* Re: Quick password question...
[not found] <Pine.CYG.4.44.0209042200150.2392-100000@yasira>
@ 2002-09-04 23:59 ` tony.arnold
2002-09-05 2:00 ` Marcos Lorenzo de Santiago
2002-09-05 5:14 ` Quick password question Adam K Kirchhoff
0 siblings, 2 replies; 7+ messages in thread
From: tony.arnold @ 2002-09-04 23:59 UTC (permalink / raw)
To: ssh-l; +Cc: cygwin
On Wed, Sep 04, 2002 at 10:04:52PM -0400, Adam K Kirchhoff wrote:
> Here's the problem I'm having: sshd refuses to do public key
> authentication when run as a Windows service. It will only work with
> password authentication. And then, only if Windows has a password for
> that user. If the password is blank (as I would like to be the case on my
> home machine), sshd refuses to log me in with a blank password (even if
> sshd_config allows for blank passwords). This isn't an issue with my work
> machine since I want that account to have a password.
>
> If I run sshd from the command line, it works just as one would expect and
> allows for public key authentication.
I have a similar problem. sshd on my XP machine at work will not do public
key authentication when running as a service. Run it from a command prompt
window under the SYSTEM account and it does work!
Regards,
Tony.
--
Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,
University of Manchester, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E-mail: tony.arnold@man.ac.uk, Home: http://www.man.ac.uk/Tony.Arnold
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Quick password question...
2002-09-04 23:59 ` Quick password question tony.arnold
@ 2002-09-05 2:00 ` Marcos Lorenzo de Santiago
2002-09-05 2:14 ` Bjoern Kahl AG Resy
[not found] ` <200209051437.50817.chris@atomice.net>
2002-09-05 5:14 ` Quick password question Adam K Kirchhoff
1 sibling, 2 replies; 7+ messages in thread
From: Marcos Lorenzo de Santiago @ 2002-09-05 2:00 UTC (permalink / raw)
To: tony.arnold; +Cc: ssh-l, cygwin
On Thu, 5 Sep 2002 tony.arnold@man.ac.uk wrote:
> On Wed, Sep 04, 2002 at 10:04:52PM -0400, Adam K Kirchhoff wrote:
>
> > Here's the problem I'm having: sshd refuses to do public key
> > authentication when run as a Windows service. It will only work with
> > password authentication. And then, only if Windows has a password for
> > that user. If the password is blank (as I would like to be the case on my
> > home machine), sshd refuses to log me in with a blank password (even if
> > sshd_config allows for blank passwords). This isn't an issue with my work
> > machine since I want that account to have a password.
> >
> > If I run sshd from the command line, it works just as one would expect and
> > allows for public key authentication.
>
> I have a similar problem. sshd on my XP machine at work will not do public
> key authentication when running as a service. Run it from a command prompt
> window under the SYSTEM account and it does work!
Anyone knows what could be the "problem/feature"? Cause I got the same
problem :(. I have Windows XP but I assure (as I have tested it) that on
Windows NT Server and Workstation 4.0 won't work.
Rgrds,
m4c.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Quick password question...
2002-09-05 2:00 ` Marcos Lorenzo de Santiago
@ 2002-09-05 2:14 ` Bjoern Kahl AG Resy
2002-09-05 5:54 ` Logging in as SYSTEM (was Re: Quick password question...) Jason Tishler
[not found] ` <200209051437.50817.chris@atomice.net>
1 sibling, 1 reply; 7+ messages in thread
From: Bjoern Kahl AG Resy @ 2002-09-05 2:14 UTC (permalink / raw)
To: Marcos Lorenzo de Santiago; +Cc: tony.arnold, ssh-l, cygwin
Hallo!
On Thu, 5 Sep 2002, Marcos Lorenzo de Santiago wrote:
> On Thu, 5 Sep 2002 tony.arnold@man.ac.uk wrote:
>
> > On Wed, Sep 04, 2002 at 10:04:52PM -0400, Adam K Kirchhoff wrote:
> >
> > > Here's the problem I'm having: sshd refuses to do public key
> > > authentication when run as a Windows service. It will only work with
> > > password authentication.
> > > If I run sshd from the command line, it works just as one would expect and
> > > allows for public key authentication.
> >
> > I have a similar problem. sshd on my XP machine at work will not do public
> > key authentication when running as a service. Run it from a command prompt
> > window under the SYSTEM account and it does work!
In theorie, sshd should allow public key authentication in two
situations:
When run under SYSTEM-Account as service (because only SYSTEM may
change usercontext without a password) and when run as that user,
which tries to login with public key authentication (because there
is no usercontext switch neccessarie).
If it works form commandline as SYSTEM (btw.: how do you get a
command prompt running as SYSTEM? I thought that is impossible ...)
but not as a service under the SYSTEM account, then check your
PATH and CYGWIN variable. Is PATH and CYGWIN set to somthing usefull
when running as a service? Has the SYSTEM-account access to the ssh(d)
files? What about permissions of authorized_keys and know_hosts?
Just some random ideas. Hope this helps you.
Bjoern
--
+---------------------------------------------------------------------+
| Dipl.-Phys. Bjoern Kahl +++ AG Embedded Systems and Robotics (RESY) |
| Informatics Faculty +++ Building 48 +++ University of Kaiserslautern|
| phone: +49-631-205-2654 +++ www: http://resy.informatik.uni-kl.de |
+---------------------------------------------------------------------+
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Quick password question...
2002-09-04 23:59 ` Quick password question tony.arnold
2002-09-05 2:00 ` Marcos Lorenzo de Santiago
@ 2002-09-05 5:14 ` Adam K Kirchhoff
1 sibling, 0 replies; 7+ messages in thread
From: Adam K Kirchhoff @ 2002-09-05 5:14 UTC (permalink / raw)
To: ssh-l; +Cc: cygwin
Problem solved!
I started thinking about the fact that, under Unix, sshd won't do public
key authentication if the permissions on the users home directory and .ssh
directory aren't strict enough. So, even though I'm using a FAT32
filesystem, I decided to add "ntsec" to the CYGWIN variable (which,
previously, had only been "tty"). And voila, it worked!
Someone might want to modify the instructions about setting up sshd to say
that even if you're not using NTFS, you should still have ntsec in the
CYGWIN variable.
Oh, and I also had to modify the sshd service run with CYGWIN="ntsec tty",
as well.
Adam
On Thu, 5 Sep 2002 tony.arnold@man.ac.uk wrote:
> On Wed, Sep 04, 2002 at 10:04:52PM -0400, Adam K Kirchhoff wrote:
>
> > Here's the problem I'm having: sshd refuses to do public key
> > authentication when run as a Windows service. It will only work with
> > password authentication. And then, only if Windows has a password for
> > that user. If the password is blank (as I would like to be the case on my
> > home machine), sshd refuses to log me in with a blank password (even if
> > sshd_config allows for blank passwords). This isn't an issue with my work
> > machine since I want that account to have a password.
> >
> > If I run sshd from the command line, it works just as one would expect and
> > allows for public key authentication.
>
> I have a similar problem. sshd on my XP machine at work will not do public
> key authentication when running as a service. Run it from a command prompt
> window under the SYSTEM account and it does work!
>
> Regards,
> Tony.
> --
> Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,
> University of Manchester, Oxford Road, Manchester M13 9PL.
> T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> E-mail: tony.arnold@man.ac.uk, Home: http://www.man.ac.uk/Tony.Arnold
> --
> List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
> List Archives: http://archive.erdelynet.com/ssh-l/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Logging in as SYSTEM (was Re: Quick password question...)
2002-09-05 2:14 ` Bjoern Kahl AG Resy
@ 2002-09-05 5:54 ` Jason Tishler
2002-09-05 6:07 ` Bjoern Kahl AG Resy
0 siblings, 1 reply; 7+ messages in thread
From: Jason Tishler @ 2002-09-05 5:54 UTC (permalink / raw)
To: cygwin
Bjoern,
On Thu, Sep 05, 2002 at 11:14:17AM +0200, Bjoern Kahl AG Resy wrote:
> I thought that is impossible ...)
It's not -- use ssh to simulate su.
> (btw.: how do you get a command prompt running as SYSTEM?
0. Set up sshd (see /usr/doc/Cygwin/openssh-3.4p1-2.README)
1. Change your /etc/passwd SYSTEM entry to something like the following:
SYSTEM:*:18:18:Local System,U-FOOBAR\LocalSystem,S-1-5-18:/home/system:/bin/bash
2. Create /home/system/.ssh (with the appropriate permissions)
3. Create /home/system/.ssh/authorized_keys2 (with the appropriate
permissions)
4. Copy your ssh keys to /home/system/.ssh/authorized_keys2
5. ssh system@foobar
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging in as SYSTEM (was Re: Quick password question...)
2002-09-05 5:54 ` Logging in as SYSTEM (was Re: Quick password question...) Jason Tishler
@ 2002-09-05 6:07 ` Bjoern Kahl AG Resy
0 siblings, 0 replies; 7+ messages in thread
From: Bjoern Kahl AG Resy @ 2002-09-05 6:07 UTC (permalink / raw)
To: Jason Tishler; +Cc: cygwin
Hallo Jason & all
On Thu, 5 Sep 2002, Jason Tishler wrote:
> On Thu, Sep 05, 2002 at 11:14:17AM +0200, Bjoern Kahl AG Resy wrote:
> > I thought that is impossible ...)
>
> It's not -- use ssh to simulate su.
I use ssh almost daily as su replacement, but I missed the fact that
I can setup an SYSTEM account in cygwin :-)
[ good description deleted ]
Thank you for your answer!
Bjoern
--
+---------------------------------------------------------------------+
| Dipl.-Phys. Bjoern Kahl +++ AG Embedded Systems and Robotics (RESY) |
| Informatics Faculty +++ Building 48 +++ University of Kaiserslautern|
| phone: +49-631-205-2654 +++ www: http://resy.informatik.uni-kl.de |
+---------------------------------------------------------------------+
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging in as SYSTEM (was Re: Quick password question...)
[not found] ` <20020905150138.GA1240@tishler.net>
@ 2002-09-05 8:47 ` Christopher January
0 siblings, 0 replies; 7+ messages in thread
From: Christopher January @ 2002-09-05 8:47 UTC (permalink / raw)
To: Jason Tishler; +Cc: cygwin
On Thursday 05 Sep 2002 4:01 pm, you wrote:
> Chris,
>
> Did you mean to reply-all?
>
> On Thu, Sep 05, 2002 at 02:37:50PM +0100, Christopher January wrote:
> > On Thursday 05 Sep 2002 1:58 pm, Jason Tishler wrote:
> > > On Thu, Sep 05, 2002 at 11:14:17AM +0200, Bjoern Kahl AG Resy wrote:
> > > > I thought that is impossible ...)
> >
> > I have the source code to a program that does su. I'll try to make it
> > into a Cygwin program one day.
>
> Don't you need a daemon (i.e., service) able to switch user context
> (e.g., running under LocalSystem) to pull this off?
IIRC you can give an account certain priveleges which means it can do this
itself.
There were two program I was thinking of. One just opens a shell as the SYSTEM
user, the other logs on a user and runs a program as them (when given the
correct password).
Chris
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-09-05 15:32 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <Pine.CYG.4.44.0209042200150.2392-100000@yasira>
2002-09-04 23:59 ` Quick password question tony.arnold
2002-09-05 2:00 ` Marcos Lorenzo de Santiago
2002-09-05 2:14 ` Bjoern Kahl AG Resy
2002-09-05 5:54 ` Logging in as SYSTEM (was Re: Quick password question...) Jason Tishler
2002-09-05 6:07 ` Bjoern Kahl AG Resy
[not found] ` <200209051437.50817.chris@atomice.net>
[not found] ` <20020905150138.GA1240@tishler.net>
2002-09-05 8:47 ` Christopher January
2002-09-05 5:14 ` Quick password question Adam K Kirchhoff
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).