OpenSSH access to join the "Local Account" group

OpenSSH access to join the "Local Account" group

[Tom Moore]

Hi,

I have a couple of Windows 7 machines set up as OpenSSH servers.  Both are
current with windows updates.   Both machines have identical cygwin
versions (2.0.4-1).  I have tried to make the sshd configuration identical
on these two machines, following the instructions on
http://www.howtogeek.com/howto/41560/how-to-get-ssh-command-line-access-to-windows7-using-cygwin


I have set up the client machines, generated rsa keys, and copied the
public keys into the authorized_keys file on the server.  Now I can log in
to both machines without providing a password.  So far so good.

When I ssh log in to machine A and check the id that I am logged in with, I get:

uid=197608(User) gid=197121(None) groups=197121(None),114(Local account and
member of Administrators
group),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE
LOGON),11(Authenticated Users),15(This Organization),113(Local
account),4095(CurrentSession),262154(NTLM Authentication),405504(High
Mandatory Level)

which is what I need in order to interact with some other resources on the
system.

When I ssh log in to machine B and check the id I get:

uid=197608(Owner) gid=197121(None) groups=197121(None),11(Authenticated
Users),66048(LOCAL),66049(CONSOLE LOGON),4(INTERACTIVE),15(This
Organization),545(Users),4095(CurrentSession),544(Administrators),405504(High
Mandatory Level)

However, if on my local client if I remove the private key from the .ssh
directory and ssh login again, this time having to specify a password, my
session will join the "Local account" group as I want.

Is there a configuration that I am missing in order to get machine B to
join the "Local account" group when I log in using an rsa key?  What could
be different between the two machines?

Cheers,

Tom

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: OpenSSH access to join the "Local Account" group

[Tom Moore]

On Thu, Jan 28, 2016 at 10:44 PM, Glenn G <gluszcz55@hotmail.com> wrote:
> Very strange. You could log in as the user, regenerate the keys and try porting it over again.  User id shouldn't have anything to do with this though.  Sounds like impersonation is messed up for sshd user on machine b.
>
>
> Sent from my iPad
>
>> On Jan 28, 2016, at 2:11 PM, Tom Moore <moortom@gmail.com> wrote:
>>
>> Hi,
>>
>> I have a couple of Windows 7 machines set up as OpenSSH servers.  Both are
>> current with windows updates.   Both machines have identical cygwin
>> versions (2.0.4-1).  I have tried to make the sshd configuration identical
>> on these two machines, following the instructions on
>> http://www.howtogeek.com/howto/41560/how-to-get-ssh-command-line-access-to-windows7-using-cygwin
>>
>>
>> I have set up the client machines, generated rsa keys, and copied the
>> public keys into the authorized_keys file on the server.  Now I can log in
>> to both machines without providing a password.  So far so good.
>>
>> When I ssh log in to machine A and check the id that I am logged in with, I get:
>>
>> uid=197608(User) gid=197121(None) groups=197121(None),114(Local account and
>> member of Administrators
>> group),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE
>> LOGON),11(Authenticated Users),15(This Organization),113(Local
>> account),4095(CurrentSession),262154(NTLM Authentication),405504(High
>> Mandatory Level)
>>
>> which is what I need in order to interact with some other resources on the
>> system.
>>
>> When I ssh log in to machine B and check the id I get:
>>
>> uid=197608(Owner) gid=197121(None) groups=197121(None),11(Authenticated
>> Users),66048(LOCAL),66049(CONSOLE LOGON),4(INTERACTIVE),15(This
>> Organization),545(Users),4095(CurrentSession),544(Administrators),405504(High
>> Mandatory Level)
>>
>> However, if on my local client if I remove the private key from the .ssh
>> directory and ssh login again, this time having to specify a password, my
>> session will join the "Local account" group as I want.
>>
>> Is there a configuration that I am missing in order to get machine B to
>> join the "Local account" group when I log in using an rsa key?  What could
>> be different between the two machines?
>>
>> Cheers,
>>
>> Tom

To be clear, the sole administrator account on machine A that I am
logging in with has a user name of 'User', and the sole administrative
account on machine B that I am logging in with has a user name of
'Owner'.  I have correctly set up the rsa keys for me@client on both
of these hosts.  The different account names are the way that these
machines (purchased at different times) were set up by the vendor.  I
don't know if there any other subtle differences.

Also, on machine A I must mount additional disk drives every time I
remotely log in by adding "net use" statements in to the
.bash_profile.  However, on machine B on the second and subsequent
remote log in after a reboot the disk will already be mounted and I
will get an error message "The local device name is already in use".

What do you mean by sshd impersonation?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple