Can SSH from localhost as Admin but NOT 'regular' user when using passwords

Can SSH from localhost as Admin but NOT 'regular' user when using passwords

[Evan Rowley]

Hi Cygwin,


I'm tasked with setting up SFTP serving on 2 Windows Server 2003 VMs.
One of these installations has been giving me problems and I'm not
sure what the solution is.

The following command works fine when run as Administrator and
SFTP_User in these two configurations: (password,keyboard-interactive)
only and (password,publickey,keyboard-interactive)

ssh Administrator@localhost


The following command fails when run as Administrator and SFTP_User in
this configuration: (password,keyboard-interactive)

ssh SFTP_User@localhost


The following command works fine when run as Administrator and
SFTP_User in this configuration:
(password,publickey,keyboard-interactive)

ssh SFTP_User@localhost


In each scenario, I've double, tirple, quadruple checked to make sure
the SFTP_User password is entered correctly. Both of these users are
local users and mkpasswd with the -l flag has been cat'd into
/etc/passwd in order to set up the passwords correctly. Not sure where
else to focus on next.

Thanks.

--
 - EJR

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Can SSH from localhost as Admin but NOT 'regular' user when using passwords

[Andrey Repin]

Greetings, Evan Rowley!

> I'm tasked with setting up SFTP serving on 2 Windows Server 2003 VMs.
> One of these installations has been giving me problems and I'm not
> sure what the solution is.

> The following command works fine when run as Administrator and
> SFTP_User in these two configurations: (password,keyboard-interactive)
> only and (password,publickey,keyboard-interactive)

> ssh Administrator@localhost


> The following command fails when run as Administrator and SFTP_User in
> this configuration: (password,keyboard-interactive)

> ssh SFTP_User@localhost


> The following command works fine when run as Administrator and
> SFTP_User in this configuration:
> (password,publickey,keyboard-interactive)

> ssh SFTP_User@localhost


> In each scenario, I've double, tirple, quadruple checked to make sure
> the SFTP_User password is entered correctly. Both of these users are
> local users and mkpasswd with the -l flag has been cat'd into
> /etc/passwd in order to set up the passwords correctly. Not sure where
> else to focus on next.

You know, without logs, this is impossible to tell, what's going on.
Least - to help you find the problem in your setup.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 01.07.2013, <19:54>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Can SSH from localhost as Admin but NOT 'regular' user when using passwords

[Evan Rowley]

Andrey Repin,

Some english is better than none! With Russian, I have a lot to learn still.

Interesting is that on both installations of Cygwin, /var/log/sshd.log is
empty. I've followed to basic steps to install Cygwin, setup users, and
setup sshd. Maybe there is another step for logging that I missed?

I can give the output of attempting to ssh to SFTP_User:

Admin@HOST1 ~
$ ssh SFTP_User@localhost -vvv
OpenSSH_6.2p2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/Admin/.ssh/id_rsa type -1
debug1: identity file /home/Admin/.ssh/id_rsa-cert type -1
debug1: identity file /home/Admin/.ssh/id_dsa type -1
debug1: identity file /home/Admin/.ssh/id_dsa-cert type -1
debug1: identity file /home/Admin/.ssh/id_ecdsa type -1
debug1: identity file /home/Admin/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "localhost" from file
"/home/Admin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file
/home/Admin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com
,ecdsa-sha2-nistp256,ecdsa-
sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com
,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm@openssh.com,aes256-gcm@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm@openssh.com,aes256-gcm@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,
hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,
umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,
hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,
umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm@openssh.com,aes256-gcm@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm@openssh.com,aes256-gcm@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,
hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,
umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,
hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,
umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
b3:b9:b7:02:eb:7b:fd:eb:ac:2b:b3:15:0f:30:c4:a4
debug3: load_hostkeys: loading entries for host "localhost" from file
"/home/Admin/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file
/home/Admin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/Admin/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/Admin/.ssh/id_rsa (0x0),
debug2: key: /home/Admin/.ssh/id_dsa (0x0),
debug2: key: /home/Admin/.ssh/id_ecdsa (0x0),
debug1: Authentications that can continue: password,keyboard-interactive
debug3: start over, passed a different list password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
SFTP_User@localhost's password:
debug3: packet_send2: adding 48 (len 74 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive
Permission denied, please try again.
SFTP_User@localhost's password:
debug3: packet_send2: adding 48 (len 74 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive
Permission denied, please try again.
SFTP_User@localhost's password:
debug3: packet_send2: adding 48 (len 74 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (password,keyboard-interactive).


--
 - EJR

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple