From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: renaud.rolles@giraudbtp.com
Cc: cygwin@cygwin.com
Subject: Re: sshd: fatal: seteuid XXX : No such device or address
Date: Thu, 14 Mar 2019 13:53:00 -0000 [thread overview]
Message-ID: <20190314135334.GH3785@calimero.vinschen.de> (raw)
In-Reply-To: <014e01d4da69$965ee650$c31cb2f0$@giraudbtp.com>
[-- Attachment #1: Type: text/plain, Size: 2369 bytes --]
On Mar 14 14:26, renaud.rolles@giraudbtp.com wrote:
> >
> > On Mar 14 12:39, renaud.rolles@giraudbtp.com wrote:
> > > I can login via password, it work and lets me in.
> > > But if i tried with my keys, I get in the event viewer :
> > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> >
> > - Make sure to login with the Administrator account case-sensitive.
> > If your account is called "Administrator", then use an uppercase
> > 'A' when logging in.
> >
> > This case-sensitivity issue is a temporary workaround for a
> > potential security problem in OpenSSH. This will be rectified
> > with OpenSSH 8.0 which allows to login case-insentive again.
>
> With Uppercase i do have a login prompt, but (with the good password), I cant login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username administrator
As I said above, *if* your account is called Administrator...
> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 port 60876 ssh2
>
> >
> > - If that doesn't help, switch the user running the sshd service from
> > "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> >
>
> This worked, like a charm, thank you 😊
>
> > Cygwin switched the logon method and this method doesn't run
> > under the "cyg_server" account sometimes. However, switching
> > back to "LocalSystem" instead of having to create a special
> > "cyg_server" service account is one of the advantages of the
> > new logon method. For details, see
> >
> > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> >
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing
> the password ?
The cyg_server account has been introduced many years ago as a
workaround for a change in the LocalSystem permissions in
Windows 2003 and later. The new S4ULogon method makes the cyg_server
account obsolete because the reduced permissions of LocalSystem
are sufficient now.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-03-14 13:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 11:39 renaud.rolles
2019-03-14 12:10 ` Corinna Vinschen
2019-03-14 13:26 ` renaud.rolles
2019-03-14 13:53 ` Corinna Vinschen [this message]
2019-03-14 14:03 ` renaud.rolles
2019-03-14 14:20 ` Andrey Repin
2019-03-14 14:24 ` David Dombrowsky
2019-03-14 14:27 ` Corinna Vinschen
2019-03-14 14:50 ` Andrey Repin
2019-03-14 14:38 ` renaud.rolles
2019-03-14 15:07 ` Andrey Repin
2019-03-14 15:29 ` renaud.rolles
2019-07-10 16:10 ` schleprock
2019-03-14 15:53 ` Houder
2019-03-14 17:29 ` Corinna Vinschen
2019-03-15 13:06 ` Houder
2019-03-15 13:42 ` Corinna Vinschen
2019-03-15 19:39 ` Houder
2019-03-15 20:41 ` Corinna Vinschen
2019-03-16 9:21 ` Houder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190314135334.GH3785@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
--cc=renaud.rolles@giraudbtp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).