From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30285 invoked by alias); 17 Sep 2003 23:16:28 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 30276 invoked from network); 17 Sep 2003 23:16:27 -0000 Received: from unknown (HELO foundation.speeq.com) (213.41.71.26) by sources.redhat.com with SMTP; 17 Sep 2003 23:16:27 -0000 Received: from speeq.com [213.41.140.136] by foundation.speeq.com with ESMTP (SMTPD32-6.06) id A98318603B0; Thu, 18 Sep 2003 01:08:51 +0200 Message-ID: <3F68ECC8.1010205@speeq.com> Date: Wed, 17 Sep 2003 23:18:00 -0000 From: Olivier ALLART User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Cygwin List Subject: Re: SSHD, Cygwin and Windows 2003 : continued with user rights References: <5.1.0.14.0.20030917142253.02624cb8@127.0.0.1> <5.1.0.14.0.20030917142253.02624cb8@127.0.0.1> <5.1.0.14.0.20030917151801.02883678@127.0.0.1> In-Reply-To: <5.1.0.14.0.20030917151801.02883678@127.0.0.1> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-SW-Source: 2003-09/txt/msg01180.txt.bz2 Larry Hall wrote: >Hm, I thought I was clear. Let me try again addressing iisreset >specifically. > >iisreset doesn't work in the scenario you described because it's a Microsoft tool which knows nothing of the Cygwin environment. Cygwin's ssh using >pubkey authentication doesn't authenticate the user with Windows. So if >you need certain credentials to perform some operation in Windows, pubkey >authentication won't provide them. > Ok. I tought ssh offered some mechanism trough cygwin to authenticate as if under windows .. That means the 'administrator' account via ssh pubkey is not 'administrator' then .. >If you need to run iisreset through ssh, >you will need to use password authentication, which takes the password for >the user 'administrator' and authenticates for Windows with it. You should >then be able to use iisreset (if authentication is really the only thing >getting in the way with pubkey). > yes it is, since it is working with ssh connection (using password on login) when sshd runs under 'local system' >I don't know what are the "*some commands*" you're speaking of, but if they >are Cygwin utilities, then I think the answer is obvious. If they are not >Cygwin utilities, then I would have to say that they don't require special >privileges to run. This is actually true for most utilities. But if this >is still confusing for you, you'll have to provide specifics. However, I >think you'll find that it's likely that anything that works for you in ssh >using pubkey authentication falls into one of the two groups of utilities I >mentioned. > and you are probably right. other commands are for example 'wlbs' (or nlb). My problem is : I want to execute some remote (but encrypted) commands using both wlbs and iisreset. wlbs works fine from remote, but so is not for IISreset. I thought authentication using ssh and public key would allow me to perform the iisreset command.. But from what you explained; it is clear that whatever user logs in with pubkey, it won't be considered as 'administrator' It looks like iisreset can only be performed *locally* by *local administrator*, which is dumb in the situation where you are from remote. Only other remote control would be 'telnet' but hey, ms telnet can't pertform remote commands. Last question; if I provided a pubkey in the 'administrator' (cygwin) environment, who am I for windows ? Thank you very much. Next I guess I'll go look for some tip on how to unlock iisreset so it can be used by whatever admin and not just local .. > >HTH, > >Larry > > >At 02:56 PM 9/17/2003, Olivier ALLART you wrote: > > > >>Thank you for the details, but then, why *some commands* work and not others ? >>And more specifically, how can I make *this command* work ? >> >> >>Larry Hall wrote: >> >> >> >>>I think you missed the fact that pubkey authentication does impersonation, >>>not Windows-style authentication. So Windows apps won't recognize the pubkey >>>authentication as providing permissions to run restricted programs. You'll >>>have to use password authentication if you want Windows to recognize the >>>user you've become via ssh. You can find all sorts of discussion on the difference between pubkey and password authentication for ssh in the email archives if you're interested. >>> >>> >>> >>At 12:40 PM 9/17/2003, Olivier ALLART you wrote: >> >> >> >>>Following Mark J de Jong 's step by step howto (see end of mail for some add-ons), I can now effectively log in with pkey method (that is, no password) using the 'administrator' user name. >>>'whoami' returns 'administrator', however asking for a command such as IISRESET returns the error 'you are not a local administrator of this machine...', which means the rights management has failed somewhere. >>> >>> >>> >> >> >> >> >>>-- >>>Larry Hall http://www.rfk.com >>>RFK Partners, Inc. (508) 893-9779 - RFK Office >>>838 Washington Street (508) 893-9889 - FAX >>>Holliston, MA 01746 >>> >>> >>>. >>> >>> >>> >>> >> >>-- >>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>Problem reports: http://cygwin.com/problems.html >>Documentation: http://cygwin.com/docs.html >>FAQ: http://cygwin.com/faq/ >> >> > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ > > >. > > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/