Problem with ssh on Windows 2012 R2

Problem with ssh on Windows 2012 R2

[Andreas Turriff]

I am running Cygwin (i686 / 32-bit) on Windows 2012 R2 in an Active 
Directory environment; the version in use is

> $ uname -a
> CYGWIN_NT-6.3-WOW (redacted) 2.0.2(0.287/5/3) 2015-05-08 17:03 i686 
> Cygwin

OpenSSH version is

> $ ssh -V
> OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015

For internal reasons in my organization, I cannot upgrade to the current 
version of Cygwin at present.

Following the installation instructions for sshd as a service (i.e., run 
ssh-host-config and follow the prompts), I end up with a system running 
sshd, that closes connections immediately after authentication. DEBUG3 
output from ssh client and server follows:

> $ ssh -vvv localhost
> OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015
> debug1: Reading configuration data /etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/(redacted)/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.8
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
> debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
> debug2: fd 3 setting O_NONBLOCK
> debug3: hostkeys_foreach: reading file 
> "/home/(redacted)/.ssh/known_hosts"
> debug3: record_hostkey: found key type ECDSA in file 
> /home/(redacted)/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys from localhost
> debug3: order_hostkeyalgs: prefer hostkeyalgs: 
> ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
>
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: 
> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
>
> debug2: kex_parse_kexinit: 
> ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss 
>
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
>
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
>
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: 
> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 
>
> debug2: kex_parse_kexinit: 
> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com 
>
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com 
>
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
>
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
>
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
> debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256 
> SHA256:bD6rbS3+AD7X5jbfwB758K5wYqBg4MEOC0QvwJc7Ma0
> debug3: hostkeys_foreach: reading file 
> "/home/(redacted)/.ssh/known_hosts"
> debug3: record_hostkey: found key type ECDSA in file 
> /home/(redacted)/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys from localhost
> debug1: Host 'localhost' is known and matches the ECDSA host key.
> debug1: Found key in /home/(redacted)/.ssh/known_hosts:1
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/(redacted)/.ssh/id_rsa (0x0),
> debug2: key: /home/(redacted)/.ssh/id_dsa (0x0),
> debug2: key: /home/(redacted)/.ssh/id_ecdsa (0x0),
> debug2: key: /home/(redacted)/.ssh/id_ed25519 (0x0),
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> debug3: start over, passed a different list 
> publickey,password,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/(redacted)/.ssh/id_rsa
> debug3: no such identity: /home/(redacted)/.ssh/id_rsa: No such file 
> or directory
> debug1: Trying private key: /home/(redacted)/.ssh/id_dsa
> debug3: no such identity: /home/(redacted)/.ssh/id_dsa: No such file 
> or directory
> debug1: Trying private key: /home/(redacted)/.ssh/id_ecdsa
> debug3: no such identity: /home/(redacted)/.ssh/id_ecdsa: No such file 
> or directory
> debug1: Trying private key: /home/(redacted)/.ssh/id_ed25519
> debug3: no such identity: /home/(redacted)/.ssh/id_ed25519: No such 
> file or directory
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> (redacted)@localhost's password:
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> Permission denied, please try again.
> (redacted)@localhost's password:
> debug2: we sent a password packet, wait for reply
> debug1: Authentication succeeded (password).
> Authenticated to localhost ([127.0.0.1]:22).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions@openssh.com
> debug1: Entering interactive session.
> debug1: client_input_global_request: rtype hostkeys-00@openssh.com 
> want_reply 0
> debug2: callback start
> debug2: fd 3 setting TCP_NODELAY
> debug3: ssh_packet_set_tos: set IP_TOS 0x10
> debug2: client_session2_setup: id 0
> debug2: channel 0: request pty-req confirm 1
> debug2: channel 0: request shell confirm 1
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: PTY allocation request accepted on channel 0
> debug2: channel 0: rcvd adjust 2097152
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: shell request accepted on channel 0
> Last login: Mon Aug 24 11:22:28 2015 from 127.0.0.1
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
> debug2: channel 0: rcvd eow
> debug2: channel 0: close_read
> debug2: channel 0: input open -> closed
> debug2: channel 0: rcvd eof
> debug2: channel 0: output open -> drain
> debug2: channel 0: obuf empty
> debug2: channel 0: close_write
> debug2: channel 0: output drain -> closed
> debug2: channel 0: rcvd close
> debug3: channel 0: will not send data after close
> debug2: channel 0: almost dead
> debug2: channel 0: gc: notify user
> debug2: channel 0: gc: user detached
> debug2: channel 0: send close
> debug2: channel 0: is dead
> debug2: channel 0: garbage collecting
> debug1: channel 0: free: client-session, nchannels 1
> debug3: channel 0: status: The following connections are open:
> Â  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
>
> Connection to localhost closed.
> Transferred: sent 2972, received 2716 bytes, in 0.1 seconds
> Bytes per second: sent 44707.2, received 40856.2
> debug1: Exit status 5

> $ cat /var/log/sshd.log
> Received signal 15; terminating.
> debug2: fd 3 setting O_NONBLOCK
> debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug2: fd 4 setting O_NONBLOCK
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: fd 5 clearing O_NONBLOCK
> debug1: Forked child 3680.
> debug3: send_rexec_state: entering fd = 8 config len 250
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
> debug1: inetd sockets after dupping: 3, 3
> Connection from 127.0.0.1 port 49552 on 127.0.0.1 port 22
> debug1: Client protocol version 2.0; client software version OpenSSH_6.8
> debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.8
> debug2: fd 3 setting O_NONBLOCK
> debug2: Network child is on pid 2932
> debug3: preauth child monitor started
> debug1: list_hostkey_types: 
> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> debug1: SSH2_MSG_KEXINIT sent [preauth]
> debug1: SSH2_MSG_KEXINIT received [preauth]
> debug2: kex_parse_kexinit: 
> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 
> [preauth]
> debug2: kex_parse_kexinit: 
> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com 
> [preauth]
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com 
> [preauth]
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
> [preauth]
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
> [preauth]
> debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
> debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
> debug2: kex_parse_kexinit:Â  [preauth]
> debug2: kex_parse_kexinit:Â  [preauth]
> debug2: kex_parse_kexinit: first_kex_follows 0Â  [preauth]
> debug2: kex_parse_kexinit: reserved 0Â  [preauth]
> debug2: kex_parse_kexinit: 
> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
> [preauth]
> debug2: kex_parse_kexinit: 
> ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss 
> [preauth]
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
> [preauth]
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
> [preauth]
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
> [preauth]
> debug2: kex_parse_kexinit: 
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
> [preauth]
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
> debug2: kex_parse_kexinit:Â  [preauth]
> debug2: kex_parse_kexinit:Â  [preauth]
> debug2: kex_parse_kexinit: first_kex_follows 0Â  [preauth]
> debug2: kex_parse_kexinit: reserved 0Â  [preauth]
> debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none 
> [preauth]
> debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none 
> [preauth]
> debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
> debug3: mm_key_sign entering [preauth]
> debug3: mm_request_send entering: type 6 [preauth]
> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
> debug3: mm_request_receive_expect entering: type 7 [preauth]
> debug3: mm_request_receive entering [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 6
> debug3: mm_answer_sign
> debug3: mm_answer_sign: hostkey proof signature 0x80057918(100)
> debug3: mm_request_send entering: type 7
> debug2: monitor_read: 6 used once, disabling now
> debug2: set_newkeys: mode 1 [preauth]
> debug1: SSH2_MSG_NEWKEYS sent [preauth]
> debug1: expecting SSH2_MSG_NEWKEYS [preauth]
> debug2: set_newkeys: mode 0 [preauth]
> debug1: SSH2_MSG_NEWKEYS received [preauth]
> debug1: KEX done [preauth]
> debug1: userauth-request for user (redacted) service ssh-connection 
> method none [preauth]
> debug1: attempt 0 failures 0 [preauth]
> debug3: mm_getpwnamallow entering [preauth]
> debug3: mm_request_send entering: type 8 [preauth]
> debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
> debug3: mm_request_receive_expect entering: type 9 [preauth]
> debug3: mm_request_receive entering [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 8
> debug3: mm_answer_pwnamallow
> debug2: parse_server_config: config reprocess config len 250
> debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
> debug3: mm_request_send entering: type 9
> debug2: monitor_read: 8 used once, disabling now
> debug2: input_userauth_request: setting up authctxt for (redacted) 
> [preauth]
> debug3: mm_inform_authserv entering [preauth]
> debug3: mm_request_send entering: type 4 [preauth]
> debug2: input_userauth_request: try method none [preauth]
> debug3: userauth_finish: failure partial=0 next 
> methods="publickey,password,keyboard-interactive" [preauth]
> debug1: userauth-request for user (redacted) service ssh-connection 
> method keyboard-interactive [preauth]
> debug1: attempt 1 failures 0 [preauth]
> debug2: input_userauth_request: try method keyboard-interactive [preauth]
> debug1: keyboard-interactive devs  [preauth]
> debug1: auth2_challenge: user=(redacted) devs= [preauth]
> debug1: kbdint_alloc: devices '' [preauth]
> debug2: auth2_challenge_start: devices  [preauth]
> debug3: userauth_finish: failure partial=0 next 
> methods="publickey,password,keyboard-interactive" [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 4
> debug3: mm_answer_authserv: service=ssh-connection, style=
> debug2: monitor_read: 4 used once, disabling now
> debug1: userauth-request for user (redacted) service ssh-connection 
> method password [preauth]
> debug1: attempt 2 failures 1 [preauth]
> debug2: input_userauth_request: try method password [preauth]
> debug3: mm_auth_password entering [preauth]
> debug3: mm_request_send entering: type 12 [preauth]
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
> debug3: mm_request_receive_expect entering: type 13 [preauth]
> debug3: mm_request_receive entering [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 12
> debug3: mm_answer_authpassword: sending result 0
> debug3: mm_request_send entering: type 13
> Failed password for (redacted) from 127.0.0.1 port 49552 ssh2
> debug3: mm_auth_password: user not authenticated [preauth]
> debug3: userauth_finish: failure partial=0 next 
> methods="publickey,password,keyboard-interactive" [preauth]
> debug1: userauth-request for user (redacted) service ssh-connection 
> method password [preauth]
> debug1: attempt 3 failures 2 [preauth]
> debug2: input_userauth_request: try method password [preauth]
> debug3: mm_auth_password entering [preauth]
> debug3: mm_request_send entering: type 12 [preauth]
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
> debug3: mm_request_receive_expect entering: type 13 [preauth]
> debug3: mm_request_receive entering [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 12
> debug3: mm_answer_authpassword: sending result 1
> debug3: mm_request_send entering: type 13
> Accepted password for (redacted) from 127.0.0.1 port 49552 ssh2
> debug1: monitor_child_preauth: (redacted) has been authenticated by 
> privileged process
> debug3: mm_get_keystate: Waiting for new keys
> debug3: mm_request_receive_expect entering: type 26
> debug3: mm_request_receive entering
> debug3: mm_get_keystate: GOT new keys
> debug3: mm_auth_password: user authenticated [preauth]
> debug3: mm_request_send entering: type 26 [preauth]
> debug3: mm_send_keystate: Finished sending state [preauth]
> debug1: monitor_read_log: child log fd closed
> debug3: mm_share_sync: Share sync
> debug3: mm_share_sync: Share sync end
> debug3: monitor_apply_keystate: packet_set_state
> debug2: set_newkeys: mode 0
> debug2: set_newkeys: mode 1
> debug1: ssh_packet_set_postauth: called
> debug3: ssh_packet_set_state: done
> debug3: notify_hostkeys: key 0: ssh-rsa 
> SHA256:M0fKnOyGZ1wNKJXRi9aYBbyezWLKksBf+JPsPETp/jU
> debug3: notify_hostkeys: key 1: ssh-dss 
> SHA256:ShuKj/mJvv0yMNBd5yTa0h0ICNvl4iGWiUyn649X+/I
> debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 
> SHA256:bD6rbS3+AD7X5jbfwB758K5wYqBg4MEOC0QvwJc7Ma0
> debug3: notify_hostkeys: key 3: ssh-ed25519 
> SHA256:HecP2VoRhUnDNoztJ+LDxy0PeBqdE8V0/NQUdnMv3/U
> debug3: notify_hostkeys: sent 4 hostkeys
> debug1: Entering interactive session for SSH2.
> debug2: fd 4 setting O_NONBLOCK
> debug2: fd 5 setting O_NONBLOCK
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 1048576 
> max 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug2: session_new: allocate (allocated 0 max 10)
> debug3: session_unused: session id 0 unused
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_global_request: rtype 
> no-more-sessions@openssh.com want_reply 0
> debug1: server_input_channel_req: channel 0 request pty-req reply 1
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: Allocating pty.
> debug1: session_pty_req: session 0 alloc /dev/pty2
> debug1: server_input_channel_req: channel 0 request shell reply 1
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> Starting session: shell on pty2 for (redacted) from 127.0.0.1 port 49552
> debug2: fd 3 setting TCP_NODELAY
> debug3: ssh_packet_set_tos: set IP_TOS 0x10
> debug2: channel 0: rfd 8 isatty
> debug2: fd 8 setting O_NONBLOCK
> debug2: fd 6 setting O_NONBLOCK
> debug1: Setting controlling tty using TIOCSCTTY.
> debug1: Received SIGCHLD.
> debug1: session_by_pid: pid 2400
> debug1: session_exit_message: session 0 channel 0 pid 2400
> debug2: channel 0: request exit-status confirm 0
> debug1: session_exit_message: release channel 0
> debug2: channel 0: write failed
> debug2: channel 0: close_write
> debug2: channel 0: send eow
> debug2: channel 0: output open -> closed
> debug1: session_pty_cleanup: session 0 release /dev/pty2
> debug2: channel 0: read<=0 rfd 8 len -1
> debug2: channel 0: read failed
> debug2: channel 0: close_read
> debug2: channel 0: input open -> drain
> debug2: channel 0: ibuf empty
> debug2: channel 0: send eof
> debug2: channel 0: input drain -> closed
> debug2: channel 0: send close
> debug2: notify_done: reading
> debug3: channel 0: will not send data after close
> debug2: channel 0: rcvd close
> Received disconnect from 127.0.0.1: 11: disconnected by user
> Disconnected from 127.0.0.1
> debug1: do_cleanup

I have verified the service user running SSHD has the permissions 
required (to my knowledge, "Create Token" and "Login as Operating 
System" as well as membership of the local computer's Administrators 
group). I have verified /var/empty has appropriate ownership and 
permissions. I have checked the shell's configuration files; running a 
local shell on the system through the cygwin terminal works fine. I have 
no idea what else to look at, and would appreciate any help at this point.

~Andreas Turriff

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem with ssh on Windows 2012 R2

[Achim Gratz]

Andreas Turriff writes:
> I am running Cygwin (i686 / 32-bit) on Windows 2012 R2 in an Active
> Directory environment; the version in use is

I (continue to) have the same or a similar problem and meanwhile I've
come believe this is caused by a group policy (I can't look at all of
those unfortunately).  It might be worth a try to set up a 64bit Cygwin,
since that is working for me with no problems.  I've also no problems on
a Windows 8.1 w/ Bing box.

If you only ever intend to log into this machine using a single account
(for administration), you can also have the sshd run under that account,
as what fails is likely the switch to another user.  I've been trying to
debug this with Corinna a while back, but she couldn't reproduce it in
her environment and the only fishy thing going on in the strace is that
the switch to a different user fails for no apparent reason.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem with ssh on Windows 2012 R2

[Andreas Turriff]

Having been able to check all group policies, I cannot see how any that 
I apply might cause this behavior - they are exclusively related to 
audit logging and WSUS. I have also manually reset and reconfigured 
local policy.

~Andreas Turriff

On 8/24/2015 12:13 PM, Achim Gratz wrote:
> Andreas Turriff writes:
>> I am running Cygwin (i686 / 32-bit) on Windows 2012 R2 in an Active
>> Directory environment; the version in use is
> I (continue to) have the same or a similar problem and meanwhile I've
> come believe this is caused by a group policy (I can't look at all of
> those unfortunately).  It might be worth a try to set up a 64bit Cygwin,
> since that is working for me with no problems.  I've also no problems on
> a Windows 8.1 w/ Bing box.
>
> If you only ever intend to log into this machine using a single account
> (for administration), you can also have the sshd run under that account,
> as what fails is likely the switch to another user.  I've been trying to
> debug this with Corinna a while back, but she couldn't reproduce it in
> her environment and the only fishy thing going on in the strace is that
> the switch to a different user fails for no apparent reason.
>
>
> Regards,
> Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple