From: "Strasser, Dominik (DI SW ICS ICV)" <dominik.strasser@onespin.com>
To: Bill Stewart <bstewart@iname.com>, cygwin@cygwin.com
Subject: Re: Problem with ssh(d)
Date: Wed, 10 Nov 2021 16:28:05 +0100 [thread overview]
Message-ID: <97042d57-fa36-da97-9c05-493a2c645991@onespin.com> (raw)
In-Reply-To: <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q@mail.gmail.com>
Hi Bill,
On 10.11.2021 16:10, Bill Stewart wrote:
> On Wed, Nov 10, 2021 at 7:52 AM Strasser, Dominik (DI SW ICS ICV)
> <dominik.strasser@onespin.com> wrote:
>
> We are in an AD environment. AD holds the needed data for ssh(d) to
> work. I can log into cygwin using ssh. But if I have a key stored
> .ssh/authorized_keys for passwordless login, the groups my user is in
> differs from the one w/o an authorized keys. Unfortunately exactly
> the
> group(s) for accessing the shared filesystems is missing. We were
> investigating a lot and the only workaround we found is that the sshd
> service runs under the user we want to log in. This unfortunately
> disables any other user to log into the cygwin machine. When
> debugging
> ssh with -vvv, there is no visible difference between the login with
> authorized_keys or without (of course there is a difference wrt. the
> login method).
>
>
> The OpenSSH server service should be running as local system, not as a
> specific user.
I know that this is the standard installation. But we absolutely need
passwordless login. So this was the workaround we found.
The number of groups differs when sshd is run as local system, and when
authorized_keys exist or not. Groups are OK, when it is run under the
one user we absolutely need the passwordless login.
Regards
Dominik
>
> Bill
--
Dominik Strasser | Phone: +49 89 99013-436
OneSpin Solutions GmbH | Fax: +49 89 99013-100
Nymphenburgerstr. 20a
80335 Muenchen |dominik.strasser@onespin.com
OneSpin Solutions GmbH
A Siemens business
Geschaeftsfuehrung: Thomas Heurung, Frank Thurauf
Sitz: Muenchen; Amtsgericht Muenchen HRB 139 464
UstID#: DE 814 413 215
next prev parent reply other threads:[~2021-11-10 15:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-10 14:50 Strasser, Dominik (DI SW ICS ICV)
2021-11-10 14:56 ` [cygwin] " Jason Pyeron
[not found] ` <CANV9t=QRzS_ko6S6+G6oW6hRGxMUzCoXJ0825c7YeckfBqS57Q@mail.gmail.com>
2021-11-10 15:28 ` Strasser, Dominik (DI SW ICS ICV) [this message]
2021-11-10 15:44 ` Bill Stewart
2021-11-10 18:25 ` [cygwin] " Jason Pyeron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=97042d57-fa36-da97-9c05-493a2c645991@onespin.com \
--to=dominik.strasser@onespin.com \
--cc=bstewart@iname.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).