With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

[Byron]

Every time I use ssh to a machine I get the fingerprint warnings like
it's the first time I've ssh-ed to that machine. I've narrowed it down
to have something to do with my `db_home` being set to `/cygdrive/c/%U`
in `nsswitch.conf`. I have it set to this value because I want my
Cygwin home folder to be the home folder of my computer. Since I'm on
an Active Directory network if I set `db_home` to `windows` then my
home folder is on a network file server rather than my desktop.

I can't see any reason that ssh isn't able to properly use my `.ssh`
folder. Am I missing something, or is this a bug?

Below is sample output of ssh, the permissions of my `.ssh/` folder and
files, and the contents of my `/etc/nsswitch.conf`.

```
$ ssh destination
Could not create directory '/cygdrive/c/bkboulton/.ssh'.
The authenticity of host 'destination (192.168.11.7)' can't be
established. RSA key fingerprint is
SHA256:WKewPf3j9Vljltmsnr/cwZmr0XBy8L5E6Chwp1gWK4g. Are you sure you
want to continue connecting (yes/no)?
```

Permissions of my `/cygdrive/c/bkboulton/.ssh` folder ar `drwx------+`.
Permissions on all file in that folder are `-rw-r--r--`.

```
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# passwd:   files db
# group:    files db
db_home:  /cygdrive/c/%U #cygwin desc
db_shell: /usr/bin/zsh
# db_gecos: cygwin desc
```

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2506 bytes --]

On Dec 18 10:02, Byron wrote:
> Every time I use ssh to a machine I get the fingerprint warnings like
> it's the first time I've ssh-ed to that machine. I've narrowed it down
> to have something to do with my `db_home` being set to `/cygdrive/c/%U`
> in `nsswitch.conf`. I have it set to this value because I want my
> Cygwin home folder to be the home folder of my computer. Since I'm on
> an Active Directory network if I set `db_home` to `windows` then my
> home folder is on a network file server rather than my desktop.
> 
> I can't see any reason that ssh isn't able to properly use my `.ssh`
> folder. Am I missing something, or is this a bug?

I have no idea.  Usually it works.

> Below is sample output of ssh, the permissions of my `.ssh/` folder and
> files, and the contents of my `/etc/nsswitch.conf`.
> 
> ```
> $ ssh destination
> Could not create directory '/cygdrive/c/bkboulton/.ssh'.

It's weird that ssh apparently tries to create the directory as if it's
missing.  You didn't change the cygdrive prefix in /etc/fstab by any
chance?

Also, usually your Windows home folder is not /cygdrive/c/$USERNAME but
/cygdrive/c/Users/$USERNAME.  Are you sure that's not the problem here?

> The authenticity of host 'destination (192.168.11.7)' can't be
> established. RSA key fingerprint is
> SHA256:WKewPf3j9Vljltmsnr/cwZmr0XBy8L5E6Chwp1gWK4g. Are you sure you
> want to continue connecting (yes/no)?
> ```
> 
> Permissions of my `/cygdrive/c/bkboulton/.ssh` folder ar `drwx------+`.

The '+' is suspicious.  What does icacls print for .ssh?

> Permissions on all file in that folder are `-rw-r--r--`.

All files?  Even the private keys?  The permissions for private
keys should be 0600.

What does `getent passwd <your cygwin username>' print?  Does
the homedir differ from the value of $HOME?

Can you run ssh under strace as in

  $ strace -o ssh.trace ssh destination

and provide the trace output?  It might contain a hint why ssh
thinks it has to create the folder.

What you could also try is this:  Disable the db_home entry in
nsswitch.conf and create a mount point instead, e.g.:

  $ cat > /etc/fstab.d/$USER <<EOF
  C:/Users/$USER /home/$USER ntfs binary 0 0
  EOF

That makes your home dir /home/<username> in Cygwin.  Just start a new
shell for testing.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

[Byron]

On Fri, 18 Dec 2015 17:12:55 +0100
Corinna Vinschen wrote:

> On Dec 18 10:02, Byron wrote:
> > Every time I use ssh to a machine I get the fingerprint warnings
> > like it's the first time I've ssh-ed to that machine. I've narrowed
> > it down to have something to do with my `db_home` being set to
> > `/cygdrive/c/%U` in `nsswitch.conf`. I have it set to this value
> > because I want my Cygwin home folder to be the home folder of my
> > computer. Since I'm on an Active Directory network if I set
> > `db_home` to `windows` then my home folder is on a network file
> > server rather than my desktop.
> > 
> Also, usually your Windows home folder is not /cygdrive/c/$USERNAME
> but /cygdrive/c/Users/$USERNAME.  Are you sure that's not the problem
> here?

That was indeed the problem! I missed the `Users/` part of the path
when I defined `db_home`.

> > Permissions of my `/cygdrive/c/bkboulton/.ssh` folder ar
> > `drwx------+`.
> 
> The '+' is suspicious.  What does icacls print for .ssh?

I have no idea what any of this means, but here you go.

```
$ icacls .ssh
.ssh XXX\myusername:(F)
     XXX\Domain Users:(Rc,S,RA)
     Everyone:(Rc,S,RA)
     NT AUTHORITY\SYSTEM:(Rc,S,RA)
     CREATOR OWNER:(OI)(CI)(IO)(F)
     CREATOR GROUP:(OI)(CI)(IO)(Rc,S,RA)
     Everyone:(OI)(CI)(IO)(Rc,S,RA)

Successfully processed 1 files; Failed processing 0 files
```

> 
> > Permissions on all file in that folder are `-rw-r--r--`.
> 
> All files?  Even the private keys?  The permissions for private
> keys should be 0600.

That's weird, I wonder how the private key permissions got to be 0644?
Fixed.

Thanks for spotting my problem with the `db_home` setting.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

[Andrey Repin]

Greetings, Byron!

> Every time I use ssh to a machine I get the fingerprint warnings like
> it's the first time I've ssh-ed to that machine. I've narrowed it down
> to have something to do with my `db_home` being set to `/cygdrive/c/%U`
> in `nsswitch.conf`. I have it set to this value because I want my
> Cygwin home folder to be the home folder of my computer.

db_home: windows

normally do that.


-- 
With best regards,
Andrey Repin
Friday, December 18, 2015 22:27:06

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: With nsswitch db_home of /cygdrive/c/%U ssh can't seem to use .ssh folder

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 682 bytes --]

On Dec 18 22:27, Andrey Repin wrote:
> Greetings, Byron!
> 
> > Every time I use ssh to a machine I get the fingerprint warnings like
> > it's the first time I've ssh-ed to that machine. I've narrowed it down
> > to have something to do with my `db_home` being set to `/cygdrive/c/%U`
> > in `nsswitch.conf`. I have it set to this value because I want my
> > Cygwin home folder to be the home folder of my computer.
> 
> db_home: windows
> 
> normally do that.

Not if there's another home dir set in AD.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]