From: Aliaksei Hladkikh <Aliaksei.Hladkikh@seavus.com>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: Cygwin 2.763 32bit SSHD public key auth. failure on Windows Server 2016 R2 64bit
Date: Mon, 05 Feb 2018 08:01:00 -0000 [thread overview]
Message-ID: <568964b8f1ad4014a02767b9ec875415@prod-exch-mb1.seavus.biz> (raw)
[-- Attachment #1: Type: text/plain, Size: 5441 bytes --]
Hello
Can't connect to Cygwin SSHD using public key set up, but same Cygwin configuration/OS/client
works with Cygwin 2.763 32bit on Windows Server 2008 R2 64bit.
See var/log/messages extracts.
Seems to be connected with SeTcbPrivilege problem because of
"fatal: seteuid 1049698: Operation not permitted" log record, but ALL existing Local Policy privileges were granted
to dsm user under which Windows service runs or Administrators group where dsm is a member,
gpupdate executed and service restarted.
Going to try x64 Cygwin, but it's scary to change that Server 2016 R2.
Regards
------------------------------------------------------------
sshd_public_key_fail.log:
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method none [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 0 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method publickey [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 1 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:WwiWbTcBCmRCXPeuoN9D792twtGPp0xK0GfUCgqUS1Q [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: temporarily_use_uid: 1049698/1049089 (e=197609/197121)
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: fatal: seteuid 1049698: Operation not permitted
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: do_cleanup
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: Killing privsep child 5592
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS received [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: KEX done [preauth]
sshd_password_ok.log:
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: userauth-request for user dsm service ssh-connection method password [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: attempt 3 failures 2 [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Accepted password for dsm from 37.17.38.141 port 10330 ssh2
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_child_preauth: dsm has been authenticated by privileged process
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_read_log: child log fd closed
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: ssh_packet_set_postauth: called
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Entering interactive session for SSH2.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_init_dispatch
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: input_session_request
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: channel 0: new [server-session]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_new: session 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: session 0: link with channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: confirm session
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req pty-req
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Allocating pty.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_pty_req: session 0 alloc /dev/pty1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req shell
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Starting session: shell on pty1 for dsm from 37.17.38.141 port 10330 id 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: Setting controlling tty using TIOCSCTTY.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: permanently_set_uid: 1049698/1049089
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: fd 5 clearing O_NONBLOCK
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: Forked child 4728.
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: rexec line 96: Deprecated option UsePrivilegeSeparation
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: inetd sockets after dupping: 3, 3
[-- Attachment #2: cygcheck.out --]
[-- Type: application/octet-stream, Size: 18568 bytes --]
[-- Attachment #3: sshd_password_ok.log --]
[-- Type: application/octet-stream, Size: 3198 bytes --]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: userauth-request for user dsm service ssh-connection method password [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: attempt 3 failures 2 [preauth]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Accepted password for dsm from 37.17.38.141 port 10330 ssh2
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_child_preauth: dsm has been authenticated by privileged process
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: monitor_read_log: child log fd closed
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: ssh_packet_set_postauth: called
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Entering interactive session for SSH2.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_init_dispatch
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: input_session_request
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: channel 0: new [server-session]
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_new: session 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_open: session 0: link with channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_open: confirm session
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req pty-req
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: Allocating pty.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_pty_req: session 0 alloc /dev/pty1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_by_channel: session 0 channel 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: debug1: session_input_channel_req: session 0 req shell
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 5684: Starting session: shell on pty1 for dsm from 37.17.38.141 port 10330 id 0
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: Setting controlling tty using TIOCSCTTY.
Feb 5 08:19:33 MPDiagnostics2 sshd: PID 980: debug1: permanently_set_uid: 1049698/1049089
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: fd 5 clearing O_NONBLOCK
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 3692: debug1: Forked child 4728.
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: rexec line 96: Deprecated option UsePrivilegeSeparation
Feb 5 08:19:34 MPDiagnostics2 sshd: PID 4728: debug1: inetd sockets after dupping: 3, 3
[-- Attachment #4: sshd_public_key_fail.log --]
[-- Type: application/octet-stream, Size: 1519 bytes --]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method none [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 0 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth-request for user dsm service ssh-connection method publickey [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: attempt 1 failures 0 [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:WwiWbTcBCmRCXPeuoN9D792twtGPp0xK0GfUCgqUS1Q [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: temporarily_use_uid: 1049698/1049089 (e=197609/197121)
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 5684: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: fatal: seteuid 1049698: Operation not permitted
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: do_cleanup
Feb 5 08:18:16 MPDiagnostics2 sshd: PID 6104: debug1: Killing privsep child 5592
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: SSH2_MSG_NEWKEYS received [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: rekey after 4294967296 blocks [preauth]
Feb 5 08:18:18 MPDiagnostics2 sshd: PID 5684: debug1: KEX done [preauth]
[-- Attachment #5: Type: text/plain, Size: 219 bytes --]
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next reply other threads:[~2018-02-05 8:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 8:01 Aliaksei Hladkikh [this message]
2018-02-05 19:44 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568964b8f1ad4014a02767b9ec875415@prod-exch-mb1.seavus.biz \
--to=aliaksei.hladkikh@seavus.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).