From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 43193 invoked by alias); 17 Aug 2015 19:39:20 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 43182 invoked by uid 89); 17 Aug 2015 19:39:20 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_20,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 X-HELO: BLU004-OMC1S29.hotmail.com Received: from blu004-omc1s29.hotmail.com (HELO BLU004-OMC1S29.hotmail.com) (65.55.116.40) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA256 encrypted) ESMTPS; Mon, 17 Aug 2015 19:39:18 +0000 Received: from BLU436-SMTP8 ([65.55.116.7]) by BLU004-OMC1S29.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Mon, 17 Aug 2015 12:39:16 -0700 X-TMN: [7uGdy1fRbB/H5NCdi8NNnfbMObcaoEl4] Message-ID: To: cygwin@cygwin.com From: Jarek C. Subject: Problems with ssh connection Date: Mon, 17 Aug 2015 19:39:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-SW-Source: 2015-08/txt/msg00290.txt.bz2 I have Cygwin installed on a couple of servers in a domain environment.=20 Of all machines regular user accounts can ssh to only one box. Once installed I configured Cygwin using the following in a .bat file. c:\cygwin\bin\bash --login -c "chmod +r /etc/passwd" c:\cygwin\bin\bash --login -c "chmod u+w /etc/passwd" c:\cygwin\bin\bash --login -c "chmod +r /etc/group" c:\cygwin\bin\bash --login -c "chmod u+w /etc/group" c:\cygwin\bin\bash --login -c "chown -R domain_account /var/empty" c:\cygwin\bin\bash --login -c "chmod 755 /var/empty" c:\cygwin\bin\bash --login -c "chown domain_account /etc/ssh*" c:\cygwin\bin\bash --login -c "chmod 755 /var/" c:\cygwin\bin\bash --login -c "touch /var/log/sshd.log" c:\cygwin\bin\bash --login -c "chown domain_account /var/log/sshd.log" c:\cygwin\bin\bash --login -c "chmod 664 /var/log/sshd.log" c:\cygwin\bin\bash --login -c "editrights -l -u domain_account" c:\cygwin\bin\bash --login -c "editrights -a=20 SeAssignPrimaryTokenPrivilege -u domain_account" c:\cygwin\bin\bash --login -c "editrights -a SeCreateTokenPrivilege -u=20 domain_account" c:\cygwin\bin\bash --login -c "editrights -a SeTcbPrivilege -u=20 domain_account" c:\cygwin\bin\bash --login -c "editrights -a SeServiceLogonRight -u=20 domain_account" c:\cygwin\bin\bash --login -c "editrights -l -u domain_account" c:\cygwin\bin\bash --login -c "/bin/ssh-host-config -y -c ntsec -u=20 domain_account -w =E2=80=9Cpassword" Somehow the permissions on the sshd_config file are diferent on the box=20 where the sftp connection works -rw-r--r-- 1 my_domain_account root 3679 Jul 24 12:44 /etc/sshd_config where on all others I see -rw-r--r-- 1 domain_account Administrators 3584 Jul 26 20:51=20 /etc/sshd_config where the domain_account is the account under which the Cygwin service=20 is running. When checking NTFS permissions I see in both cases the domain_account as=20 the owner. I read somewhere that I need to run chown root:system /etc/password to=20 fix the permissions but the account reports as invalid. Same if I try just root or just system. Am I even close focusing on the permissions of sshd_config? No idea why=20 they're different. I think I used the same method on all servers but there were not=20 installed at the same time so it's possible I messed something up. I=20 don't want to break the working box keeping it as a reference. On others=20 I noticed that a regular domain user can connect when their accounts get=20 added to local admins which is what I would like to avoid. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple