login and ssh: can't authenticate

login and ssh: can't authenticate

[Ryan T. Sammartino]

Yes, I have read everything in /usr/doc/Cygwin, and searched this
mailing list, and read all of Corinna's well-written posts, and yet
login and ssh refuse to log me in.

My /etc/passwd looks very similar to the examples in
/usr/doc/Cygwin/login.README and /usr/doc/Cygwin/openssh-3.0.1p1-2.README.
My CYGWIN is set to 'ntsec'.  I'm using all the latest packages as of
the writing of this e-mail.  I've been at this for about a day now.

Here are all the details.


As you can see, sshd is running, and it does accept connections:

     PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
     1392      1    1392       1392    ?   18 15:07:57 /usr/sbin/sshd


Here is my entry in /etc/passwds, somewhat censored:

ryans:unused_by_nt/2000/xp:18:10513:Ryan T.
Sammartino,U-*******\ryans,S-1-5-21-*******:/home/ryans:/bin/bash


Now, my UID is 18 so that I could get cron working
(cf: http://sources.redhat.com/ml/cygwin/2001-11/msg01859.html),
although I have tried all sorts of numbers in there, including the
default one that mkpasswd generated.


The relevent bits from my cygcheck -s are:

CYGWIN = `ntsec'

    Cygwin DLL version info:
        DLL version: 1.3.6
        DLL epoch: 19
        DLL bad signal mask: 19005
        DLL malloc env: 28
        API major: 0
        API minor: 47
        Shared data: 3
        DLL identifier: cygwin1
        Mount registry: 2
        Cygnus registry name: Cygnus Solutions
        Cygwin registry name: Cygwin
        Program options name: Program Options
        Cygwin mount registry name: mounts v2
        Cygdrive flags: cygdrive flags
        Cygdrive prefix: cygdrive prefix
        Cygdrive default prefix:
        Build date: Fri Dec 7 00:15:11 EST 2001
        CVS tag: cygwin-1-3-6-5
        Shared id: cygwin1S3


login               1.4-2
openssh             3.0.1p1-2



Now, I am an "Administrator" on this machine... is that "good enough"?
(I'm totally clueless about Win NT/2K 'security'...)


Any help would be greatly appreciated.



-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
I want to reach your mind -- where is it currently located?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: login and ssh: can't authenticate

[Corinna Vinschen]

On Fri, Dec 07, 2001 at 03:46:31PM -0800, Ryan T. Sammartino wrote:
> 
> 
> Yes, I have read everything in /usr/doc/Cygwin, and searched this
> mailing list, and read all of Corinna's well-written posts, and yet
> login and ssh refuse to log me in.
> 
> My /etc/passwd looks very similar to the examples in
> /usr/doc/Cygwin/login.README and /usr/doc/Cygwin/openssh-3.0.1p1-2.README.
> My CYGWIN is set to 'ntsec'.  I'm using all the latest packages as of
> the writing of this e-mail.  I've been at this for about a day now.
> 
> Here are all the details.
> 
> 
> As you can see, sshd is running, and it does accept connections:
> 
>      PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
>      1392      1    1392       1392    ?   18 15:07:57 /usr/sbin/sshd
> 
> 
> Here is my entry in /etc/passwds, somewhat censored:
> 
> ryans:unused_by_nt/2000/xp:18:10513:Ryan T.
> Sammartino,U-*******\ryans,S-1-5-21-*******:/home/ryans:/bin/bash
> 
> 
> Now, my UID is 18 so that I could get cron working

UID 18 is reserved for SYSTEM.  You can't get user authentication
working for your account just by giving yourself uid 18.  Run sshd
as service under LocalSystem account.  Revert your /etc/passwd to
use UID 18 for SYSTEM.  cron needs the same setting, btw.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: login and ssh: can't authenticate

[Ryan T. Sammartino]

On Sat, Dec 08, 2001 at 12:10:58PM +0100, Corinna Vinschen wrote:
> On Fri, Dec 07, 2001 at 03:46:31PM -0800, Ryan T. Sammartino wrote:
> > 
> > As you can see, sshd is running, and it does accept connections:
> > 
> >      PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
> >      1392      1    1392       1392    ?   18 15:07:57 /usr/sbin/sshd
> > 
> > 
> > Here is my entry in /etc/passwds, somewhat censored:
> > 
> > ryans:unused_by_nt/2000/xp:18:10513:Ryan T.
> > Sammartino,U-*******\ryans,S-1-5-21-*******:/home/ryans:/bin/bash
> > 
> > 
> > Now, my UID is 18 so that I could get cron working
> 
> UID 18 is reserved for SYSTEM.  You can't get user authentication
> working for your account just by giving yourself uid 18.  Run sshd
> as service under LocalSystem account.  Revert your /etc/passwd to
> use UID 18 for SYSTEM.  cron needs the same setting, btw.

This is probably my ignorance of NT/W2K security coming through, but
when I run things as "LocalSystem", I can't kill them either with "kill"
(I get "Not owner") or with W2K's Task List ("Access Denied").

How do I kill processes that I've started that got "promoted" to
LocalSystem?



-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
Life is like bein' on a mule team.  Unless you're the lead mule, all the
scenery looks about the same.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

cron doesn't run (was: Re: login and ssh: can't authenticate)

[Ryan T. Sammartino]

On Sat, Dec 08, 2001 at 12:10:58PM +0100, Corinna Vinschen wrote:
> UID 18 is reserved for SYSTEM.  You can't get user authentication
> working for your account just by giving yourself uid 18.  Run sshd
> as service under LocalSystem account.  Revert your /etc/passwd to
> use UID 18 for SYSTEM.  cron needs the same setting, btw.


Great!  Now I can ssh into my system... thanks Corinna.


Unfortunately, now cron seems to be broken:


From /etc/passwd:


ryans:unused_by_nt/2000/xp:12136:10513:Ryan T.
Sammartino,U-*****\ryans,S-1-5-******:/home/ryans:/bin/bash


ps -a says:


     848       1     848        848  con 12136 13:19:09  /usr/bin/bash
    1580       1    1580       1580    ?    18 13:27:19  /usr/bin/cygrunsrv
     484    1580    1580       1484    ?    18 13:27:19  /usr/sbin/cron
    1616       1    1616       1616    ?    18 13:28:08  /usr/bin/cygrunsrv
     984    1616    1616       1088    ?    18 13:28:08  /usr/sbin/sshd

My crontab has:

MAILTO=rsammartino@ea.com

30 13 * * * notepad


but, 1:30 PM came and went, and no notepad popped up.  Nothing else I
stick in there seems to work either, including simple "echo Cron works!"
type stuff (and yes, I do have ssmtp configured correctly).


I started cron with

cygrunsrv -I cron -p /usr/sbin/cron -a -D
cygrunsrv --start cron



Any help would be greatly appreciated.




-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
A man can have two, maybe three love affairs while he's married.  After
that it's cheating.
		-- Yves Montand

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Ryan T. Sammartino]

On Mon, Dec 10, 2001 at 01:37:59PM -0800, Ryan T. Sammartino wrote:
> Any help would be greatly appreciated.

Here's a little more info from the Event Viewer.

cron says:

The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. The following information is part of the event: /USR/SBIN/CRON
: Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (ryans) CMD
(/usr/bin/echo Cron works!).


and then it says:

The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. The following information is part of the event: /USR/SBIN/CRON
: Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (CRON) error
(can't switch user context).


How do I fix this "can't switch user context" error?


-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
If I don't see you in the future, I'll see you in the pasture.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Corinna Vinschen]

On Mon, Dec 10, 2001 at 02:35:28PM -0800, Ryan T. Sammartino wrote:
> On Mon, Dec 10, 2001 at 01:37:59PM -0800, Ryan T. Sammartino wrote:
> > Any help would be greatly appreciated.
> 
> Here's a little more info from the Event Viewer.
> 
> cron says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (ryans) CMD
> (/usr/bin/echo Cron works!).
> 
> 
> and then it says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (CRON) error
> (can't switch user context).
> 
> 
> How do I fix this "can't switch user context" error?

Dunno.  Try the various hints on this mailing list.  Is CYGWIN=ntsec?
Is your /etc/group ok?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Ryan T. Sammartino]

On Tue, Dec 11, 2001 at 09:24:07AM +0100, Corinna Vinschen wrote:
> > How do I fix this "can't switch user context" error?
> 
> Dunno.  Try the various hints on this mailing list.  Is CYGWIN=ntsec?
> Is your /etc/group ok?
> 

Yup, I read the discussion on this list back in July 
(this thread:
http://sources.redhat.com/ml/cygwin/2001-07/msg00609.html)
that looked promising for me, but none of the advice there helped 
unfortunately.

A Lou Rayman at
http://sources.redhat.com/ml/cygwin/2001-10/msg01650.html was having a
similar problem on 31 Oct, as well as a Sergey Melnykov at 
http://sources.redhat.com/ml/cygwin/2001-07/msg00630.html,
but I didn't see any replies to their messages.

