Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication

["Jeffrey Lightner" <jclightner@copper.net>]

Thanks again.

The user reports the bat file worked without issue after I did the "passwd -R" and re-established the trust.

--- jclightner@copper.net wrote:

From: "Jeffrey Lightner" <jclightner@copper.net>
To: "Achim Gratz" <Stromeko@nexgo.de>
Cc: <cygwin@cygwin.com>
Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
Date: Tue, 6 Sep 2016 11:39:01 -0700

Thanks.

I've done the passwd -R and re-established the trust.   Once the user retests with the trust I'll let you know how it goes.

The comment in the article about only System users being able to list the registry entries doesn't mean it will ignore the "passwd -R" done for a non-Administrative user (by an Administrative account of course) does it?   At present the remote Windows user is a local Administrative user but of course we plan to lock that down some after other testing pans out.

--- Stromeko@nexgo.de wrote:

From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: ssh to Cygwin sshd - command with bat file fails when trust established but works with password authentication
Date: Tue, 06 Sep 2016 19:59:47 +0200

Jeffrey Lightner writes:
> The weirdness is that this failure only occurs when we call it using
> ssh trust to make the connection. If we make the connection without a
> trust so that it prompts for the OS level password the bat file then
> executes correctly including its application level login.

That most likely means that this application needs network access.  If
you log in via public key and don't have a password stored in registry
via 'passwd -R' and cygserver running to use it, then you won't have any
access rights to non-local resources.

https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

If all you need is indeed to run one script, you might alternatively be
able to set up a service that starts under a network user and just runs
that script when triggered by your remote user login in via ssh.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple