Re: SSH Key Authentication is not working

Re: SSH Key Authentication is not working

[Tadej Animalix]

Hey,

I'm turning here for help since I have a feeling that I searched the
whole web and I didn't find a solution.

I use CYGWIN on Windows 7 to allow connections via SSH, and it works
OK if I use username and password for authentication, but it doesn't
work with key authentication.

At first I noticed that Putty log contains this events
("SSH2_MSG_USERAUTH_REQUEST" sent as last message):
    Event Log: Offered public key
    Event Log: Server unexpectedly closed network connection


In sshd.log I found that this error was recorded:
      "0 [main] sshd 20872 fork: child -1 - forked process 17012 died
unexpectedly, retry 0, exit code 0xC000007B, errno 11"


I looked further and I found that in Windows "Event Viewer" error gets
reported by sshd:
    "The description for Event ID 0 from source sshd cannot be found.
Either the component that raises this event is not installed on your
local computer or the installation is corrupted. You can install or
repair the component on the local computer.

    If the event originated on another computer, the display
information had to be saved with the event.

    The following information was included with the event:

    sshd: PID 17112: fatal: seteuid 1000: Operation not permitted"

I found a guy who had similar problem
(http://cygwin.com/ml/cygwin/2012-06/msg00316.html), and there they
mention "there is no solution" for this problem, so I was wondering if
that's true?

Could someone please push me into the right direction?

Look forward to hear from you.

Thanks and Bye, Tadej

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH Key Authentication is not working

[Larry Hall (Cygwin)]

On 10/14/2013 6:11 PM, Tadej Animalix wrote:
> Hey,
>
> I'm turning here for help since I have a feeling that I searched the
> whole web and I didn't find a solution.
>
> I use CYGWIN on Windows 7 to allow connections via SSH, and it works
> OK if I use username and password for authentication, but it doesn't
> work with key authentication.
>
> At first I noticed that Putty log contains this events
> ("SSH2_MSG_USERAUTH_REQUEST" sent as last message):
>      Event Log: Offered public key
>      Event Log: Server unexpectedly closed network connection
>
>
> In sshd.log I found that this error was recorded:
>        "0 [main] sshd 20872 fork: child -1 - forked process 17012 died
> unexpectedly, retry 0, exit code 0xC000007B, errno 11"
>
>
> I looked further and I found that in Windows "Event Viewer" error gets
> reported by sshd:
>      "The description for Event ID 0 from source sshd cannot be found.
> Either the component that raises this event is not installed on your
> local computer or the installation is corrupted. You can install or
> repair the component on the local computer.
>
>      If the event originated on another computer, the display
> information had to be saved with the event.
>
>      The following information was included with the event:
>
>      sshd: PID 17112: fatal: seteuid 1000: Operation not permitted"
>
> I found a guy who had similar problem
> (http://cygwin.com/ml/cygwin/2012-06/msg00316.html), and there they
> mention "there is no solution" for this problem, so I was wondering if
> that's true?

You have a different error code so it's not clear that this is the
same case.

> Could someone please push me into the right direction?

Sure.  Let's start here:

> Problem reports:       http://cygwin.com/problems.html

Include how you've configured 'sshd' and your cygcheck output in your
follow-up.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH Key Authentication is not working

[Tadej Animalix]

Thanks for quick reply. Any idea why I didn't receive email about this reply?

First I would need to tell you think "sshd.log" may not be from the
same session, so please ignore it.

After installation of CYGWIN with OpenSSH I added path of bin
directory to global variables and I ran these commands:
chmod +r  /etc/passwd
chmod u+w /etc/passwd
chmod +r  /etc/group
chmod u+w /etc/group
chmod  755  /var
touch /var/log/sshd.log
chmod 664 /var/log/sshd.log


Then I started "ssh-host-config" and entered:
"ntsec tty" for saemon
answered all with yes

and I changed name to "sshd" and entered a password.

After that I ran "cyglsa-config" and answered Yes and rebooted computer.

Then in cmd I ran "ash" and re-based all with "/usr/bin/rebaseall".

Then I opened CYGWIN terminal and executed lines bellow:
chown system /etc/ssh*
chown system /var/empty
mkgroup -l > ..\etc\group
mkpasswd -l > ..\etc\passwd

After that I was able to start "CYGWIN sshd" as service and I was able
to connect with user-pwd authentication, but key login doesn't work at
this point.

I've also tried to CHMOD ".ssh" folder and "authorized_keys" but that
didn't help.

Am I missing something?

Thanks for your help.

Bye, Tadej

On Tue, Oct 15, 2013 at 6:27 AM, Tadej Animalix
<theanimalixster@gmail.com> wrote:
> Thanks for quick reply. Any idea why I didn't receive email about this
> reply?
>
> First I would need to tell you think "sshd.log" may not be from the same
> session, so please ignore it.
>
> After installation of CYGWIN with OpenSSH I added path of bin directory to
> global variables and I ran these commands:
> chmod +r  /etc/passwd
> chmod u+w /etc/passwd
> chmod +r  /etc/group
> chmod u+w /etc/group
> chmod  755  /var
> touch /var/log/sshd.log
> chmod 664 /var/log/sshd.log
>
>
> Then I started "ssh-host-config" and entered:
> "ntsec tty" for saemon
> answered all with yes
>
> and I changed name to "sshd" and entered a password.
>
> After that I ran "cyglsa-config" and answered Yes and rebooted computer.
>
> Then in cmd I ran "ash" and re-based all with "/usr/bin/rebaseall".
>
> Then I opened CYGWIN terminal and executed lines bellow:
> chown system /etc/ssh*
> chown system /var/empty
> mkgroup -l > ..\etc\group
> mkpasswd -l > ..\etc\passwd
>
> After that I was able to start "CYGWIN sshd" as service and I was able to
> connect with user-pwd authentication, but key login doesn't work at this
> point.
>
> I've also tried to CHMOD ".ssh" folder and "authorized_keys" but that didn't
> help.
>
> Am I missing something?
>
> Thanks for your help.
>
> Bye, Tadej
>
>
>
>
>
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH Key Authentication is not working

[Larry Hall (Cygwin)]

On 10/15/2013 12:29 AM, Tadej Animalix wrote:
> Thanks for quick reply. Any idea why I didn't receive email about this reply?

Typical etiquette for this list is to correspond through the list, though
some may make an extra effort to explicitly include your email address if
you request it.  That courtesy may break down over the course of the thread
though, which is at least part of the reason for the preference to do
everything through the list.

> First I would need to tell you think "sshd.log" may not be from the
> same session, so please ignore it.

Since you didn't include it, I think that's easy to do. ;-)

> After installation of CYGWIN with OpenSSH I added path of bin
> directory to global variables and I ran these commands:
> chmod +r  /etc/passwd
> chmod u+w /etc/passwd
> chmod +r  /etc/group
> chmod u+w /etc/group
> chmod  755  /var
> touch /var/log/sshd.log
> chmod 664 /var/log/sshd.log

None of this should be required but probably isn't causing a problem.
The only difference I saw between what you have above and what I have
is /var/log/sshd.log is 644.

> Then I started "ssh-host-config" and entered:
> "ntsec tty" for saemon

Both of these are deprecated.  See:

<http://cygwin.com/cygwin-ug-net/using-cygwinenv.html#cygwinenv-removed-options>

> answered all with yes
>
> and I changed name to "sshd" and entered a password.

This sounds like a problem to me.  The 'sshd' user is already created
automatically if you ask for "privilege separation", which you did by
answering "yes" to all questions.  Please re-run 'ssh-host-config' and
allow it to use the default 'cyg-server' user name for the service.  If
you absolutely must change it to something else, do not use 'sshd' or
any other existing name.

> After that I ran "cyglsa-config" and answered Yes and rebooted computer.

While this is certainly a valid way to run sshd, I'm curious why you
went this route?  Assuming the above advice isn't helpful, try without
cyglsa.

> Then in cmd I ran "ash" and re-based all with "/usr/bin/rebaseall".
>
> Then I opened CYGWIN terminal and executed lines bellow:
> chown system /etc/ssh*
> chown system /var/empty

Why are you doing this?  'ssh-host-config' takes care of setting the
permissions and ownership as required.  What you've done above is
wrong.  The owner of these files should be the user that is running
the 'sshd' service (i.e. 'cyg-server' by default).

> mkgroup -l > ..\etc\group
> mkpasswd -l > ..\etc\passwd

The above also should not be necessary and, depending on where you
invoked it from, may not have had any affect at all.

> After that I was able to start "CYGWIN sshd" as service and I was able
> to connect with user-pwd authentication, but key login doesn't work at
> this point.
>
> I've also tried to CHMOD ".ssh" folder and "authorized_keys" but that
> didn't help.

Right.  Again, 'ssh-user-config' script sets these permissions properly.
Just remove '.ssh' and re-run 'ssh-user-config'.

> Am I missing something?

Given all the changes you've made, I get the feeling that you've missed
the '/usr/share/doc/Cygwin/openssh.README' file which, toward the end of
the file, has very explicit and simple directions for configuring your
OpenSSH installation.  It is possible with all the "external" advice
you've found and tried, you may find it easier to just wipe your install
and start over.  If you do so, I recommend that rely only on the config
scripts provided to configure your system.  If you choose to try to
undo what you've done, the scripts can be a good guide to what needs
altering.  Any future correspondence with the list on this issue should
be accompanied by the output of 'cygcheck -svr'.  Please *attach* (rather
than append) this output.


-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH Key Authentication is not working

[Tadej Animalix]

Thanks for helping and sorry for the late reply.

I see...I'll be checking for updates manually then.I thought this
system is email based, since the only way I know how to reply is via
email. Am I missing something?

However, back to the main problem.... I don't have much experience
with linux (didn't have need to use it till today, although I had it
installed a few years ago, just out of curiosity) and it's the first
time I use CYGWIN so I guess that's the reason why I was kicking in
the dark. Thanks for the answers above, they were really enlightening.

I will try to re-install and configure my server on 2nd computer
(still have problems there), while I already solved the problem on 1st
one (for both I use the same setup approach). I found out that the
problem was with the way I was adding keys to "authorized_keys" file;
I used "cat" command to append the key but I didn't append a new line,
which resulted in very long key. When I deleted the content of that
file and tried again it worked (I always append with new line...I
suppose that empty line in that file shouldn't cause problems).

However, on 2nd computer that didn't seem to solve the problem so I'll
have to investigate further by first re-installing the CYGWIN
according to your recommendations. I hope that doing that will solve
my problem...will report back here later.

Thanks again.

Bye, Tadej

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH Key Authentication is not working

[Larry Hall (Cygwin)]

On 10/17/2013 2:54 PM, Tadej Animalix wrote:
> I see...I'll be checking for updates manually then.I thought this
> system is email based, since the only way I know how to reply is via
> email. Am I missing something?

No, the list is email-based.  However, since we prefer that replies remain
on the list rather than (perhaps inadvertently) degenerating into a
personal exchange, replies are automatically directed to the list.  This
makes sure that the exchange is shared with those on the list and archived
for those that might be searching for a solution to a similar problem in
the future.

Despite being an email list, there is a newsgroup portal that gives you
that alternate way of interacting with the list, if you prefer.  See
<http://gmane.org/find.php?list=cygwin>

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple