From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 60058 invoked by alias); 5 Feb 2018 19:44:28 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 60048 invoked by uid 89); 5 Feb 2018 19:44:27 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Hladkikh, aliaksei, hladkikh, Going X-HELO: mx009.vodafonemail.xion.oxcs.net Received: from Unknown (HELO mx009.vodafonemail.xion.oxcs.net) (153.92.174.39) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 05 Feb 2018 19:44:25 +0000 Received: from vsmx002.vodafonemail.xion.oxcs.net (unknown [192.168.75.192]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTP id 87C9FD9B6A0 for ; Mon, 5 Feb 2018 19:44:17 +0000 (UTC) Received: from Gertrud (unknown [91.47.49.116]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 60728199C15 for ; Mon, 5 Feb 2018 19:44:15 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: Cygwin 2.763 32bit SSHD public key auth. failure on Windows Server 2016 R2 64bit References: <568964b8f1ad4014a02767b9ec875415@prod-exch-mb1.seavus.biz> Date: Mon, 05 Feb 2018 19:44:00 -0000 In-Reply-To: <568964b8f1ad4014a02767b9ec875415@prod-exch-mb1.seavus.biz> (Aliaksei Hladkikh's message of "Mon, 5 Feb 2018 08:01:29 +0000") Message-ID: <87607bb4s4.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT X-SW-Source: 2018-02/txt/msg00045.txt.bz2 Aliaksei Hladkikh writes: > Can't connect to Cygwin SSHD using public key set up, but same Cygwin configuration/OS/client > works with Cygwin 2.763 32bit on Windows Server 2008 R2 64bit. > See var/log/messages extracts. > > Seems to be connected with SeTcbPrivilege problem because of > "fatal: seteuid 1049698: Operation not permitted" log record, but ALL existing Local Policy privileges were granted > to dsm user under which Windows service runs or Administrators group where dsm is a member, > gpupdate executed and service restarted. FWIW, I think I am seeing the same problem on Windows Server 2012 R2 ever since that came out. I think this is some security feature as the same thing happily works on non-server Windows of all versions I have access to, possibly controlled by a group policy, although I have not found anyone who seems to know about it. But it does work for other people in other environments, so there must be some setting somewhere that prevents it. My current work-around is to run sshd as the user that logs in (in may case it's always the same user) so it doesn't have to switch SID. > Going to try x64 Cygwin, but it's scary to change that Server 2016 R2. You can install both Cygwin versions in parallel, just don't re-create the ssh user when setting up sshd. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple