* Inaccessible remote volumes when logged in via ssh
@ 2004-05-10 21:10 Brindl Ronald
2004-05-10 22:10 ` Joshua Daniel Franklin
0 siblings, 1 reply; 6+ messages in thread
From: Brindl Ronald @ 2004-05-10 21:10 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1168 bytes --]
When i log in to my system via ssh as a normal (non-admin) user, I
cannot access network-volumes mounted to a drive letter.
For example i have the following setup:
\\asterix\shared mounted to local drive letter J: on machine obelix
On obelix, when i start a local instance of a cygwin shell, i can do "ls
j:" or mount "j:" "/j".
If i dont do a "cygwin-mount", i see it under /cygdrive/j/.
When i log in to obelix via ssh, i dont see that volume at all. I cant
ls it, i cant mount it etc:
$ ls /cygdrive/j
ls: /cygdrive/j: No such file or directory
Or
$ mount "j:" "/j"
mount: warning - /j does not exist.
mount: defaulting to '--no-executable' flag for speed since native path
references a remote share. Use '-f' option to override.
mount: /j: Permission denied
I have all the necessary permissions on that volume.
And now comes the strange thing:
When i am in a local cygwin-shell and do a "ssh localhost -l bpc" (where
bpc is my local user), then I can access everything!
Also when I log in remotly via ssh as admin-user.
Sshd is running as local system, UsePrivilegeSeparation is off.
Are there some sshd-settings which i have to set?
Thanks, ron.
[-- Attachment #2: cygcheck.out --]
[-- Type: application/octet-stream, Size: 13256 bytes --]
Cygwin Win95/NT Configuration Diagnostics
Current System Time: Mon May 10 22:25:22 2004
Windows 2000 Professional Ver 5.0 Build 2195 Service Pack 4
Path: C:\cygwin\usr\local\bin
C:\cygwin\bin
C:\cygwin\bin
C:\cygwin\usr\X11R6\bin
c:\WINNT\system32
c:\WINNT
c:\WINNT\System32\Wbem
c:\PROGRA~1\GEMEIN~1\Odbc\FILEMA~1
C:\cygwin\bin
Output from C:\cygwin\bin\id.exe (nontsec)
UID: 500(Administrator) GID: 513(Kein)
513(Kein)
Output from C:\cygwin\bin\id.exe (ntsec)
UID: 500(Administrator) GID: 513(Kein)
0(root) 513(Kein)
544(Administratoren) 545(Benutzer)
SysDir: C:\WINNT\system32
WinDir: C:\WINNT
CYGWIN = `ntsec tty'
HOME = `C:\cygwin\home\Administrator'
MAKE_MODE = `unix'
PWD = `/home/Administrator'
USER = `Administrator'
ALLUSERSPROFILE = `C:\Dokumente und Einstellungen\All Users'
COMMONPROGRAMFILES = `C:\Programme\Gemeinsame Dateien'
COMPUTERNAME = `OBELIX'
COMSPEC = `C:\WINNT\system32\cmd.exe'
CVS_RSH = `/bin/ssh'
HOMEDRIVE = `C:'
HOMEPATH = `\cygwin\home\Administrator'
HOSTNAME = `OBELIX'
INFOPATH = `/usr/local/info:/usr/info:/usr/share/info:/usr/autotool/devel/info:/usr/autotool/stable/info:'
LOGNAME = `Administrator'
LOGONSERVER = `\\OBELIX'
MAIL = `/var/spool/mail/Administrator'
MANPATH = `/usr/local/man:/usr/man:/usr/share/man:/usr/autotool/devel/man::/usr/ssl/man'
NUMBER_OF_PROCESSORS = `1'
OLDPWD = `/home/Administrator'
OS2LIBPATH = `C:\WINNT\system32\os2\dll;'
OS = `Windows_NT'
PATHEXT = `.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH'
PROCESSOR_ARCHITECTURE = `x86'
PROCESSOR_IDENTIFIER = `x86 Family 6 Model 4 Stepping 2, AuthenticAMD'
PROCESSOR_LEVEL = `6'
PROCESSOR_REVISION = `0402'
PROGRAMFILES = `C:\Programme'
PS1 = `\[\033]0;\w\007
\033[32m\]\u@\h \[\033[33m\w\033[0m\]
$ '
SHELL = `/bin/bash'
SHLVL = `1'
SSH_CLIENT = `xxxxxxxxxxxxxxxxxxxxxxxxx'
SSH_CONNECTION = `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
SSH_TTY = `/dev/tty0'
SYSTEMDRIVE = `C:'
SYSTEMROOT = `C:\WINNT'
TEMP = `c:\WINNT\TEMP'
TERM = `xterm'
TMP = `c:\WINNT\TEMP'
TZ = ` -1 -2,M3.5.0/2,M10.5.0/3'
USERDOMAIN = `OBELIX'
USERNAME = `Administrator'
WINDIR = `C:\WINNT'
_ = `/usr/bin/cygcheck'
POSIXLY_CORRECT = `1'
HKEY_CURRENT_USER\Software\Cygnus Solutions
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\Program Options
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2
(default) = `/cygdrive'
cygdrive flags = 0x00000022
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(default) = `C:\cygwin'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin
(default) = `C:\cygwin/bin'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/lib
(default) = `C:\cygwin/lib'
flags = 0x0000000a
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\Program Options
a: fd N/A N/A
c: hd NTFS 19610Mb 17% CP CS UN PA FC
d: cd N/A N/A
j: net NTFS 57670Mb 6% CP CS UN PA FC
C:\cygwin / system binmode
C:\cygwin/bin /usr/bin system binmode
C:\cygwin/lib /usr/lib system binmode
. /cygdrive system binmode,cygdrive
Found: C:\cygwin\bin\awk.exe
Found: C:\cygwin\bin\bash.exe
Found: C:\cygwin\bin\cat.exe
Found: C:\cygwin\bin\cp.exe
Not Found: cpp (good!)
Found: C:\cygwin\bin\find.exe
Not Found: gcc
Not Found: gdb
Found: C:\cygwin\bin\grep.exe
Not Found: ld
Found: C:\cygwin\bin\ls.exe
Not Found: make
Found: C:\cygwin\bin\mv.exe
Found: C:\cygwin\bin\rm.exe
Found: C:\cygwin\bin\sed.exe
Found: C:\cygwin\bin\sh.exe
Found: C:\cygwin\bin\tar.exe
61k 2003/08/09 C:\cygwin\bin\cygbz2-1.dll - os=4.0 img=1.0 sys=4.0
"cygbz2-1.dll" v0.0 ts=2003/8/9 8:35
7k 2003/10/19 C:\cygwin\bin\cygcrypt-0.dll - os=4.0 img=1.0 sys=4.0
"cygcrypt-0.dll" v0.0 ts=2003/10/19 9:57
841k 2004/03/17 C:\cygwin\bin\cygcrypto-0.9.7.dll - os=4.0 img=1.0 sys=4.0
"cygcrypto-0.9.7.dll" v0.0 ts=2004/3/17 23:58
617k 2004/03/22 C:\cygwin\bin\cygcurl-2.dll - os=4.0 img=1.0 sys=4.0
"cygcurl-2.dll" v0.0 ts=2004/3/22 16:52
22k 2004/02/10 C:\cygwin\bin\cygcygipc-2.dll - os=4.0 img=1.0 sys=4.0
"cygcygipc-2.dll" v0.0 ts=2004/2/10 3:48
45k 2001/04/25 C:\cygwin\bin\cygform5.dll - os=4.0 img=1.0 sys=4.0
"cygform5.dll" v0.0 ts=2001/4/25 7:28
35k 2002/01/09 C:\cygwin\bin\cygform6.dll - os=4.0 img=1.0 sys=4.0
"cygform6.dll" v0.0 ts=2002/1/9 7:03
48k 2003/08/09 C:\cygwin\bin\cygform7.dll - os=4.0 img=1.0 sys=4.0
"cygform7.dll" v0.0 ts=2003/8/9 11:25
28k 2003/07/20 C:\cygwin\bin\cyggdbm-3.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm-3.dll" v0.0 ts=2003/7/20 9:58
30k 2003/08/11 C:\cygwin\bin\cyggdbm-4.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm-4.dll" v0.0 ts=2003/8/11 4:12
19k 2003/03/22 C:\cygwin\bin\cyggdbm.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm.dll" v0.0 ts=2002/2/20 4:05
15k 2003/07/20 C:\cygwin\bin\cyggdbm_compat-3.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm_compat-3.dll" v0.0 ts=2003/7/20 10:00
15k 2003/08/11 C:\cygwin\bin\cyggdbm_compat-4.dll - os=4.0 img=1.0 sys=4.0
"cyggdbm_compat-4.dll" v0.0 ts=2003/8/11 4:13
69k 2003/08/10 C:\cygwin\bin\cyggettextlib-0-12-1.dll - os=4.0 img=1.0 sys=4.0
"cyggettextlib-0-12-1.dll" v0.0 ts=2003/8/11 0:10
12k 2003/08/10 C:\cygwin\bin\cyggettextpo-0.dll - os=4.0 img=1.0 sys=4.0
"cyggettextpo-0.dll" v0.0 ts=2003/8/11 0:11
134k 2003/08/10 C:\cygwin\bin\cyggettextsrc-0-12-1.dll - os=4.0 img=1.0 sys=4.0
"cyggettextsrc-0-12-1.dll" v0.0 ts=2003/8/11 0:10
17k 2001/06/28 C:\cygwin\bin\cyghistory4.dll - os=4.0 img=1.0 sys=4.0
"cyghistory4.dll" v0.0 ts=2001/1/7 5:34
29k 2003/08/10 C:\cygwin\bin\cyghistory5.dll - os=4.0 img=1.0 sys=4.0
"cyghistory5.dll" v0.0 ts=2003/8/11 1:16
958k 2003/08/10 C:\cygwin\bin\cygiconv-2.dll - os=4.0 img=1.0 sys=4.0
"cygiconv-2.dll" v0.0 ts=2003/8/10 22:57
22k 2001/12/13 C:\cygwin\bin\cygintl-1.dll - os=4.0 img=1.0 sys=4.0
"cygintl-1.dll" v0.0 ts=2001/12/13 10:28
37k 2003/08/10 C:\cygwin\bin\cygintl-2.dll - os=4.0 img=1.0 sys=4.0
"cygintl-2.dll" v0.0 ts=2003/8/10 23:50
26k 2001/04/25 C:\cygwin\bin\cygmenu5.dll - os=4.0 img=1.0 sys=4.0
"cygmenu5.dll" v0.0 ts=2001/4/25 7:27
20k 2002/01/09 C:\cygwin\bin\cygmenu6.dll - os=4.0 img=1.0 sys=4.0
"cygmenu6.dll" v0.0 ts=2002/1/9 7:03
29k 2003/08/09 C:\cygwin\bin\cygmenu7.dll - os=4.0 img=1.0 sys=4.0
"cygmenu7.dll" v0.0 ts=2003/8/9 11:25
15k 2003/11/20 C:\cygwin\bin\cygminires.dll - os=4.0 img=0.97 sys=4.0
"cygminires.dll" v0.0 ts=2003/11/20 2:55
156k 2001/04/25 C:\cygwin\bin\cygncurses++5.dll - os=4.0 img=1.0 sys=4.0
"cygncurses++5.dll" v0.0 ts=2001/4/25 7:29
175k 2002/01/09 C:\cygwin\bin\cygncurses++6.dll - os=4.0 img=1.0 sys=4.0
"cygncurses++6.dll" v0.0 ts=2002/1/9 7:03
226k 2001/04/25 C:\cygwin\bin\cygncurses5.dll - os=4.0 img=1.0 sys=4.0
"cygncurses5.dll" v0.0 ts=2001/4/25 7:17
202k 2002/01/09 C:\cygwin\bin\cygncurses6.dll - os=4.0 img=1.0 sys=4.0
"cygncurses6.dll" v0.0 ts=2002/1/9 7:03
224k 2003/08/09 C:\cygwin\bin\cygncurses7.dll - os=4.0 img=1.0 sys=4.0
"cygncurses7.dll" v0.0 ts=2003/8/9 11:24
15k 2001/04/25 C:\cygwin\bin\cygpanel5.dll - os=4.0 img=1.0 sys=4.0
"cygpanel5.dll" v0.0 ts=2001/4/25 7:27
12k 2002/01/09 C:\cygwin\bin\cygpanel6.dll - os=4.0 img=1.0 sys=4.0
"cygpanel6.dll" v0.0 ts=2002/1/9 7:03
19k 2003/08/09 C:\cygwin\bin\cygpanel7.dll - os=4.0 img=1.0 sys=4.0
"cygpanel7.dll" v0.0 ts=2003/8/9 11:24
62k 2003/12/11 C:\cygwin\bin\cygpcre-0.dll - os=4.0 img=1.0 sys=4.0
"cygpcre-0.dll" v0.0 ts=2003/12/11 18:01
63k 2003/04/11 C:\cygwin\bin\cygpcre.dll - os=4.0 img=1.0 sys=4.0
"cygpcre.dll" v0.0 ts=2003/4/11 10:31
9k 2003/12/11 C:\cygwin\bin\cygpcreposix-0.dll - os=4.0 img=1.0 sys=4.0
"cygpcreposix-0.dll" v0.0 ts=2003/12/11 18:01
61k 2003/04/11 C:\cygwin\bin\cygpcreposix.dll - os=4.0 img=1.0 sys=4.0
"cygpcreposix.dll" v0.0 ts=2003/4/11 10:31
22k 2002/06/09 C:\cygwin\bin\cygpopt-0.dll - os=4.0 img=1.0 sys=4.0
"cygpopt-0.dll" v0.0 ts=2002/6/9 7:45
108k 2001/06/28 C:\cygwin\bin\cygreadline4.dll - os=4.0 img=1.0 sys=4.0
"cygreadline4.dll" v0.0 ts=2001/1/7 5:34
148k 2003/08/10 C:\cygwin\bin\cygreadline5.dll - os=4.0 img=1.0 sys=4.0
"cygreadline5.dll" v0.0 ts=2003/8/11 1:16
171k 2004/03/17 C:\cygwin\bin\cygssl-0.9.7.dll - os=4.0 img=1.0 sys=4.0
"cygssl-0.9.7.dll" v0.0 ts=2004/3/17 23:58
61k 2003/12/04 C:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0
"cygz.dll" v0.0 ts=2003/12/4 4:03
1100k 2004/03/19 C:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0
"cygwin1.dll" v0.0 ts=2004/3/19 5:05
Cygwin DLL version info:
DLL version: 1.5.9
DLL epoch: 19
DLL bad signal mask: 19005
DLL old termios: 5
DLL malloc env: 28
API major: 0
API minor: 112
Shared data: 4
DLL identifier: cygwin1
Mount registry: 2
Cygnus registry name: Cygnus Solutions
Cygwin registry name: Cygwin
Program options name: Program Options
Cygwin mount registry name: mounts v2
Cygdrive flags: cygdrive flags
Cygdrive prefix: cygdrive prefix
Cygdrive default prefix:
Build date: Thu Mar 18 23:05:18 EST 2004
Shared id: cygwin1S4
Cygwin Package Information
Last downloaded files to: C:\cygwin-packages
Last downloaded files from: ftp://ftp.gwdg.de/pub/linux/sources.redhat.com/cygwin
Package Version
_update-info-dir 00227-1
ash 20040127-1
base-files 2.6-1
base-passwd 1.1-1
bash 2.05b-16
bzip2 1.0.2-5
cron 3.0.1-11
crypt 1.1-1
curl 7.11.1-1
cygipc 2.03-2
cygrunsrv 1.0-1
cygwin 1.5.9-1
diffutils 2.8.7-1
editrights 1.01-1
fileutils 4.1-2
findutils 4.1.7-4
gawk 3.1.3-4
gdbm 1.8.3-7
grep 2.5-1
groff 1.18.1-2
gzip 1.3.5-1
inetutils 1.3.2-27
less 381-1
libbz2_1 1.0.2-5
libgdbm 1.8.0-5
libgdbm-devel 1.8.3-7
libgdbm3 1.8.3-3
libgdbm4 1.8.3-7
libgettextpo0 0.12.1-3
libiconv2 1.9.1-3
libintl1 0.10.40-1
libintl2 0.12.1-3
libncurses5 5.2-1
libncurses6 5.2-8
libncurses7 5.3-4
libpcre 4.1-1
libpcre0 4.5-1
libpopt0 1.6.4-4
libreadline4 4.1-2
libreadline5 4.3-5
login 1.9-7
man 1.5k-3
minires 0.97-1
mktemp 1.5-3
ncurses 5.3-4
openssh 3.8.1p1-1
openssl 0.9.7d-1
postgresql 7.4.1-3
readline 4.3-5
sed 4.0.9-2
sh-utils 2.0.15-4
ssmtp 2.60.4-3
tar 1.13.25-5
termcap 20021106-2
terminfo 5.3_20030726-1
texinfo 4.2-4
textutils 2.0.21-1
unzip 5.50-5
vim 6.2.098-1
wget 1.9.1-1
which 1.5-2
zip 2.3-6
zlib 1.2.1-1
Use -h to see help about each section
[-- Attachment #3: Type: text/plain, Size: 218 bytes --]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Inaccessible remote volumes when logged in via ssh
2004-05-10 21:10 Inaccessible remote volumes when logged in via ssh Brindl Ronald
@ 2004-05-10 22:10 ` Joshua Daniel Franklin
2004-05-11 14:05 ` AW: " Brindl Ronald
0 siblings, 1 reply; 6+ messages in thread
From: Joshua Daniel Franklin @ 2004-05-10 22:10 UTC (permalink / raw)
To: rbrindl, cygwin
On Mon, 10 May 2004 22:50:27 +0200, Brindl Ronald <rbrindl@gmx.at> wrote:
> Sshd is running as local system,
Are you logging in with a password or publickey?
Are you using the 'net use' command?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* AW: Inaccessible remote volumes when logged in via ssh
2004-05-10 22:10 ` Joshua Daniel Franklin
@ 2004-05-11 14:05 ` Brindl Ronald
2004-05-13 6:31 ` Larry Hall
0 siblings, 1 reply; 6+ messages in thread
From: Brindl Ronald @ 2004-05-11 14:05 UTC (permalink / raw)
To: 'Joshua Daniel Franklin', cygwin
I am logging in using password (i already heard of troubles using
publickey, altough i can log in as normal user using public key)
The volume is mounted using the explorer menu (extra -> connect drive, i
dont know if thats correct because i have a german version), and it is
configured to mount automatically at startup.
I just tried to use "net use" in my ssh-session and noticed it doesnt
work (system error 1312)
It is the same case as in
http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
And in
http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
And
http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
It has something to do with user-privileges and that the sshd runs as
user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
not as user which logged in.
What i dont understand is, why it works when i log in locally via ssh
(ssh localhost -l bpc). It should also run as user system without
network-privileges.
I tried the following:
At <current-time + 1> /INTERACTIVE cmd
Which should open a cmd-shell in one minute which runs as SYSTEM.
The shell opens and i also have no access to the network.
So i tried to start the sshd service as user "sshd" (changed owner of
all files, adjusted the security policies etc). The service starts but
the strange result is, that i cant login with password anymore, only
with public key !!! And i still dont have acces to network .
When i do a ps -W -f i get:
sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv
sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd
0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe
bpc 1716 1680 1 14:11:46 /usr/bin/ps
0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe
So i assume, the shell still run under SYSTEM account
Trying around with UsePrivilegeSeperation i had trouble starting the
service at all. (complained about wrong privileges of /var/empty)
Ron.
-----Ursprüngliche Nachricht-----
Von: Joshua Daniel Franklin [mailto:joshuadfranklin@gmail.com]
Gesendet: Montag, 10. Mai 2004 22:21
An: rbrindl@gmx.at; cygwin@cygwin.com
Betreff: Re: Inaccessible remote volumes when logged in via ssh
On Mon, 10 May 2004 22:50:27 +0200, Brindl Ronald <rbrindl@gmx.at>
wrote:
> Sshd is running as local system,
Are you logging in with a password or publickey?
Are you using the 'net use' command?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh
2004-05-11 14:05 ` AW: " Brindl Ronald
@ 2004-05-13 6:31 ` Larry Hall
2004-05-21 9:10 ` Rob S.i.k.l.o.s
0 siblings, 1 reply; 6+ messages in thread
From: Larry Hall @ 2004-05-13 6:31 UTC (permalink / raw)
To: Brindl Ronald, cygwin
At 09:01 AM 5/11/2004, you wrote:
>I am logging in using password (i already heard of troubles using
>publickey, altough i can log in as normal user using public key)
>The volume is mounted using the explorer menu (extra -> connect drive, i
>dont know if thats correct because i have a german version), and it is
>configured to mount automatically at startup.
Well, something is wrong with your password authentication then because
the behavior you're getting is exactly the same as with public key
authentication.
>I just tried to use "net use" in my ssh-session and noticed it doesnt
>work (system error 1312)
>It is the same case as in
>http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
>And in
>http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
>
>And
>http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
>
>It has something to do with user-privileges and that the sshd runs as
>user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
>not as user which logged in.
No, that's not quite right. *If* you use password authentication when you
'ssh' into your Cygwin ssh server, you will be authenticated by Windows and
have full access to whatever resource (including shares) Windows allows you.
*If* you use public key authentication, you can access any resource that does
not require Windows authentication (including public shares). Either way,
you are running the 'ssh' session as the user you specify (or default to)
for that session. Only 'sshd' runs as SYSTEM (by default). Running 'sshd'
allows switching the user context from SYSTEM to the requested user for
the 'ssh' session.
>What i dont understand is, why it works when i log in locally via ssh
>(ssh localhost -l bpc).
It "works" because you're already authenticated with Windows on that machine
as the user you're shelling in as. So Windows knows this user and therefore
will provide access to the restricted resources.
>It should also run as user system without
>network-privileges.
No that's incorrect.
>I tried the following:
>At <current-time + 1> /INTERACTIVE cmd
>
>Which should open a cmd-shell in one minute which runs as SYSTEM.
>The shell opens and i also have no access to the network.
That's expected.
>So i tried to start the sshd service as user "sshd" (changed owner of
>all files, adjusted the security policies etc). The service starts but
>the strange result is, that i cant login with password anymore, only
>with public key !!! And i still dont have acces to network .
>When i do a ps -W -f i get:
>
> sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv
> sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd
> 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe
> bpc 1716 1680 1 14:11:46 /usr/bin/ps
> 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe
Don't know why you tried this but as you can see, it doesn't buy you
anything.
>So i assume, the shell still run under SYSTEM account
No. Now it would be run as user 'sshd', with whatever privileges the 'sshd'
user has. By default, this user has no ability to switch user contexts so
no matter who you log in as, you will always be 'sshd'.
>Trying around with UsePrivilegeSeperation i had trouble starting the
>service at all. (complained about wrong privileges of /var/empty)
If you start changing the user that 'sshd' runs as, you're going to need
to be careful about resetting file ownership on many files and directories
that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as
any user other than SYSTEM (unless you're running on W2K3 - see the openssh
README for details on running on that platform). At this point, you're
probably best off removing 'openssh' from your system, cleaning up any
leftover files, and reinstalling, using the install scripts and directions
provided with the package. If you're still have problems, we need to know
the steps you took, any messages you got, log files generated, configuration
file settings, etc. But keep in mind you can find out allot about what
'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
on. See the man pages for details.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh
2004-05-13 6:31 ` Larry Hall
@ 2004-05-21 9:10 ` Rob S.i.k.l.o.s
2004-05-21 9:33 ` Larry Hall
0 siblings, 1 reply; 6+ messages in thread
From: Rob S.i.k.l.o.s @ 2004-05-21 9:10 UTC (permalink / raw)
To: cygwin
Hello,
I just noticed that I am also using this problem.
For example:
$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)
w: on /w type system (binmode,noumount)
z: on /z type system (binmode,noumount)
$ ssh rsiklos@localhost
rsiklos@localhost's password:
Last login: Thu May 20 22:00:01 2004 from localhost
You are successfully logged in to this server!!!
$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)
I have no idea why this is happening. I know I had it working with sshd on
win2k, but I'm running XP now. Other than the o/s change, and updating
cygwin every once in a while (including today), I haven't done anything
different. I just reinstalled cygwin from scratch (wanted to do it anyways)
and the problem is still there.
Anything I can do to to figure out what the problem is?
Thanks a million,
Rob.
----- Original Message -----
From: "Larry Hall" <cygwin-lh@cygwin.com>
To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com>
Sent: Wednesday, May 12, 2004 10:53 PM
Subject: Re: AW: Inaccessible remote volumes when logged in via ssh
> At 09:01 AM 5/11/2004, you wrote:
> >I am logging in using password (i already heard of troubles using
> >publickey, altough i can log in as normal user using public key)
> >The volume is mounted using the explorer menu (extra -> connect drive, i
> >dont know if thats correct because i have a german version), and it is
> >configured to mount automatically at startup.
>
>
> Well, something is wrong with your password authentication then because
> the behavior you're getting is exactly the same as with public key
> authentication.
>
>
> >I just tried to use "net use" in my ssh-session and noticed it doesnt
> >work (system error 1312)
> >It is the same case as in
> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
> >And in
> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
> >
> >And
> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
> >
> >It has something to do with user-privileges and that the sshd runs as
> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
> >not as user which logged in.
>
>
> No, that's not quite right. *If* you use password authentication when you
> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows
and
> have full access to whatever resource (including shares) Windows allows
you.
> *If* you use public key authentication, you can access any resource that
does
> not require Windows authentication (including public shares). Either way,
> you are running the 'ssh' session as the user you specify (or default to)
> for that session. Only 'sshd' runs as SYSTEM (by default). Running
'sshd'
> allows switching the user context from SYSTEM to the requested user for
> the 'ssh' session.
>
>
> >What i dont understand is, why it works when i log in locally via ssh
> >(ssh localhost -l bpc).
>
>
> It "works" because you're already authenticated with Windows on that
machine
> as the user you're shelling in as. So Windows knows this user and
therefore
> will provide access to the restricted resources.
>
>
> >It should also run as user system without
> >network-privileges.
>
>
> No that's incorrect.
>
>
> >I tried the following:
> >At <current-time + 1> /INTERACTIVE cmd
> >
> >Which should open a cmd-shell in one minute which runs as SYSTEM.
> >The shell opens and i also have no access to the network.
>
>
> That's expected.
>
>
> >So i tried to start the sshd service as user "sshd" (changed owner of
> >all files, adjusted the security policies etc). The service starts but
> >the strange result is, that i cant login with password anymore, only
> >with public key !!! And i still dont have acces to network .
> >When i do a ps -W -f i get:
> >
> > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv
> > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd
> > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe
> > bpc 1716 1680 1 14:11:46 /usr/bin/ps
> > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe
>
>
> Don't know why you tried this but as you can see, it doesn't buy you
> anything.
>
>
> >So i assume, the shell still run under SYSTEM account
>
>
> No. Now it would be run as user 'sshd', with whatever privileges the
'sshd'
> user has. By default, this user has no ability to switch user contexts so
> no matter who you log in as, you will always be 'sshd'.
>
>
> >Trying around with UsePrivilegeSeperation i had trouble starting the
> >service at all. (complained about wrong privileges of /var/empty)
>
>
> If you start changing the user that 'sshd' runs as, you're going to need
> to be careful about resetting file ownership on many files and directories
> that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as
> any user other than SYSTEM (unless you're running on W2K3 - see the
openssh
> README for details on running on that platform). At this point, you're
> probably best off removing 'openssh' from your system, cleaning up any
> leftover files, and reinstalling, using the install scripts and directions
> provided with the package. If you're still have problems, we need to know
> the steps you took, any messages you got, log files generated,
configuration
> file settings, etc. But keep in mind you can find out allot about what
> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
> on. See the man pages for details.
>
>
>
> --
> Larry Hall http://www.rfk.com
> RFK Partners, Inc. (508) 893-9779 - RFK Office
> 838 Washington Street (508) 893-9889 - FAX
> Holliston, MA 01746
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: AW: Inaccessible remote volumes when logged in via ssh
2004-05-21 9:10 ` Rob S.i.k.l.o.s
@ 2004-05-21 9:33 ` Larry Hall
0 siblings, 0 replies; 6+ messages in thread
From: Larry Hall @ 2004-05-21 9:33 UTC (permalink / raw)
To: Rob S.i.k.l.o.s, cygwin
I can confirm the problem on XP as well as the inverse on W2K (I'm just
mapping and 'subst'ing to a local share). For the moment at least, beyond
debugging it of course, I don't have any good suggestions for you. It may
well be that XP disallows this functionality though. If you investigate,
please follow up on the list with your results.
Larry
At 10:04 PM 5/20/2004, you wrote:
>Hello,
>
>I just noticed that I am also using this problem.
>
>For example:
>
>$ mount
>C:\cygwin\bin on /usr/bin type system (binmode)
>C:\cygwin\lib on /usr/lib type system (binmode)
>C:\cygwin on / type system (binmode)
>c: on /c type system (binmode,noumount)
>w: on /w type system (binmode,noumount)
>z: on /z type system (binmode,noumount)
>
>$ ssh rsiklos@localhost
>rsiklos@localhost's password:
>Last login: Thu May 20 22:00:01 2004 from localhost
>You are successfully logged in to this server!!!
>
>$ mount
>C:\cygwin\bin on /usr/bin type system (binmode)
>C:\cygwin\lib on /usr/lib type system (binmode)
>C:\cygwin on / type system (binmode)
>c: on /c type system (binmode,noumount)
>
>I have no idea why this is happening. I know I had it working with sshd on
>win2k, but I'm running XP now. Other than the o/s change, and updating
>cygwin every once in a while (including today), I haven't done anything
>different. I just reinstalled cygwin from scratch (wanted to do it anyways)
>and the problem is still there.
>
>Anything I can do to to figure out what the problem is?
>
>Thanks a million,
>
>Rob.
>
>----- Original Message -----
>From: "Larry Hall" <cygwin-lh@cygwin.com>
>To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com>
>Sent: Wednesday, May 12, 2004 10:53 PM
>Subject: Re: AW: Inaccessible remote volumes when logged in via ssh
>
>
>> At 09:01 AM 5/11/2004, you wrote:
>> >I am logging in using password (i already heard of troubles using
>> >publickey, altough i can log in as normal user using public key)
>> >The volume is mounted using the explorer menu (extra -> connect drive, i
>> >dont know if thats correct because i have a german version), and it is
>> >configured to mount automatically at startup.
>>
>>
>> Well, something is wrong with your password authentication then because
>> the behavior you're getting is exactly the same as with public key
>> authentication.
>>
>>
>> >I just tried to use "net use" in my ssh-session and noticed it doesnt
>> >work (system error 1312)
>> >It is the same case as in
>> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
>> >And in
>> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
>> >
>> >And
>> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
>> >
>> >It has something to do with user-privileges and that the sshd runs as
>> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
>> >not as user which logged in.
>>
>>
>> No, that's not quite right. *If* you use password authentication when you
>> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows
>and
>> have full access to whatever resource (including shares) Windows allows
>you.
>> *If* you use public key authentication, you can access any resource that
>does
>> not require Windows authentication (including public shares). Either way,
>> you are running the 'ssh' session as the user you specify (or default to)
>> for that session. Only 'sshd' runs as SYSTEM (by default). Running
>'sshd'
>> allows switching the user context from SYSTEM to the requested user for
>> the 'ssh' session.
>>
>>
>> >What i dont understand is, why it works when i log in locally via ssh
>> >(ssh localhost -l bpc).
>>
>>
>> It "works" because you're already authenticated with Windows on that
>machine
>> as the user you're shelling in as. So Windows knows this user and
>therefore
>> will provide access to the restricted resources.
>>
>>
>> >It should also run as user system without
>> >network-privileges.
>>
>>
>> No that's incorrect.
>>
>>
>> >I tried the following:
>> >At <current-time + 1> /INTERACTIVE cmd
>> >
>> >Which should open a cmd-shell in one minute which runs as SYSTEM.
>> >The shell opens and i also have no access to the network.
>>
>>
>> That's expected.
>>
>>
>> >So i tried to start the sshd service as user "sshd" (changed owner of
>> >all files, adjusted the security policies etc). The service starts but
>> >the strange result is, that i cant login with password anymore, only
>> >with public key !!! And i still dont have acces to network .
>> >When i do a ps -W -f i get:
>> >
>> > sshd 1608 1 ? 14:10:21 /usr/bin/cygrunsrv
>> > sshd 1348 1720 ? 14:11:09 /usr/sbin/sshd
>> > 0 756 0 ? 14:11:11 C:\cygwin\bin\bash.exe
>> > bpc 1716 1680 1 14:11:46 /usr/bin/ps
>> > 0 1760 0 ? 14:11:47 C:\cygwin\bin\ps.exe
>>
>>
>> Don't know why you tried this but as you can see, it doesn't buy you
>> anything.
>>
>>
>> >So i assume, the shell still run under SYSTEM account
>>
>>
>> No. Now it would be run as user 'sshd', with whatever privileges the
>'sshd'
>> user has. By default, this user has no ability to switch user contexts so
>> no matter who you log in as, you will always be 'sshd'.
>>
>>
>> >Trying around with UsePrivilegeSeperation i had trouble starting the
>> >service at all. (complained about wrong privileges of /var/empty)
>>
>>
>> If you start changing the user that 'sshd' runs as, you're going to need
>> to be careful about resetting file ownership on many files and directories
>> that 'sshd' and 'ssh' use. It isn't recommended that you run 'sshd' as
>> any user other than SYSTEM (unless you're running on W2K3 - see the
>openssh
>> README for details on running on that platform). At this point, you're
>> probably best off removing 'openssh' from your system, cleaning up any
>> leftover files, and reinstalling, using the install scripts and directions
>> provided with the package. If you're still have problems, we need to know
>> the steps you took, any messages you got, log files generated,
>configuration
>> file settings, etc. But keep in mind you can find out allot about what
>> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
>> on. See the man pages for details.
>>
>>
>>
>> --
>> Larry Hall http://www.rfk.com
>> RFK Partners, Inc. (508) 893-9779 - RFK Office
>> 838 Washington Street (508) 893-9889 - FAX
>> Holliston, MA 01746
>>
>>
>> --
>> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports: http://cygwin.com/problems.html
>> Documentation: http://cygwin.com/docs.html
>> FAQ: http://cygwin.com/faq/
>>
>>
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-05-21 4:33 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-05-10 21:10 Inaccessible remote volumes when logged in via ssh Brindl Ronald
2004-05-10 22:10 ` Joshua Daniel Franklin
2004-05-11 14:05 ` AW: " Brindl Ronald
2004-05-13 6:31 ` Larry Hall
2004-05-21 9:10 ` Rob S.i.k.l.o.s
2004-05-21 9:33 ` Larry Hall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).