From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24327 invoked by alias); 5 Sep 2015 21:03:31 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 24314 invoked by uid 89); 5 Sep 2015 21:03:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 X-HELO: nm20-vm6.bullet.mail.gq1.yahoo.com Received: from nm20-vm6.bullet.mail.gq1.yahoo.com (HELO nm20-vm6.bullet.mail.gq1.yahoo.com) (98.136.217.37) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Sat, 05 Sep 2015 21:03:28 +0000 Received: from [98.137.12.56] by nm20.bullet.mail.gq1.yahoo.com with NNFMP; 05 Sep 2015 21:03:26 -0000 Received: from [98.137.12.243] by tm1.bullet.mail.gq1.yahoo.com with NNFMP; 05 Sep 2015 21:03:26 -0000 Received: from [127.0.0.1] by omp1051.mail.gq1.yahoo.com with NNFMP; 05 Sep 2015 21:03:26 -0000 Received: by 216.39.60.198; Sat, 05 Sep 2015 21:03:26 +0000 Date: Sat, 05 Sep 2015 21:03:00 -0000 From: Zdzislaw Meglicki Reply-To: Zdzislaw Meglicki To: "cygwin@cygwin.com" Message-ID: <1975013611.1485306.1441487005702.JavaMail.yahoo@mail.yahoo.com> Subject: Sshd behaving strangely... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SW-Source: 2015-09/txt/msg00093.txt.bz2 Greetings, I have installed Cygwin on a Windows 8.1 Enterprise workstation. It is a most recent full download of the whole Cygwin suite (within a week or so). Here are the relevant numbers: Windows 8.1 Enterprise Ver 6.3 Build 9600 [...] Cygwin DLL version info: DLL version: 2.2.1 DLL epoch: 19 DLL old termios: 5 DLL malloc env: 28 Cygwin conv: 181 API major: 0 API minor: 289 Shared data: 5 DLL identifier: cygwin1 Mount registry: 3 Cygwin registry name: Cygwin Installations name: Installations Cygdrive default prefix: Build date: Shared id: cygwin1S5 I don't provide a full dump at this stage, but I will if the discussion veers this way. The sshd package is: openssh 7.1p1-1 OK openssh-debuginfo 7.1p1-1 OK The workstation is slaved, security wise, to the enterprise Active Directory, but it has local accounts that are not, I run sshd and exim using cygrunsrv on it thusly: Service : exim Description : Mail Transfer Agent Current State : Running Controls Accepted : Stop Command : /usr/bin/exim -bdf -q15m Service : sshd Display name : CYGWIN sshd Current State : Running Controls Accepted : Stop Command : /usr/sbin/sshd -D -e Now about the weirdness... I can connect to this system from another machine that is on the same subnet, on the same desk actually, that runs a very old version of Linux and a very old version of ssh (version 3.9p1). The sshd daemon on the Windows machine does not let me make a connection using a passphrase, but I can make a connection using a password of the Windows user and this works just fine. The message that is printed on sshd.log when this happens looks as follows: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Accepted password for root from [IP number here] port 36014 ssh2 However, when I try to make a connection from another machine that runs Cygwin version 1.7.35 ssh version 6.8p1-1 the connection is rejected and the following message is printed in sshd.log: seteuid 1214318: Operation not permitted Now, I've checked the mailing list and I see that problems with sshd configuration are not uncommon. This particular problem with "Operation not permitted" was solved by David Koppenhofer by "asking the network admin to give 'Create a token object' to the service account." So, this problem appears to be a feature, perhaps, rather than a bug. But if this is so, then isn't the acceptance of the password and successful login into the account from the ancient version of ssh on the ancient Linux machine a... security bug? General question: how to configure sshd on Windows 8.1 Enterprise slaved to an Active Directory? Is there a document on-line somewhere that outlines the steps? Also, are any ports other than 22 involved on the sshd server machine? Zdzislaw (Gustav) Meglicki Indiana University -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple