Re: accessing shared drives when logged in via ssh

Re: accessing shared drives when logged in via ssh

[Scott Evans]

> This is expected behavior if sshd is running as LocalSystem and you used
> publickey authentication when you logged in.  On my Win2k box, I can
> access shares if I use password authentication.  

No way -- really?  I'll have to try it.  

That behavior seems pretty surprising to me; why should the type of
authentication end you up with any more or less priveleges?  And for that
matter, why would *password* auth be treated as "more secure" than
publickey?


> Alternatively, you can run the sshd process as a specific user.  If you
> then use pubkey authentication (and are logging in as the user running
> sshd), you'll also have share access.

hm.  I suppose I could do that though it "feels" wrong since there are, 
in face, multiple user accounts on this machine.  

Sigh -- sometimes the line between Cygwin and Windows still confuses me.
Especially when there's no "su" that I know of.

Thanks for the tip, Dave...


scott




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: accessing shared drives when logged in via ssh

[Scott Evans]

Corinna Vinschen <corinna-cygwin@cygwin.com> writes:
> On Tue, Sep 10, 2002 at 11:45:58AM -0700, Scott Evans wrote:
> > In my case, I'm running on a workgroup and the shares on other machines 
> > are shared to *everyone*.  So it seems like I should indeed be able to get 
> > to them, regardless of who I am.
> 
> Everyone is not everyone :-)
> 
> There's a difference between shares which allow anonymous access and
> shares which allow access to every authenticated user.  The latter
> are demanding password authentication and therefore are not open to
> processes under a non-password context switch.  Of course I don't
> know which of them are used in your environment.

I don't either, since I'm using "simple networking" under XP for the
time being.  Under the "sharing" settings, I have "share this folder
on the network" checked, and "allow network users to change my files".
Those are the only options available with "simple networking".


--
 scott evans :: www.antisleep.com



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: accessing shared drives when logged in via ssh

[Corinna Vinschen]

On Tue, Sep 10, 2002 at 11:45:58AM -0700, Scott Evans wrote:
> > This is really a good thing.  Basically, the sshd daemon can not switch
> > user contexts within the domain without a password.  If that weren't the
> > case, a user with only local Admin rights could use ssh to become _any
> > user_ in the domain without ever providing a password for that user!
> 
> I guess this is where things get a little funny -- Windows has a "domain 
> administrator" while unix only has root on individual machines.
> 
> In my case, I'm running on a workgroup and the shares on other machines 
> are shared to *everyone*.  So it seems like I should indeed be able to get 
> to them, regardless of who I am.

Everyone is not everyone :-)

There's a difference between shares which allow anonymous access and
shares which allow access to every authenticated user.  The latter
are demanding password authentication and therefore are not open to
processes under a non-password context switch.  Of course I don't know
which of them are used in your environment.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: accessing shared drives when logged in via ssh

[Scott Evans]

> This is really a good thing.  Basically, the sshd daemon can not switch
> user contexts within the domain without a password.  If that weren't the
> case, a user with only local Admin rights could use ssh to become _any
> user_ in the domain without ever providing a password for that user!

I guess this is where things get a little funny -- Windows has a "domain 
administrator" while unix only has root on individual machines.

In my case, I'm running on a workgroup and the shares on other machines 
are shared to *everyone*.  So it seems like I should indeed be able to get 
to them, regardless of who I am.



scott


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: accessing shared drives when logged in via ssh

[David Rothenberger]

> > This is expected behavior if sshd is running as LocalSystem and you used
> > publickey authentication when you logged in.  On my Win2k box, I can
> > access shares if I use password authentication.
> 
> No way -- really?  I'll have to try it.
> 
> That behavior seems pretty surprising to me; why should the type of
> authentication end you up with any more or less priveleges?  And for that
> matter, why would *password* auth be treated as "more secure" than
> publickey?

This is really a good thing.  Basically, the sshd daemon can not switch
user contexts within the domain without a password.  If that weren't the
case, a user with only local Admin rights could use ssh to become _any
user_ in the domain without ever providing a password for that user!

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: accessing shared drives when logged in via ssh

[David Rothenberger]

This is expected behavior if sshd is running as LocalSystem and you used
publickey authentication when you logged in.  On my Win2k box, I can
access shares if I use password authentication.  Alternatively, you can
run the sshd process as a specific user.  If you then use pubkey
authentication (and are logging in as the user running sshd), you'll
also have share access.

Dave

Scott Evans wrote:
> 
> While I'm asking about weirdness I've seen recently...
> 
> I have a home network with 4 machines in a workgroup.  3 of them run
> XP, one still runs Win98.  I just installed XP on the "main" machine,
> which also runs sshd.  Now I find that I can't access shared drives on
> the other XP machines when I'm ssh'd in.  If I open a bash window
> directly on the machine, no problem.
> 
> In an ssh session, output looks like this:
> 
>   [gse] $ cd //studio/c
>   -bash: cd: //studio/c: Permission denied
> 
> Any ideas on where to start looking?  Would strace output be useful?
> 
> --
>  scott evans :: www.antisleep.com
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

accessing shared drives when logged in via ssh

[Scott Evans]

While I'm asking about weirdness I've seen recently...

I have a home network with 4 machines in a workgroup.  3 of them run
XP, one still runs Win98.  I just installed XP on the "main" machine,
which also runs sshd.  Now I find that I can't access shared drives on
the other XP machines when I'm ssh'd in.  If I open a bash window 
directly on the machine, no problem.

In an ssh session, output looks like this:

  [gse] $ cd //studio/c
  -bash: cd: //studio/c: Permission denied  


Any ideas on where to start looking?  Would strace output be useful?



--
 scott evans :: www.antisleep.com



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/