Problem with ssh(d) - Strasser, Dominik (DI SW ICS ICV)

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: "Strasser, Dominik (DI SW ICS ICV)" <dominik.strasser@onespin.com>
To: cygwin@cygwin.com
Subject: Problem with ssh(d)
Date: Wed, 10 Nov 2021 15:50:12 +0100	[thread overview]
Message-ID: <2dfb0a68-b9e3-f9fb-817b-651fec02adf5@onespin.com> (raw)

Hi all,
I am facing the following problem with my sshd installation.

We are in an AD environment. AD holds the needed data for ssh(d) to 
work. I can log into cygwin using ssh. But if I have a key stored 
.ssh/authorized_keys for passwordless login, the groups my user is in 
differs from the one w/o an authorized keys. Unfortunately exactly the 
group(s) for accessing the shared filesystems is missing. We were 
investigating a lot and the only workaround we found is that the sshd 
service runs under the user we want to log in. This unfortunately 
disables any other user to log into the cygwin machine. When debugging 
ssh with -vvv, there is no visible difference between the login with 
authorized_keys or without (of course there is a difference wrt. the 
login method).

This is cygwin 3.2.0 and openssh openssh-8.8p1-1.

Any clues ?

Best regards

Dominik

-- 
Dominik Strasser       | Phone:  +49 89 99013-436
OneSpin Solutions GmbH | Fax:    +49 89 99013-100
Nymphenburgerstr. 20a
80335 Muenchen         | dominik.strasser@onespin.com

OneSpin Solutions GmbH
A Siemens business

Geschaeftsfuehrung: Thomas Heurung, Frank Thurauf
Sitz: Muenchen; Amtsgericht Muenchen HRB 139 464
UstID#: DE 814 413 215

next             reply	other threads:[~2021-11-10 14:50 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-10 14:50 Strasser, Dominik (DI SW ICS ICV) [this message]
2021-11-10 14:56 ` [cygwin] " Jason Pyeron
     [not found] ` <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q@mail.gmail.com>
2021-11-10 15:28   ` Strasser, Dominik (DI SW ICS ICV)
2021-11-10 15:44     ` Bill Stewart
2021-11-10 18:25       ` [cygwin] " Jason Pyeron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2dfb0a68-b9e3-f9fb-817b-651fec02adf5@onespin.com \
    --to=dominik.strasser@onespin.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).