sshd error "seteuid: No such device or address"

sshd error "seteuid: No such device or address"

[David Dombrowsky]

I managed to solve this problem, but I'd love some confirmation that I
solved it the right way.

After updating cygwin and rebooting, all of a sudden I couldn't ssh
into my windows box.  The remote gave the usual "connection closed by
<bla> port 22" before anything happened.  Running in debug mode from
an admin shell didn't yield anything, but looking in the windows
application logs, I saw:

sshd: PID 2588: fatal: seteuid 1056480: No such device or address

The google suggested that the error was pty related, but it was not.

By accident, I noticed that I could log in from an account that I
hadn't set up public key auth, using my password.  So I forced ssh to
prompt for my password and viola!  I got in just fine.

On the server, I started another admin shell and did `passwd -R
my.username` and input my password.  That was the key.  I can now log
in using public key auth as I could a few hours ago.

Was that the correct solution?  Is that expected?  This windows box is
on a domain, so that might have something to do with it.

-- 
David Dombrowsky, Senior Software Engineer
email: davek@6thstreetradio.org
Cell: 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415
http://6thstreetradio.org/

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1535 bytes --]

On Mar 12 17:09, David Dombrowsky wrote:
> I managed to solve this problem, but I'd love some confirmation that I
> solved it the right way.
> 
> After updating cygwin and rebooting, all of a sudden I couldn't ssh
> into my windows box.  The remote gave the usual "connection closed by
> <bla> port 22" before anything happened.  Running in debug mode from
> an admin shell didn't yield anything, but looking in the windows
> application logs, I saw:
> 
> sshd: PID 2588: fatal: seteuid 1056480: No such device or address
> 
> The google suggested that the error was pty related, but it was not.
> 
> By accident, I noticed that I could log in from an account that I
> hadn't set up public key auth, using my password.  So I forced ssh to
> prompt for my password and viola!  I got in just fine.
> 
> On the server, I started another admin shell and did `passwd -R
> my.username` and input my password.  That was the key.  I can now log
> in using public key auth as I could a few hours ago.
> 
> Was that the correct solution?  Is that expected?  This windows box is
> on a domain, so that might have something to do with it.

Just switch the account sshd is running under from "cyg_server" to
SYSTEM (or "LocalSystem") and you should be able to logon without the
passwd -R method again.

This is a side effect of changing how Cygwin switches the user
context by default.  See

https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1


HTH,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: sshd error "seteuid: No such device or address"

[David Dombrowsky]

[-- Attachment #1.1: Type: text/plain, Size: 1035 bytes --]

On 3/12/19 5:30 PM, Corinna Vinschen wrote:
>> Was that the correct solution?  Is that expected?  This windows box is
>> on a domain, so that might have something to do with it.
> 
> Just switch the account sshd is running under from "cyg_server" to
> SYSTEM (or "LocalSystem") and you should be able to logon without the
> passwd -R method again.
> 
> This is a side effect of changing how Cygwin switches the user
> context by default.  See
> 
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1

If I'm reading this correctly, using the SYSTEM account will deny access
to user-level shares.  Using the cyg_server account (or another service
account) will allow access, but requires a password stored in the
registry.

For me, this is acceptable risk since this is a single user machine and
the administrators of the domain already know my domain password :)


-- 
David Dombrowsky, Software Engineer
davek@6thstreetradio.org | 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: sshd error "seteuid: No such device or address"

[Bill Stewart]

On Tue, Mar 12, 2019 at 6:19 PM David Dombrowsky wrote:

> For me, this is acceptable risk since this is a single user machine and
> the administrators of the domain already know my domain password :)

I hope you really mean that they can _reset_ your domain password if needed?

Surely you don't mean they have a plain-text copy of your password?

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

[David Dombrowsky]

[-- Attachment #1.1: Type: text/plain, Size: 876 bytes --]

On 3/12/19 8:54 PM, Bill Stewart wrote:
> On Tue, Mar 12, 2019 at 6:19 PM David Dombrowsky wrote:
> 
>> For me, this is acceptable risk since this is a single user machine and
>> the administrators of the domain already know my domain password :)
> 
> I hope you really mean that they can _reset_ your domain password if needed?
> 
> Surely you don't mean they have a plain-text copy of your password?

If only I were kidding.  Security through Oblivity :)

Let me introduce you to my client's website:

 https://thedailywtf.com/articles/Security_by_Oblivity

Fortunately I do most of my work on my linux box anyway.

(The previous post has been presented in 100% sarcasm, please adjust
your screens accordingly.)

-- 
David Dombrowsky, Software Engineer
davek@6thstreetradio.org | 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: sshd error "seteuid: No such device or address"

[Bill Stewart]

On Tue, Mar 12, 2019 at 8:02 PM David Dombrowsky wrote:

> > Surely you don't mean they have a plain-text copy of your password?
>
> If only I were kidding.  Security through Oblivity :)

(?!) There is no reason that anyone else should have your password.

This means (among other things) that someone else who knows your password
can log on _as you_ and you cannot prove otherwise. Nonrepudiation is
completely destroyed.

My advice is to look for employment elsewhere.

Good luck...

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

[Achim Gratz]

David Dombrowsky writes:
> If I'm reading this correctly, using the SYSTEM account will deny access
> to user-level shares.  Using the cyg_server account (or another service
> account) will allow access, but requires a password stored in the
> registry.

That was already the case if you logged in any way other than via
password, either a stored one (when using pubkey auth) or explicitly at
logon.  At the moment there seems to be no way around that requirement.

Don't forget that you will have to change the stored password each time
you change your password in the domain.  Forgetting that and trying to
log in a few times usually gets your account locked.  Btw, unless you
completely lock down password logins on the SSH server, you can still
tell ssh not to use your pubkey and it will fall back to asking for a
password.  You don't need an admin shell if you want to store your own
password in the registry (and admin can also change or remove one for a
different user).


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple