* Unable to run sshd under a domain sshd_server account
@ 2008-05-12 16:39 Schutter, Thomas A.
2008-05-12 17:20 ` Larry Hall (Cygwin)
0 siblings, 1 reply; 2+ messages in thread
From: Schutter, Thomas A. @ 2008-05-12 16:39 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 3338 bytes --]
I am having problems setting up sshd to run under a domain sshd_server
account instead of a local sshd_server account.
Why do I want to do that? Because in the default install, starting a
cygwin shell from the console gives me a much different environment and
permissions than if I start a cygwin shell via ssh. For example, from a
console shell on the Windows 2003 Server:
$ echo $USER
tschutter
$ echo $USERNAME
tschutter
$ echo $HOSTNAME
fdsvbld01sgrape
$ echo $USERDOMAIN
FLOODDATA
$ id
uid=18718(tschutter) gid=10513(Domain Users)
groups=544(Administrators),545(Users),10513(Domain
Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins)
$ ls //other/f$
Data RECYCLER System\ Volume\ Information
But when I login via ssh:
$ echo $USER
tschutter
$ echo $USERNAME
sshd_server
$ echo $HOSTNAME
fdsvbld01sgrape
$ echo $USERDOMAIN
FDSVBLD01SGRAPE
$ id
uid=18718(tschutter) gid=10513(Domain Users)
groups=545(Users),10513(Domain Users)
$ ls //other/f$
ls: cannot access //other/f$: Permission denied
The sshd server was setup using "ssh-host-config --yes". So it appears
that when I login via ssh, I am logged in as a local user, not a domain
user. Also, when logged in via ssh, I am not in the Administrators,
FDSV-GG-PrxBLD, and FDSV-GG-PrxPCAdmins groups. As a side note, I would
think that USERNAME being set to sshd_server is a bug.
It appears that the solution is to create a domain sshd_server account
and run sshd as that user. So I created a domain account called
"fdsv-sa-prx-sshdsrvr". I gave this account the required rights:
$ editrights -a SeCreateTokenPrivilege -u fdsv-sa-prx-sshdsrvr
$ editrights -a SeTcbPrivilege -u fdsv-sa-prx-sshdsrvr
$ editrights -a SeDenyInteractiveLogonRight -u fdsv-sa-prx-sshdsrvr
$ editrights -a SeDenyNetworkLogonRight -u fdsv-sa-prx-sshdsrvr
$ editrights -a SeDenyRemoteInteractiveLogonRight -u
fdsv-sa-prx-sshdsrvr
$ editrights -a SeIncreaseQuotaPrivilege -u fdsv-sa-prx-sshdsrvr
$ editrights -a SeServiceLogonRight -u fdsv-sa-prx-sshdsrvr
I added fdsv-sa-prx-sshdsrvr to local "Administrators" group.
I changed the ownership of the /etc/ssh files and /var/empty:
$ chown fdsv-sa-prx-sshdsrvr /etc/ssh* /var/empty
I changed the log on account for the "CYGWIN sshd" service to the
fdsv-sa-prx-sshdsrvr account.
I then tried to start the service:
$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The application event log has this error message:
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help
and Support for details. The following information is part of the event:
sshd: PID 2068: service `sshd' failed: signal 11 raised.
I have attached the output from "cygcheck -s -v -r" as
grape-cygcheck.out.
So where do I go from here? What am I missing?
--
Tom Schutter
First American - Proxix Solutions
(512) 977-6822
[-- Attachment #2: grape-cygcheck.out --]
[-- Type: application/octet-stream, Size: 11466 bytes --]
Cygwin Configuration Diagnostics
Current System Time: Fri May 09 16:53:27 2008
Windows 2003 Server Ver 5.2 Build 3790 Service Pack 2
Running in Terminal Service session
Path: C:\cygwin\usr\local\bin
C:\cygwin\bin
C:\cygwin\bin
C:\cygwin\usr\X11R6\bin
c:\WINDOWS\system32
c:\WINDOWS
c:\WINDOWS\System32\Wbem
c:\Program Files\Dell\SysMgt\oma\bin
c:\Program Files\Proxix\PxPoint\bin\multithread
c:\Program Files\MySQL\MySQL Server 5.0\bin
Output from C:\cygwin\bin\id.exe (nontsec)
UID: 18718(tschutter) GID: 10513(Domain Users)
544(Administrators) 545(Users)
10513(Domain Users) 18169(FDSV-GG-PrxBLD)
22611(FDSV-GG-PrxPCAdmins)
Output from C:\cygwin\bin\id.exe (ntsec)
UID: 18718(tschutter) GID: 10513(Domain Users)
544(Administrators) 545(Users)
10513(Domain Users) 18169(FDSV-GG-PrxBLD)
22611(FDSV-GG-PrxPCAdmins)
SysDir: C:\WINDOWS\system32
WinDir: C:\WINDOWS
USER = 'tschutter'
PWD = '/home/tschutter'
HOME = '/home/tschutter'
MAKE_MODE = 'unix'
HOMEPATH = '\Documents and Settings\tschutter'
MANPATH = '/usr/local/man:/usr/share/man:/usr/man::/usr/ssl/man'
APPDATA = 'C:\Documents and Settings\tschutter\Application Data'
HOSTNAME = 'fdsvbld01sgrape'
TERM = 'cygwin'
PROCESSOR_IDENTIFIER = 'x86 Family 6 Model 15 Stepping 6, GenuineIntel'
WINDIR = 'C:\WINDOWS'
OLDPWD = '/usr/bin'
USERDOMAIN = 'FLOODDATA'
OS = 'Windows_NT'
ALLUSERSPROFILE = 'C:\Documents and Settings\All Users'
TEMP = '/cygdrive/c/DOCUME~1/TSCHUT~1/LOCALS~1/Temp/1'
COMMONPROGRAMFILES = 'C:\Program Files\Common Files'
USERNAME = 'tschutter'
CLUSTERLOG = 'C:\WINDOWS\Cluster\cluster.log'
PROCESSOR_LEVEL = '6'
FP_NO_HOST_CHECK = 'NO'
SYSTEMDRIVE = 'C:'
USERPROFILE = 'C:\Documents and Settings\tschutter'
CLIENTNAME = 'QUINCE'
PS1 = '\h:\w\$ '
LOGONSERVER = '\\FDSVBLD01SDCX04'
PROCESSOR_ARCHITECTURE = 'x86'
!C: = 'C:\cygwin\bin'
SHLVL = '1'
USERDNSDOMAIN = 'FLOODDATA.NET'
PATHEXT = '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH'
HOMEDRIVE = 'C:'
PROMPT = '$P$G'
COMSPEC = 'C:\WINDOWS\system32\cmd.exe'
TMP = '/cygdrive/c/DOCUME~1/TSCHUT~1/LOCALS~1/Temp/1'
SYSTEMROOT = 'C:\WINDOWS'
PRINTER = 'RightFax Fax Printer (from QUINCE) in session 1'
CVS_RSH = '/bin/ssh'
PROCESSOR_REVISION = '0f06'
INFOPATH = '/usr/local/info:/usr/share/info:/usr/info:'
PROGRAMFILES = 'C:\Program Files'
NUMBER_OF_PROCESSORS = '4'
SESSIONNAME = 'RDP-Tcp#1'
COMPUTERNAME = 'FDSVBLD01SGRAPE'
_ = '/usr/bin/cygcheck'
HKEY_CURRENT_USER\Software\Cygnus Solutions
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\Program Options
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2
(default) = '/cygdrive'
cygdrive flags = 0x00000022
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(default) = 'C:\cygwin'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin
(default) = 'C:\cygwin/bin'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/lib
(default) = 'C:\cygwin/lib'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\Program Options
c: hd NTFS 139337Mb 6% CP CS UN PA FC
d: cd CDFS 594Mb 100% CS CRMSFPP_EN
e: hd NTFS 30719Mb 2% CP CS UN PA FC
f: hd NTFS 540410Mb 43% CP CS UN PA FC Data
C:\cygwin / system binmode
C:\cygwin/bin /usr/bin system binmode
C:\cygwin/lib /usr/lib system binmode
. /cygdrive system binmode,cygdrive
Found: C:\cygwin\bin\awk.exe
Found: C:\cygwin\bin\bash.exe
Found: C:\cygwin\bin\cat.exe
Found: C:\cygwin\bin\cp.exe
Not Found: cpp (good!)
Not Found: crontab
Found: C:\cygwin\bin\find.exe
Not Found: gcc
Not Found: gdb
Found: C:\cygwin\bin\grep.exe
Found: C:\cygwin\bin\kill.exe
Not Found: ld
Found: C:\cygwin\bin\ls.exe
Not Found: make
Found: C:\cygwin\bin\mv.exe
Not Found: patch
Not Found: perl
Found: C:\cygwin\bin\rm.exe
Found: C:\cygwin\bin\sed.exe
Found: C:\cygwin\bin\ssh.exe
Found: C:\cygwin\bin\sh.exe
Found: C:\cygwin\bin\tar.exe
Found: C:\cygwin\bin\test.exe
Not Found: vi
Found: C:\cygwin\bin\vim.exe
61k 2008/04/01 C:\cygwin\bin\cygbz2-1.dll - os=4.0 img=1.0 sys=4.0
"cygbz2-1.dll" v0.0 ts=2008/3/31 21:37
7k 2003/10/19 C:\cygwin\bin\cygcrypt-0.dll - os=4.0 img=1.0 sys=4.0
"cygcrypt-0.dll" v0.0 ts=2003/10/19 1:57
1059k 2007/10/19 C:\cygwin\bin\cygcrypto-0.9.8.dll - os=4.0 img=1.0 sys=4.0
"cygcrypto-0.9.8.dll" v0.0 ts=2007/10/19 5:45
703k 2007/12/17 C:\cygwin\bin\cygdb-4.2.dll - os=4.0 img=1.0 sys=4.0
"cygdb-4.2.dll" v0.0 ts=2007/12/17 4:58
1036k 2007/12/17 C:\cygwin\bin\cygdb_cxx-4.2.dll - os=4.0 img=1.0 sys=4.0
"cygdb_cxx-4.2.dll" v0.0 ts=2007/12/17 4:58
118k 2007/04/06 C:\cygwin\bin\cygexpat-0.dll - os=4.0 img=1.0 sys=4.0
"cygexpat-0.dll" v0.0 ts=2007/4/6 14:43
40k 2006/11/15 C:\cygwin\bin\cygform-8.dll - os=4.0 img=1.0 sys=4.0
"cygform-8.dll" v0.0 ts=2006/11/15 0:06
19k 2006/11/19 C:\cygwin\bin\cyggdbm-4.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm-4.dll" v0.0 ts=2006/11/19 1:18
8k 2006/11/19 C:\cygwin\bin\cyggdbm_compat-4.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm_compat-4.dll" v0.0 ts=2006/11/19 1:18
25k 2008/01/04 C:\cygwin\bin\cyghistory6.dll - os=4.0 img=1.0 sys=4.0
"cyghistory6.dll" v0.0 ts=2008/1/3 20:31
271k 2007/08/24 C:\cygwin\bin\cygicons-0.dll - os=4.0 img=1.0 sys=4.0
"cygicons-0.dll" v0.0 ts=2007/8/24 1:24
976k 2006/10/22 C:\cygwin\bin\cygiconv-2.dll - os=4.0 img=1.0 sys=4.0
"cygiconv-2.dll" v0.0 ts=2006/10/22 17:44
37k 2003/08/10 C:\cygwin\bin\cygintl-2.dll - os=4.0 img=1.0 sys=4.0
"cygintl-2.dll" v0.0 ts=2003/8/10 15:50
31k 2005/11/20 C:\cygwin\bin\cygintl-3.dll - os=4.0 img=1.0 sys=4.0
"cygintl-3.dll" v0.0 ts=2005/11/19 19:04
31k 2006/10/23 C:\cygwin\bin\cygintl-8.dll - os=4.0 img=1.0 sys=4.0
"cygintl-8.dll" v0.0 ts=2006/10/22 18:12
21k 2006/11/15 C:\cygwin\bin\cygmenu-8.dll - os=4.0 img=1.0 sys=4.0
"cygmenu-8.dll" v0.0 ts=2006/11/15 0:05
20k 2006/12/21 C:\cygwin\bin\cygminires.dll - os=4.0 img=1.1 sys=4.0
"cygminires.dll" v0.0 ts=2006/12/20 22:07
67k 2006/11/15 C:\cygwin\bin\cygncurses++-8.dll - os=4.0 img=1.0 sys=4.0
"cygncurses++-8.dll" v0.0 ts=2006/11/15 0:13
237k 2006/11/15 C:\cygwin\bin\cygncurses-8.dll - os=4.0 img=1.0 sys=4.0
"cygncurses-8.dll" v0.0 ts=2006/11/15 0:02
12k 2006/11/15 C:\cygwin\bin\cygpanel-8.dll - os=4.0 img=1.0 sys=4.0
"cygpanel-8.dll" v0.0 ts=2006/11/15 0:04
150k 2008/04/25 C:\cygwin\bin\cygpcre-0.dll - os=4.0 img=1.0 sys=4.0
"cygpcre-0.dll" v0.0 ts=2008/4/24 18:30
303k 2008/04/25 C:\cygwin\bin\cygpcrecpp-0.dll - os=4.0 img=1.0 sys=4.0
"cygpcrecpp-0.dll" v0.0 ts=2008/4/24 18:30
7k 2008/04/25 C:\cygwin\bin\cygpcreposix-0.dll - os=4.0 img=1.0 sys=4.0
"cygpcreposix-0.dll" v0.0 ts=2008/4/24 18:30
22k 2002/06/09 C:\cygwin\bin\cygpopt-0.dll - os=4.0 img=1.0 sys=4.0
"cygpopt-0.dll" v0.0 ts=2002/6/8 23:45
155k 2008/01/04 C:\cygwin\bin\cygreadline6.dll - os=4.0 img=1.0 sys=4.0
"cygreadline6.dll" v0.0 ts=2008/1/3 20:31
219k 2007/10/19 C:\cygwin\bin\cygssl-0.9.8.dll - os=4.0 img=1.0 sys=4.0
"cygssl-0.9.8.dll" v0.0 ts=2007/10/19 5:45
22k 2008/02/24 C:\cygwin\bin\cygwrap-0.dll - os=4.0 img=1.0 sys=4.0
"cygwrap-0.dll" v0.0 ts=2008/2/23 0:03
65k 2006/10/16 C:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0
"cygz.dll" v0.0 ts=2006/10/15 19:10
1829k 2008/04/17 C:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0
"cygwin1.dll" v0.0 ts=2008/4/17 4:11
Cygwin DLL version info:
DLL version: 1.5.25
DLL epoch: 19
DLL bad signal mask: 19005
DLL old termios: 5
DLL malloc env: 28
API major: 0
API minor: 156
Shared data: 4
DLL identifier: cygwin1
Mount registry: 2
Cygnus registry name: Cygnus Solutions
Cygwin registry name: Cygwin
Program options name: Program Options
Cygwin mount registry name: mounts v2
Cygdrive flags: cygdrive flags
Cygdrive prefix: cygdrive prefix
Cygdrive default prefix:
Build date: Thu Apr 17 12:11:03 CEST 2008
CVS tag: cr-0x5f1
Shared id: cygwin1S4
Service : sshd
Display name : CYGWIN sshd
Current State : Stopped
Command : /usr/sbin/sshd -D
stdin path : /dev/null
stdout path : /var/log/sshd.log
stderr path : /var/log/sshd.log
Environment : CYGWIN="ntsec"
Process Type : Own Process
Startup : Automatic
Dependencies : tcpip
Account : fdsv-sa-prx-sshdsrvr@flooddata.net
Cygwin Package Information
Last downloaded files to: C:\cygwin\LocalPackageDir
Last downloaded files from: http://mirror.rhsmith.umd.edu/pub/cygwin
Package Version
_update-info-dir 00730-1
alternatives 1.3.30c-2
ash 20040127-3
base-files 3.7-1
base-passwd 2.2-1
bash 3.2.39-19
bzip2 1.0.5-2
coreutils 6.10-1
crypt 1.1-1
cygrunsrv 1.34-1
cygutils 1.3.2-1
cygwin 1.5.25-12
cygwin-doc 1.4-4
diffutils 2.8.7-1
editrights 1.01-2
expat 1.95.8-2
findutils 4.4.0-1
gawk 3.1.6-1
grep 2.5.1a-4
groff 1.18.1-2
gzip 1.3.12-2
less 382-1
libbz2_1 1.0.5-2
libdb4.2 4.2.52.5-2
libexpat0 1.95.8-2
libgdbm4 1.8.3-8
libiconv2 1.11-1
libintl2 0.12.1-3
libintl3 0.14.5-1
libintl8 0.15-1
libncurses8 5.5-3
libpcre0 7.6-2
libpopt0 1.6.4-4
libreadline6 5.2.12-10
libwrap0 7.6-4
login 1.9-7
man 1.6e-1
minires 1.01-1
netcat 1.10-2
openssh 5.0p1-1
openssl 0.9.8g-1
procps 3.2.7-1
python 2.5.1-2
rebase 2.4.3-1
rsync 2.6.9-2
run 1.1.10-1
sed 4.1.5-2
tar 1.20-1
tcltk 20080420-1
tcsh 6.15.00-4
termcap 20050421-1
terminfo 5.5_20061104-1
texinfo 4.8a-1
tzcode 2007h-2
unzip 5.52-2
vim 7.1-1
which 2.19-1
zip 2.32-2
zlib 1.2.3-2
Use -h to see help about each section
[-- Attachment #3: Type: text/plain, Size: 218 bytes --]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Unable to run sshd under a domain sshd_server account
2008-05-12 16:39 Unable to run sshd under a domain sshd_server account Schutter, Thomas A.
@ 2008-05-12 17:20 ` Larry Hall (Cygwin)
0 siblings, 0 replies; 2+ messages in thread
From: Larry Hall (Cygwin) @ 2008-05-12 17:20 UTC (permalink / raw)
To: cygwin
Schutter, Thomas A. wrote:
> I am having problems setting up sshd to run under a domain sshd_server
> account instead of a local sshd_server account.
>
> Why do I want to do that? Because in the default install, starting a
> cygwin shell from the console gives me a much different environment and
> permissions than if I start a cygwin shell via ssh. For example, from a
> console shell on the Windows 2003 Server:
> $ echo $USER
> tschutter
> $ echo $USERNAME
> tschutter
> $ echo $HOSTNAME
> fdsvbld01sgrape
> $ echo $USERDOMAIN
> FLOODDATA
> $ id
> uid=18718(tschutter) gid=10513(Domain Users)
> groups=544(Administrators),545(Users),10513(Domain
> Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins)
> $ ls //other/f$
> Data RECYCLER System\ Volume\ Information
>
> But when I login via ssh:
> $ echo $USER
> tschutter
> $ echo $USERNAME
> sshd_server
> $ echo $HOSTNAME
> fdsvbld01sgrape
> $ echo $USERDOMAIN
> FDSVBLD01SGRAPE
> $ id
> uid=18718(tschutter) gid=10513(Domain Users)
> groups=545(Users),10513(Domain Users)
> $ ls //other/f$
> ls: cannot access //other/f$: Permission denied
Obviously you're using pubkey authentication. If that's not an absolute
requirement for you, then use password authentication. That will resolve
your problem. Otherwise, if you must use pubkey authentication, I'll
direct you to the FAQ:
<http://cygwin.com/faq/faq-nochunks.html#faq.using.shares>
These are the recommended workarounds for this issue for the 1.5.x
Cygwin package series.
The 1.7.x Cygwin package series will offer an alternative approach
which resolves the issue but is not released so it's only available in
snapshots. Search for 'cyglsa' if you're curious about this new facility.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
_____________________________________________________________________
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-05-12 16:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-05-12 16:39 Unable to run sshd under a domain sshd_server account Schutter, Thomas A.
2008-05-12 17:20 ` Larry Hall (Cygwin)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).