From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.9]) by sourceware.org (Postfix) with ESMTPS id 88E6B38708DD for ; Fri, 15 Jan 2021 04:38:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 88E6B38708DD Received: from [192.168.1.104] ([24.64.172.44]) by shaw.ca with ESMTP id 0Gsplj7Bxtdld0Gsql0Cjg; Thu, 14 Jan 2021 21:38:48 -0700 X-Authority-Analysis: v=2.4 cv=INe8tijG c=1 sm=1 tr=0 ts=60011c58 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=uYT-Tk0qkVT609LjNaIA:9 a=QEXdDO2ut3YA:10 a=nxFJi58FgSUA:10 Reply-To: Brian.Inglis@Shaw.ca To: cygwin@cygwin.com References: <4da6176c0a89411c9cae02302b4dd505@parrotbyte.com> <6000F831.7080302@tlinx.org> <5d878506e47f4dc295a2f3c4e6dd8e8a@parrotbyte.com> From: Brian Inglis Organization: Inglis Subject: Re: Need admin privs before something can inherit them (was Re: ssh-host-config doesn't "inherit" user admin privilege) Message-ID: <924ebfc6-5e1b-795a-bbec-ae59c56a7a88@Shaw.ca> Date: Thu, 14 Jan 2021 21:38:47 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <5d878506e47f4dc295a2f3c4e6dd8e8a@parrotbyte.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfKImr5xpFbky0UGZO+D9lxFx+8lV8d0xZN5oCpR26I4g+X5jUVY6hy6BJPwY6zxLlPf4BgJBIVt2xo3TfflLwZ8KwotYnv12MUO0ad/49gp3ClexyQcL Q14OuU630gpd9mUP7aF0oizzkF7ayUf6kvGqrW0wGSeVb0bWlhMVTNfAdRa6K1MkF2bcN3PQhJ+bHQ== X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2021 04:38:51 -0000 On 2021-01-14 19:55, art wrote: > On Thursday, January 14, 2021 6:05 PM, L A Walsh wrote: >> On 2021/01/14 17:21, art wrote: >>> I get a security code 5 when ssh-host-config tries to install cygsshd. I >>> was logged into Win 10 pro/x64 as an admin user. The "fix" was to start a >>> Cygwin64 Terminal with Admin and then run ssh-host-config within this script. >> You say ssh-host-config tries to install cygsshd. How was ssh-host-config >> called (started)? When Cygwin64 Terminal was run, it was run with Admin >> at the start. Was that done when ssh-host-config was run? >> >> How was it run? > Yes, I did a right-click on the cygwin terminal icon and chose a "run as > administrator" option. This is like doing a sudo to start a linux shell... > everything run in the shell inherits "admin"/"root" as appropriate. Followed > by using this shell to do: > > cd /usr/bin > ./ssh-host-config > > I entered 'yes' responses to the various setup questions including yes to > privileged separation. I never bumped into this sort of inheritance problem > in Windows 7 and earlier. Seems to be a Windows 10 "feature". This past week > I ran into the same problem using an Intel supplied command script to > install their hydra_mpi server. Another knowledgeable Windows 10 user reports > he, too, has encountered this issue. It's been years but I don't remember anything being different under Win 7, for "non-native" Windows programs that are not prepared to handle elevation, whereas Cygwin setup is and does. > After installation I do some local tweaks to sshd_config such as disablng > plain-text password logins. I'm able to succesfully connect using ssh/sftp > from other platforms to this system using public key authentication. Windows > is configured to autostart cygsshd. > > I can add that I previously added C:\cygwin64 to the list of Windows > Defender exceptions. You always had to start cmd or bash with Run as Admin to run anything elevated e.g. C:\cygwin64\bin\bash /bin/script. Similarly in Windows scheduled tasks: Run as SYSTEM, whether logged in or not, Do not store password, with highest privileges. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]