linda Walsh
0 siblings, 2 replies; 5+ messages in thread
From: Peter Moore @ 2015-10-03 17:12 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 3092 bytes --]
Hi,
I have a powershell script for installing cygwin and setting up sshd which I am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
The same command succeeds when run manually, but fails when called from automation. I’m trying to understand what it is that is different, so I can fix it in automation.
The command called is:
ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'
When I run manually, logged in as Administrator, I get a log line like this (notice the correct “Cygwin name”):
*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
When I run from automation, the log line looks like this (notice the incorrect “Cygwin name”):
*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
It seems the extended “Cygwin name” which I get in automation causes ssh-host-config to fail. I’m trying to establish what causes the cygwin name to get the prefix of the machine name, since this seems to cause the problem.
For reference, below I’ve put the logs in both the successful (manual) case, and the failing (automated) case.
If anyone can point me to the source code of ssh-host-config I’m also happy to dig - I couldn’t find it online. So if you’re not sure, but know where the source is, I’m happy to look.
Many thanks in advance!
Pete
SUCCESSFUL run (when executed manually):
*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
*** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the ‘cygwinsshd' account.
*** Info: The sshd service has been installed under the ‘cygwinsshd'
*** Info: account. To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!
FAILED run (when called in automation):
*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
*** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 'qwe123QWE!@#'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'win-efpdim0saup+cygwinsshd' account.
*** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' failed!
*** Warning: Please check that password never expires or set it to your needs.
No user or group 'win-efpdim0saup+cygwinsshd' known.
*** Warning: Assigning the appropriate privileges to user 'win-efpdim0saup+cygwinsshd' failed!
*** ERROR: There was a serious problem creating a privileged user.
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: strange cygwin sshd user generated (user name includes machine name)
2015-10-03 17:12 strange cygwin sshd user generated (user name includes machine name) Peter Moore
@ 2015-10-03 18:27 ` Peter Moore
2016-03-31 19:13 ` Peter Moore
2015-10-10 4:06 ` Linda Walsh
1 sibling, 1 reply; 5+ messages in thread
From: Peter Moore @ 2015-10-03 18:27 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 4029 bytes --]
After a little bit more digging, I think the cygwin name is coming from the output of getent here:
https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2705
At this point, I’m not sure what causes getent to return different values when run in automation, and when run manually. I wonder if there is some kind of race condition, such that some subsystem is still updating at the point I install cygwin sshd.
For reference, this is the powershell script, see lines 77 onwards:
https://hg.mozilla.org/try/file/4905af7c52e5/testing/taskcluster/worker_types/win2012r2/aws_userdata
Thanks!
Pete
> On 03 Oct 2015, at 19:12, Peter Moore <pmoore@mozilla.com> wrote:
>
> Hi,
>
> I have a powershell script for installing cygwin and setting up sshd which I am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
>
> The same command succeeds when run manually, but fails when called from automation. I’m trying to understand what it is that is different, so I can fix it in automation.
>
> The command called is:
>
> ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'
>
> When I run manually, logged in as Administrator, I get a log line like this (notice the correct “Cygwin name”):
>
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
>
> When I run from automation, the log line looks like this (notice the incorrect “Cygwin name”):
>
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
>
> It seems the extended “Cygwin name” which I get in automation causes ssh-host-config to fail. I’m trying to establish what causes the cygwin name to get the prefix of the machine name, since this seems to cause the problem.
>
> For reference, below I’ve put the logs in both the successful (manual) case, and the failing (automated) case.
>
> If anyone can point me to the source code of ssh-host-config I’m also happy to dig - I couldn’t find it online. So if you’re not sure, but know where the source is, I’m happy to look.
>
> Many thanks in advance!
> Pete
>
>
>
> SUCCESSFUL run (when executed manually):
>
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
> *** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
> *** Info: If you change the password, please remember also to change the
> *** Info: password for the installed services which use (or will soon use)
> *** Info: the ‘cygwinsshd' account.
>
> *** Info: The sshd service has been installed under the ‘cygwinsshd'
> *** Info: account. To start the service now, call `net start sshd' or
> *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
> *** Info: after the next reboot.
> *** Info: Host configuration finished. Have fun!