CYGWIN is "ntsec tty"

My /etc/group looks OK... I made it with mkgroup -l > /etc/group
SYSTEM is user and group 18, users are in a group called "Users".

I'm using the absolutely bleeding edge of every Cygwin package as of
yesterday.

Any other hints greatly appreciated.

-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
Everything is possible.  Pass the word.
		-- Rita Mae Brown, "Six of One"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Ryan T. Sammartino]

Yay!  You might want to add this to the cron.README documentation:

my mkpasswd ... > /etc/passwd created some password entries thus:


blah:unused:blah:blah:LastName, FirstName,U-blah,S-blah


LastName, FirstName is *no good*.

I changed all LastName, FirstName to FirstName LastName and cron
is happy.




-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
Baruch's Observation:
	If all you have is a hammer, everything looks like a nail.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: cron doesn't run (was: Re: login and ssh: can't authenticate)

[ASH, JAMES (SBCSI)]

I and several others have posted this same questions many times. AFAIK, no
one has a solution yet. We are all eager to find one.
Thanks.

-----Original Message-----
From: Corinna Vinschen [mailto:cygwin@cygwin.com]
Sent: Tuesday, December 11, 2001 2:24 AM
To: Cygwin List
Cc: Ryan T. Sammartino
Subject: Re: cron doesn't run (was: Re: login and ssh: can't
authenticate)


On Mon, Dec 10, 2001 at 02:35:28PM -0800, Ryan T. Sammartino wrote:
> On Mon, Dec 10, 2001 at 01:37:59PM -0800, Ryan T. Sammartino wrote:
> > Any help would be greatly appreciated.
> 
> Here's a little more info from the Event Viewer.
> 
> cron says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (ryans) CMD
> (/usr/bin/echo Cron works!).
> 
> 
> and then it says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (CRON) error
> (can't switch user context).
> 
> 
> How do I fix this "can't switch user context" error?

Dunno.  Try the various hints on this mailing list.  Is CYGWIN=ntsec?
Is your /etc/group ok?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: cron doesn't run (was: Re: login and ssh: can't authenticate)

[ASH, JAMES (SBCSI)]

One thing that seems to be an issue with this is that, if my pc isn't
networked (not connected to our lan), then cron works.  Has anyone else
experienced this?

-----Original Message-----
From: ASH, JAMES (SBCSI) 
Sent: Tuesday, December 11, 2001 9:02 AM
To: 'cygwin@cygwin.com'
Subject: RE: cron doesn't run (was: Re: login and ssh: can't
authenticate)


I and several others have posted this same questions many times. AFAIK, no
one has a solution yet. We are all eager to find one.
Thanks.

-----Original Message-----
From: Corinna Vinschen [mailto:cygwin@cygwin.com]
Sent: Tuesday, December 11, 2001 2:24 AM
To: Cygwin List
Cc: Ryan T. Sammartino
Subject: Re: cron doesn't run (was: Re: login and ssh: can't
authenticate)


On Mon, Dec 10, 2001 at 02:35:28PM -0800, Ryan T. Sammartino wrote:
> On Mon, Dec 10, 2001 at 01:37:59PM -0800, Ryan T. Sammartino wrote:
> > Any help would be greatly appreciated.
> 
> Here's a little more info from the Event Viewer.
> 
> cron says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (ryans) CMD
> (/usr/bin/echo Cron works!).
> 
> 
> and then it says:
> 
> The description for Event ID ( 0 ) in Source ( /USR/SBIN/CRON ) cannot
> be found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. The following information is part of the event: /USR/SBIN/CRON
> : Win32 Process Id = 0x288 : Cygwin Process Id = 0x288 : (CRON) error
> (can't switch user context).
> 
> 
> How do I fix this "can't switch user context" error?

Dunno.  Try the various hints on this mailing list.  Is CYGWIN=ntsec?
Is your /etc/group ok?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Corinna Vinschen]

On Tue, Dec 11, 2001 at 09:04:40AM -0600, ASH, JAMES (SBCSI) wrote:
> One thing that seems to be an issue with this is that, if my pc isn't
> networked (not connected to our lan), then cron works.  Has anyone else
> experienced this?

My box is always connected to a lan so that shouldn't be a problem.

I don't have a problem to get cron working and I don't have a problem
to get a working user switch (with cron,ssh,telnet,ftp,rsh,...).  That
probably means, I'm doing something pretty automatically which I don't
think about anymore which other persons miss to do.  The thing is, I
really don't know what that might be.  I dare to say that I'm not
doing something mysterious.

I'm maintaining my /etc/passwd and /etc/group files with some care.
They contain always the SIDs of the users and groups.  I even added
some NT internal groups to my /etc/group file

local:S-1-2-0:2:
dialup:S-1-5-1:101:
network:S-1-5-2:102:
batch:S-1-5-3:103:
interactive:S-1-5-4:104:
service:S-1-5-6:106:
anonymous:S-1-5-7:107:
proxy:S-1-5-8:108:
enterprise domain controllers:S-1-5-9:109:
self:S-1-5-10:110:
authenticatedusers:S-1-5-11:111:
restricted:S-1-5-12:112:
terminal server user:S-1-5-13:113:
remote interactive logon:S-1-5-14:114:
local_svc:S-1-5-19:119:
netwrk_svc:S-1-5-20:120:
creator owner:S-1-3-0:130:
creator group:S-1-3-1:131:
creator owner server:S-1-3-2:132:
creator group server:S-1-3-3:133:

but I didn't do that on all my NT boxes!  It's more for testing
purposes and to have some supplementary groups in `id' output.

One thing I'm doing always is to change these lines in /etc/passwd

	Everyone:*:0:0:,S-1-1-0::
	Administrators:*:544:544:,S-1-5-32-544::

to

	Everyone:*:1:1:,S-1-1-0::
	root:*:0:0:,S-1-5-32-544::

and these lines in /etc/group

	Everyone:S-1-1-0:0:
	Administrators:S-1-5-32-544:544:

to

	Everyone:S-1-1-0:1:
	root:S-1-5-32-544:0:

But I _never_ change these lines

	SYSTEM:*:18:18:,S-1-5-18::	/etc/passwd
	SYSTEM:S-1-5-18:18:		/etc/group

The shell and the home directory are set up correctly for my
users in /etc/passwd.  Paths are given in POSIX notation.  I
never use /cygdrive paths in /etc/passwd.  I'm always setting
CYGWIN to `binmode tty ntsec' in the system environment.  All
important mount points are binary system mounts.  I don't expect
shares to work for processes changing the user context w/o
password and I don't expect to have user mount points then.

I'm always looking for the permissions of the concerned files and
directories.  SYSTEM must have permission to read all files in
/var/cron for example.  SYSTEM must have read permisssion on /etc
and the important files in it.  SYSTEM must be owner of the /etc/ssh*
files.

Hope that helps.  I'm really getting tired of answering that sort
of mail.  Everything should be in the mailing list archive now.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: cron doesn't run (was: Re: login and ssh: can't authenticate)

[Ryan T. Sammartino]

On Tue, Dec 11, 2001 at 05:07:30PM +0100, Corinna Vinschen wrote:
> 
> 	Everyone:*:0:0:,S-1-1-0::
> 	Administrators:*:544:544:,S-1-5-32-544::
> 
> to
> 
> 	Everyone:*:1:1:,S-1-1-0::
> 	root:*:0:0:,S-1-5-32-544::
> 
<snip>


Tried all that, didn't help me.


> The shell and the home directory are set up correctly for my
> users in /etc/passwd.  Paths are given in POSIX notation.  I
> never use /cygdrive paths in /etc/passwd.  I'm always setting
> CYGWIN to `binmode tty ntsec' in the system environment.  All
> important mount points are binary system mounts.  I don't expect
> shares to work for processes changing the user context w/o
> password and I don't expect to have user mount points then.

Check.  All of that is true for me as well, except I don't have
"binmode" in my CYGWIN.


> 
> I'm always looking for the permissions of the concerned files and
> directories.  SYSTEM must have permission to read all files in
> /var/cron for example.  SYSTEM must have read permisssion on /etc
> and the important files in it.  

Check.  Like I said, sshd works perfectly for me now, so I'm pretty
sure all the 'ntsec' and SYSTEM stuff is OK.  I'm pretty sure
SYSTEM can read everything under /var/cron, because I see "RELOAD
tabs/ryans" in the event logs.


> Hope that helps.  I'm really getting tired of answering that sort
> of mail.  Everything should be in the mailing list archive now.

I know the feeling :)  Unfortunately, some crucial step is missing, or
something has changed recently that is causing it to break.


-- 
Ryan T. Sammartino (ryants@shaw.ca)
http://members.shaw.ca/ryants/
paranoia, n.:
	A healthy understanding of the way the universe works.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/