From: Andrey Repin <anrdaemon@yandex.ru>
To: renaud.rolles@giraudbtp.com, cygwin@cygwin.com
Subject: Re: sshd: fatal: seteuid XXX : No such device or address
Date: Thu, 14 Mar 2019 14:20:00 -0000 [thread overview]
Message-ID: <576975390.20190314171124@yandex.ru> (raw)
In-Reply-To: <014e01d4da69$965ee650$c31cb2f0$@giraudbtp.com>
Greetings, renaud.rolles@giraudbtp.com!
>> > I can login via password, it work and lets me in.
>> > But if i tried with my keys, I get in the event viewer :
>> > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
>>
>> - Make sure to login with the Administrator account case-sensitive.
>> If your account is called "Administrator", then use an uppercase
>> 'A' when logging in.
>>
>> This case-sensitivity issue is a temporary workaround for a
>> potential security problem in OpenSSH. This will be rectified
>> with OpenSSH 8.0 which allows to login case-insentive again.
> With Uppercase i do have a login prompt, but (with the good password), I cant login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username administrator
> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 port 60876 ssh2
Please remove /etc/passwd and /etc/group files. They are no longer necessary,
unless you have some very special needs, and even then, they only needed for
that one or two accounts you need special treatment for.
>>
>> - If that doesn't help, switch the user running the sshd service from
>> "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
>>
> This worked, like a charm, thank you 😊
>> Cygwin switched the logon method and this method doesn't run
>> under the "cyg_server" account sometimes. However, switching
>> back to "LocalSystem" instead of having to create a special
>> "cyg_server" service account is one of the advantages of the
>> new logon method. For details, see
>>
>> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
>>
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing the
> password ?
> I only use (and by only, again, thank you for that, saved me lot of time),
> to make rsync over ssh on windows hosts.
The main security concern is, why your Administrator user:
1. have password, and
2. is not disabled?
--
With best regards,
Andrey Repin
Thursday, March 14, 2019 16:39:04
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2019-03-14 14:20 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 11:39 renaud.rolles
2019-03-14 12:10 ` Corinna Vinschen
2019-03-14 13:26 ` renaud.rolles
2019-03-14 13:53 ` Corinna Vinschen
2019-03-14 14:03 ` renaud.rolles
2019-03-14 14:20 ` Andrey Repin [this message]
2019-03-14 14:24 ` David Dombrowsky
2019-03-14 14:27 ` Corinna Vinschen
2019-03-14 14:50 ` Andrey Repin
2019-03-14 14:38 ` renaud.rolles
2019-03-14 15:07 ` Andrey Repin
2019-03-14 15:29 ` renaud.rolles
2019-07-10 16:10 ` schleprock
2019-03-14 15:53 ` Houder
2019-03-14 17:29 ` Corinna Vinschen
2019-03-15 13:06 ` Houder
2019-03-15 13:42 ` Corinna Vinschen
2019-03-15 19:39 ` Houder
2019-03-15 20:41 ` Corinna Vinschen
2019-03-16 9:21 ` Houder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=576975390.20190314171124@yandex.ru \
--to=anrdaemon@yandex.ru \
--cc=cygwin@cygwin.com \
--cc=renaud.rolles@giraudbtp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).