Re: Cygwin 2.763 32bit SSHD public key auth. failure on Windows Server 2016 R2 64bit

[Achim Gratz <Stromeko@nexgo.de>]

Aliaksei Hladkikh writes:
> Can't connect to Cygwin SSHD using public key set up, but same Cygwin configuration/OS/client
> works with Cygwin 2.763 32bit on Windows Server 2008 R2 64bit.
> See var/log/messages extracts.
>
> Seems to be connected with SeTcbPrivilege problem because of 
> "fatal: seteuid 1049698: Operation not permitted" log record, but ALL existing Local Policy privileges were granted
> to dsm user under which Windows service runs or Administrators group where dsm is a member,
> gpupdate executed and service restarted.

FWIW, I think I am seeing the same problem on Windows Server 2012 R2
ever since that came out.  I think this is some security feature as the
same thing happily works on non-server Windows of all versions I have
access to, possibly controlled by a group policy, although I have not
found anyone who seems to know about it.  But it does work for other
people in other environments, so there must be some setting somewhere
that prevents it.

My current work-around is to run sshd as the user that logs in (in may
case it's always the same user) so it doesn't have to switch SID.

> Going to try x64 Cygwin, but it's scary to change that Server 2016 R2.

You can install both Cygwin versions in parallel, just don't re-create
the ssh user when setting up sshd.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple