From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11090 invoked by alias); 20 Feb 2019 21:37:38 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 11066 invoked by uid 89); 20 Feb 2019 21:37:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=H*F:D*cygwin.com, click X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.134) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 20 Feb 2019 21:37:36 +0000 Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MxV8b-1hFtoq2q8f-00xvOL; Wed, 20 Feb 2019 22:37:33 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id D48ABA80303; Wed, 20 Feb 2019 22:37:32 +0100 (CET) Date: Wed, 20 Feb 2019 21:39:00 -0000 From: Corinna Vinschen To: Andy Moreton Cc: cygwin@cygwin.com Subject: Re: cygwin 3.0.1-1 breaks my sshd install Message-ID: <20190220213732.GY4256@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: Andy Moreton , cygwin@cygwin.com References: <19759126.568100.1550686604174.ref@mail.yahoo.com> <19759126.568100.1550686604174@mail.yahoo.com> <47883ab06634fed3ecdaa375016dc3fb@smtp-cloud8.xs4all.net> <20190220202536.GX4256@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cW0eHRJ76X8TDo3d" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-SW-Source: 2019-02/txt/msg00336.txt.bz2 --cW0eHRJ76X8TDo3d Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2913 On Feb 20 21:27, Andy Moreton wrote: > On Wed 20 Feb 2019, Corinna Vinschen wrote: >=20 > > On Feb 20 21:01, Houder wrote: > >> On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: > >> >=20 > >> > i can confirm the same behaviours on a 3.0.0 system. i've done > >> > several checks and have been unable to find the source of the > >> > problem. ssh -vvv shows that the connection proceeds all the way > >> > through the connection process, sends the appropriate key tokens, > >> > then the server abruptly closes the connection. all accounts on > >> > the system show the same results. > >> >=20 > >> > my 2.11.1 system, with identical ssh[d]_config files has no such > >> > problems. > >> >=20 > >> > on both systems, all relevant files and directories have correct > >> > owners and permissions. > >>=20 > >> Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 > >>=20 > >> Henri > >>=20 > >> 64-@@ uname -a > >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > >>=20 > >> 64-@@ tail /var/log/sshd.log > >> Server listening on 0.0.0.0 port 222. > >> seteuid 1004: Permission denied > > > > Sorry guys, but I can't reproduce this problem at all. I tested ssh > > login on Vista, W7 and W10 1809, in each case on 64 bit and under > > WOW64. On all systems I can login with domain as well as local > > accounts. > > > > For completeness sake I started sshd under SYSTEM as wel as under > > cyg_server account and every time it just worked. >=20 > I've seen a similar failure, on a domain-joined Windows 10 box running > cygsshd using a local cyg_server user account. I've fixed it by: > 1) Open the "Computer Management" app > Select "Services and Applications", then "Services", and > choose the cygsshd service from the list. > 2) Stop the service > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > 4) Restart the service. >=20 > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > to "LocalSystem". That actually fixed it for you? I'm a bit surprised but at least that's a neat solution, given that the new way to switch the user context doesn't require the cyg_server account anymore. SYSTEM is the way to go in future. While talking about it, i have a couple of OpenSSH upstream patches in the loop: - Rename Cygwin's sshd service to "cygsshd" becasue Microsoft hijacked the "sshd" service name for their own sshd. - The ssh-host-config script will install the service under SYSTEM in future, unless you're trying to install under Windows 7 WOW64, which will still require the cyg_server account. - Allowing to login with case-insensitive usernames. This also enables case-insensitive user and group name matching in=20 sshd_config "Match" rules. The first patch has been merged already, I'm still waiting for feedback on the other two patches... Corinna --=20 Corinna Vinschen Cygwin Maintainer --cW0eHRJ76X8TDo3d Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxtyJwACgkQ9TYGna5E T6BTPA/+M/23zQnGvsFdd2h3s1EcOmu2BpKDoTyLj5EYPbyJWGPQckXxxS/54nVL +paokn/X3grZV9tbp0zEQkPlegr/xPDzzMlt2N7oHkDqkX0n3PSMz5lgmxEELsRU 81qam6D2HP8IrYrdxhj9ugMi9NmvHP3OVhriz9A975qfIy2w/EhJxWpNvDG22gMP yH3Y/x7azNTtUfw4ONhytOMn3JNbxSzjmbUtVk/ocTlls99JZgncwIfz49YpJzLf OSw+1R9cNxTFsTBsLtabKPXg7atBMYIjZEZXAleSrha76NRQGuCyGY79UhbShCHo AQbtJAcGvSKgdsobQYtNdQh+5mHCrWM3pU9lalGjIWBJaSLeSWyAtMLVV9p0PsIY u+ZTHS2/kmkMZ1TH1fvfkP3RGRm6uN/URbN9iwrORtfLhB4zlF3B9nSIyHv5y3GW FcG323o8LWQHv/Q/9PxwebyeGfxatXiD/OzKpJ3F7H7I98E4cCOzJKhNzkgcyg9l fBOhP69d7w88OzbvFihRss4vhV93NXZw6G++CWbczdU0mPbqiEVxUy77HyAo6INO tJnkROIBH+Pz2OH2ftUK3X9zDQmxYOy+hP503Y5n7qUJpGX7eO+9zV/TwzWmy5M1 mkr/Ah9+b+cEgnYgdBC9GXHrG5gRRR+KTGAQXs13KurUdPZpw54= =DDTK -----END PGP SIGNATURE----- --cW0eHRJ76X8TDo3d--