>
>
> FAILED run (when called in automation):
>
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
> *** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 'qwe123QWE!@#'.
> *** Info: If you change the password, please remember also to change the
> *** Info: password for the installed services which use (or will soon use)
> *** Info: the 'win-efpdim0saup+cygwinsshd' account.
>
> *** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' failed!
> *** Warning: Please check that password never expires or set it to your needs.
> No user or group 'win-efpdim0saup+cygwinsshd' known.
> *** Warning: Assigning the appropriate privileges to user 'win-efpdim0saup+cygwinsshd' failed!
> *** ERROR: There was a serious problem creating a privileged user.
>
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: strange cygwin sshd user generated (user name includes machine name)
2015-10-03 17:12 strange cygwin sshd user generated (user name includes machine name) Peter Moore
2015-10-03 18:27 ` Peter Moore
@ 2015-10-10 4:06 ` Linda Walsh
1 sibling, 0 replies; 5+ messages in thread
From: Linda Walsh @ 2015-10-10 4:06 UTC (permalink / raw)
To: cygwin
Peter Moore wrote:
> Hi,
>
> I have a powershell script for installing cygwin and setting up sshd which I am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
>
> The same command succeeds when run manually, but fails when called from automation. Iâm trying to understand what it is that is different, so I can fix it in automation.
>
----
I have both a domain account (Bliss) and a local account on my
winclient(Athenae): Bliss\linda & linda
Using Domain account on client -> Domain server
> ssh Bliss
server logs say:
... sshd[49322]: pam_winbind(sshd:account): user 'Bliss\linda' granted access
using
> ssh linda@Bliss, server logs say:
sshd[51179]: pam_winbind(sshd:account): user 'linda' granted access
Using local account on client ->Domain:
> ssh Bliss
server says:
Oct 9 20:51:21 Ishtar sshd[51787]: pam_winbind(sshd:account): user 'linda' granted access
if I want to login to the domain account, I need to specify it as the user:
> ssh 'Bliss\linda'@Bliss
server says:
sshd[51982]: pam_winbind(sshd:account): user 'Bliss\linda' granted access
so in the above case, I am seeing a similar "symptom" -- where it uses
'domain\user' when I'm logged in my domain account
and just 'user' if I specify 'user@Domain'.
Both login to the *same* account on the PDC -- because on the PDC
local users are domain users -- because the SID of the local machine
is the same as the domain SID.
I.e. on the domain server, I can display the domain or the local machine SID:
> net getlocalsid #note, it equates local machine name as a domain name in this case
SID for domain ISHTAR is: S-1-5-21-33333-77777-33333
When I ask for the domain sid: it displays both:
> net getdomainsid
SID for local machine ISHTAR is: S-1-5-21-33333-77777-33333
SID for domain BLISS is: S-1-5-21-33333-77777-33333
----
So first, obvious question is "are domains involved",
but 2nd question ... are the machine 'SIDS' the same in both cases?
I.e. when you run 'live' vs. run under automation, maybe the 'automation'
looks like a different machine name and uses a different 'sid'?
That'd be my best guess...I only replied because I have seen the same
symptom depending on usage of the domain vs. local account.
Good luck!
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: strange cygwin sshd user generated (user name includes machine name)
2015-10-03 18:27 ` Peter Moore
@ 2016-03-31 19:13 ` Peter Moore
0 siblings, 0 replies; 5+ messages in thread
From: Peter Moore @ 2016-03-31 19:13 UTC (permalink / raw)
To: cygwin; +Cc: Brian Mc George, Ben Stragnell, Jim Leitch
[-- Attachment #1: Type: text/plain, Size: 5276 bytes --]
RESOLVED! =)
I’m happy to report Brian McGeorge found a solution, which was kindly passed on to me via Ben Stragnell. The answer is to set the environment variable LOGONSERVER to \\%COMPUTERNAME%.
This works by not executing the body of the if statement in: https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2884
(lines 2884 to 2890)
My working user data now looks like this (note - you need to see both links for context - different parts of the same user data file).
* https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L4
* https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L81-L101
The addition to the powershell script was simply:
$env:LOGONSERVER = "\\" + $env:COMPUTERNAME
I can confirm this fix works! Thanks again to Brian and Ben. =)
Pete
> On 03 Oct 2015, at 20:27, Peter Moore <pmoore@mozilla.com> wrote:
>
> After a little bit more digging, I think the cygwin name is coming from the output of getent here:
>
> https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2705
>
> At this point, I’m not sure what causes getent to return different values when run in automation, and when run manually. I wonder if there is some kind of race condition, such that some subsystem is still updating at the point I install cygwin sshd.
>
> For reference, this is the powershell script, see lines 77 onwards:
> https://hg.mozilla.org/try/file/4905af7c52e5/testing/taskcluster/worker_types/win2012r2/aws_userdata
>
> Thanks!
> Pete
>
>
>
>> On 03 Oct 2015, at 19:12, Peter Moore <pmoore@mozilla.com> wrote:
>>
>> Hi,
>>
>> I have a powershell script for installing cygwin and setting up sshd which I am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
>>
>> The same command succeeds when run manually, but fails when called from automation. I’m trying to understand what it is that is different, so I can fix it in automation.
>>
>> The command called is:
>>
>> ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'
>>
>> When I run manually, logged in as Administrator, I get a log line like this (notice the correct “Cygwin name”):
>>
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
>>
>> When I run from automation, the log line looks like this (notice the incorrect “Cygwin name”):
>>
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
>>
>> It seems the extended “Cygwin name” which I get in automation causes ssh-host-config to fail. I’m trying to establish what causes the cygwin name to get the prefix of the machine name, since this seems to cause the problem.
>>
>> For reference, below I’ve put the logs in both the successful (manual) case, and the failing (automated) case.
>>
>> If anyone can point me to the source code of ssh-host-config I’m also happy to dig - I couldn’t find it online. So if you’re not sure, but know where the source is, I’m happy to look.
>>
>> Many thanks in advance!
>> Pete
>>
>>
>>
>> SUCCESSFUL run (when executed manually):
>>
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: ‘cygwinsshd')? (yes/no) yes
>> *** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
>> *** Info: If you change the password, please remember also to change the
>> *** Info: password for the installed services which use (or will soon use)
>> *** Info: the ‘cygwinsshd' account.
>>
>> *** Info: The sshd service has been installed under the ‘cygwinsshd'
>> *** Info: account. To start the service now, call `net start sshd' or
>> *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
>> *** Info: after the next reboot.
>> *** Info: Host configuration finished. Have fun!
>>
>>
>> FAILED run (when called in automation):
>>
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
>> *** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 'qwe123QWE!@#'.
>> *** Info: If you change the password, please remember also to change the
>> *** Info: password for the installed services which use (or will soon use)
>> *** Info: the 'win-efpdim0saup+cygwinsshd' account.
>>
>> *** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' failed!
>> *** Warning: Please check that password never expires or set it to your needs.
>> No user or group 'win-efpdim0saup+cygwinsshd' known.
>> *** Warning: Assigning the appropriate privileges to user 'win-efpdim0saup+cygwinsshd' failed!
>> *** ERROR: There was a serious problem creating a privileged user.
>>
>
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: strange cygwin sshd user generated (user name includes machine name)
@ 2016-03-31 19:23 Pete Moore
0 siblings, 0 replies; 5+ messages in thread
From: Pete Moore @ 2016-03-31 19:23 UTC (permalink / raw)
To: cygwin
RESOLVED! =)
I’m happy to report Brian McGeorge found a solution, which was kindly
passed on to me via Ben Stragnell. The answer is to set the
environment variable LOGONSERVER to \\%COMPUTERNAME%.
This works by not executing the body of the if statement in:
https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2884
(lines 2884 to 2890)
My working user data now looks like this (note - you need to see both
links for context - different parts of the same user data file).
* https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L4
* https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L81-L101
The addition to the powershell script was simply:
$env:LOGONSERVER = "\\" + $env:COMPUTERNAME
I can confirm this fix works! Thanks again to Brian and Ben. =)
Pete
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-03-31 19:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-03 17:12 strange cygwin sshd user generated (user name includes machine name) Peter Moore
2015-10-03 18:27 ` Peter Moore
2016-03-31 19:13 ` Peter Moore
2015-10-10 4:06 ` Linda Walsh
2016-03-31 19:23 Pete Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).