From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21706 invoked by alias); 26 May 2011 21:46:37 -0000 Received: (qmail 21694 invoked by uid 22791); 26 May 2011 21:46:36 -0000 X-SWARE-Spam-Status: No, hits=3.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Received: from mail-gw0-f43.google.com (HELO mail-gw0-f43.google.com) (74.125.83.43) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 26 May 2011 21:46:22 +0000 Received: by gwj21 with SMTP id 21so646978gwj.2 for ; Thu, 26 May 2011 14:46:22 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.12.6 with SMTP id 6mr969307anl.158.1306446382033; Thu, 26 May 2011 14:46:22 -0700 (PDT) Received: by 10.100.46.19 with HTTP; Thu, 26 May 2011 14:46:21 -0700 (PDT) In-Reply-To: <4DDEBC7A.5050009@cygwin.com> References: <4DDEBC7A.5050009@cygwin.com> Date: Thu, 26 May 2011 21:46:00 -0000 Message-ID: Subject: Re: Troubleshooting SSH connection as SYSTEM user. From: Matthew Leonhardt To: cygwin@cygwin.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2011-05/txt/msg00414.txt.bz2 On Thu, May 26, 2011 at 4:47 PM, Larry Hall (Cygwin) wrote: > On 5/26/2011 11:10 AM, Matthew Leonhardt wrote: >> >> Hello all, >> >> I'm trying to install a service to keep some SSH tunnels alive using >> the following script: >> >> $ cat ssh_tunnel.exe >> #!/usr/bin/bash >> while : >> do >> =A0 /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:139 \ >> =A0 =A0 | grep LISTENING> =A0/dev/null >> =A0 if (( $? )); then >> =A0 =A0 /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \ >> =A0 =A0 =A0 -L 192.168.0.1:139:127.0.0.1:139 -N remote_user@remote.host = 2>&1& >> =A0 fi >> =A0 /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:3306 \ >> =A0 =A0 | grep LISTENING> =A0/dev/null >> =A0 if (( $? )); then >> =A0 =A0 /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \ >> =A0 =A0 =A0 -L 192.168.0.1:3306:127.0.0.1:3306 -N remote_user@remote.hos= t 2>&1& >> =A0 fi >> =A0 sleep 300 >> done >> >> The script works fine at the command line, but fails when running as a >> service. =A0My vain attempt to gather info (-v -v -v) only yields: >> >> Permission denied, please try again. >> Permission denied, please try again. >> Permission denied (publickey,gssapi-with-mic,password). >> >> in the service log (all three lines for each instance of an ssh command). >> >> SYSTEM should have access to id_rsa: >> >> $ getfacl id_rsa >> # file: id_rsa >> # owner: user >> # group: Domain Users >> user::rw- >> group::--- >> group:SYSTEM:r-- >> mask:rwx >> other:--- >> >> $ ls -l id_rsa >> -rw-------+ 1 user Domain Users 1679 Dec 13 13:40 id_rsa >> >> But, id_rsa was generated as "user", not as "SYSTEM," so I'm wondering >> if SYSTEM needs it's own private RSA key, and how one would go about >> generating one, since I don't seem to be able to su to the SYSTEM >> user. > > Correct. =A0What you propose could be a work-around for your case. =A0Che= ck > out the link below for how to create a SYSTEM-owned shell that you can > then experiment with. > > Brilliant! That's exactly what I was looking for and it totally did the trick. TY! FWIW, I had to modify the shortcut to use full paths to the date and sleep commands. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple