Cygwin sshd doesn't use domain user names on boot up

Cygwin sshd doesn't use domain user names on boot up

[Chris Wilson (chwilso3)]

Hi,

I'm trying to set up sshd service on a Windows 10 build slave VM (for use with Jenkins) which is attached to one of the domains in our network.  I initially ran the ssh-host-config script to generate the cyg_server user and I was able to start the sshd service on Windows.  Assuming that the Windows user is DOMAIN\myuser (real info redacted), I was able to SSH into the machine and the shell prompt shows up correctly:

myuser@build-slave.example.com ~
$ pwd
/home/myuser

However, after I reboot the machine, the username that shows up in the prompt changes to the following:

DOMAIN+User(1234567)@build-slave.example.com ~
$ pwd
/home/myuser

If I simply restart the sshd service once the machine is booted, the username changes back from "DOMAIN+User(1234567)" --> "myuser":

# restart sshd
$ net stop sshd
$ net start sshd

# prompt is fixed now
myuser@build-slave.example.com ~
$ pwd
/home/myuser

Anybody have an idea what's going on here?  I'm not sure why the username isn't picked up correctly when sshd starts up initially after a reboot.  Is there some kind of dependency that needs to be added to the sshd service on boot?

Thanks,
Chris 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin sshd doesn't use domain user names on boot up

[Brian Inglis]

On 2017-12-05 12:24, Chris Wilson (chwilso3) wrote:
> I'm trying to set up sshd service on a Windows 10 build slave VM (for use 
> with Jenkins) which is attached to one of the domains in our network. I
> initially ran the ssh-host-config script to generate the cyg_server user and
> I was able to start the sshd service on Windows. Assuming that the Windows
> user is DOMAIN\myuser (real info redacted), I was able to SSH into the
> machine and the shell prompt shows up correctly:
> myuser@build-slave.example.com ~
> $ pwd
> /home/myuser
> However, after I reboot the machine, the username that shows up in the
> prompt changes to the following:
> DOMAIN+User(1234567)@build-slave.example.com ~
> $ pwd
> /home/myuser
> If I simply restart the sshd service once the machine is booted, the
> username changes back from "DOMAIN+User(1234567)" --> "myuser":
> # restart sshd
> $ net stop sshd
> $ net start sshd
> # prompt is fixed now
> myuser@build-slave.example.com ~
> $ pwd
> /home/myuser
> Anybody have an idea what's going on here? I'm not sure why the username 
> isn't picked up correctly when sshd starts up initially after a reboot. Is
> there some kind of dependency that needs to be added to the sshd service on boot?

Did you install the service by running ssh-host-config?

Check service dependencies with:
$ cygrunsrv -VQ sshd
Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop, Preshutdown
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Process Type        : Own Process
Startup             : Manual
Dependencies        : cygserver, tcpip
Account             : .\cyg_server

You may have to add an additional dependency on netlogon or other AD services to
ensure they are available before sshd starts.

If your service start is Automatic, you may also want to change it manually to
Automatic (delayed start), to allow time for network services to be available.

I don't run in a domain, but found it useful to tweak the Cygwin and Windows
service settings to avoid issues with startup and updates e.g. Manual start,
dependency on cygserver, Preshutdown termination before other services, shutdown
script run in a pre-setup script or on Preshutdown event, and startup script run
at boot and in an /etc/postinstall/zp_zzz_service_start.sh script after all
other setup processing.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin sshd doesn't use domain user names on boot up

[Chris Wilson]

On 12/5/17 12:17 PM, Brian Inglis wrote:

> Did you install the service by running ssh-host-config?

Yes.

FYI, I had to run ssh-host-config as a domain user.  When I first ran it 
as a local Administrator, the ssh-host-config script printed the following:

*** Info: User 'cyg_server' has been created with password '<redacted>'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.

passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

> Check service dependencies with:
> $ cygrunsrv -VQ sshd
> Service             : sshd
> Display name        : CYGWIN sshd
> Current State       : Running
> Controls Accepted   : Stop, Preshutdown
> Command             : /usr/sbin/sshd -D
> stdin path          : /dev/null
> stdout path         : /var/log/sshd.log
> stderr path         : /var/log/sshd.log
> Process Type        : Own Process
> Startup             : Manual
> Dependencies        : cygserver, tcpip
> Account             : .\cyg_server 

$ cygrunsrv -VQ sshd
Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Environment         : CYGWIN="ntsec"
Process Type        : Own Process
Startup             : Automatic
Account             : .\cyg_server

> You may have to add an additional dependency on netlogon or other AD services to
> ensure they are available before sshd starts.

I tried adding netlogon as a dependency to sshd, but didn't see any 
change in behavior.

> If your service start is Automatic, you may also want to change it manually to
> Automatic (delayed start), to allow time for network services to be available.

Changing it from "Automatic" to "Automatic (delayed start)" fixed the 
issue.  This is my first time messing with Windows services and didn't 
see this option initially.

Thanks for the suggestion Brian!

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin sshd doesn't use domain user names on boot up

[Chris Wilson]

On 12/5/17 12:17 PM, Brian Inglis wrote:

> Did you install the service by running ssh-host-config?

Yes.

FYI, I had to run ssh-host-config as a domain user.  When I first ran it 
as a local Administrator, the ssh-host-config script printed the following:

*** Info: User 'cyg_server' has been created with password '<redacted>'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.

passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

> Check service dependencies with:
> $ cygrunsrv -VQ sshd
> Service             : sshd
> Display name        : CYGWIN sshd
> Current State       : Running
> Controls Accepted   : Stop, Preshutdown
> Command             : /usr/sbin/sshd -D
> stdin path          : /dev/null
> stdout path         : /var/log/sshd.log
> stderr path         : /var/log/sshd.log
> Process Type        : Own Process
> Startup             : Manual
> Dependencies        : cygserver, tcpip
> Account             : .\cyg_server 

$ cygrunsrv -VQ sshd
Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Environment         : CYGWIN="ntsec"
Process Type        : Own Process
Startup             : Automatic
Account             : .\cyg_server

> You may have to add an additional dependency on netlogon or other AD services to
> ensure they are available before sshd starts.

I tried adding netlogon as a dependency to sshd, but didn't see any 
change in behavior.

> If your service start is Automatic, you may also want to change it manually to
> Automatic (delayed start), to allow time for network services to be available.

Changing it from "Automatic" to "Automatic (delayed start)" fixed the 
issue.  This is my first time messing with Windows services and didn't 
see this option initially.

Thanks for the suggestion Brian!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple