Re: Problems with ssh when I log into my PC using my corporate domain while working from home

[Norton Allen <allen@huarp.harvard.edu>]

On 4/23/2020 2:10 PM, Mark Hansen wrote:
> On 4/23/2020 10:26 AM, ASSI wrote:
>> Mark Hansen writes:
>>> Here is my user id (from the id command) when I log in from the office:
>>>
>>> uid=1293438(Mark.Hansen) gid=1049089(Domain Users) ...
>>>
>>> Here is the same when I've logged in with the machine at home:
>>>
>>> uid=1293438(MAN+User(244862)) gid=1293438
>>>
>>> (MAN) is the domain.
>>
>> That likely means that when you connect from home, you cannot talk to 
>> the
>> corporate domain server or you are ion a different domain.  The domain
>> part is only shown when it isn't the primary domain IIRC and since the
>> numerical user instead of the name is shown, that SID did not resolve.
>>
>>> The actual problem I'm having is that Cygwin tools like ssh, git, 
>>> etc. can't find my .ssh
>>> directory. They are looking in "/" rather than my home directory.
>>
>> Depending on how this is set up in your domain, you might need to point
>> either Cygwin or sshd to use a separate local directory.  You have no
>> network access on Windows (i.e. you won't be able to access any fils
>> shares) until you've authenticated with a password.
>>
>>> I tried copying my .ssh directory from my home to "/" and although 
>>> it was created, the
>>> files have the wrong permissions and I'm unable to change them.
>>
>> You would need to be either an admin and/or the user who installed
>> Cygwin for that to work, but you shouldn't do that.
>>
>>> Is there something I can tweak to get Cygwin to understand which 
>>> user I am so the ssh
>>> stuff can start working again?
>>
>> If Cygwin doesn't know who you are, then that means Windows doesn't know
>> either, so fixing this on the Cygwin side won't get you much further.
>>
>>
>> Regards,
>> Achim.
>>
>
> I think Windows knows who I am. I log into the machine using my normal 
> domain login
> credentials. The machine looks the way it does when I log in when the 
> machine is in the
> office - the desktop is the same, etc. - it's not acting like I'm a 
> new user or anything
> like that.
>
> Everything on the Windows side seems to be working fine. The only 
> issue I've found is with
> Cygwin. Is there a way (short of removing and reinstalling Cygwin) 
> that I can get Cygwin
> to recognize my current user so ssh and git can know where my home 
> directory is located?

I also have had to deal with this problem. You should certainly read 
https://cygwin.com/cygwin-ug-net/ntsec.html.

After much experimenting and consultation with Corinna, we decided the 
best solution for me was:

  * Create /etc/passwd and /etc/group files
      o For /etc/passwd, I included just my account, and I actually
        editted it further to use my preferred username (rather than my
        domain username) and my correct home directory
  * Edit /etc/nsswitch.conf with:
      o passwd: files
      o group: files

This is not the generally recommended configuration, but in the 
situation where you cannot reach the domain server, it may be the best 
alternative. You may or may not need to back these changes out when you 
are back at work. I have not had a problem at work, but we are only 
loosely connected to the domain, so YMMV.

-- 

=============================================================
Norton Allen (he/him/his)
Software Engineer
Harvard University School of Engineering and Applied Sciences
12 Oxford St., Link Bldg. (Office 282)
Cambridge, MA  02138
Phone: (617) 998-5553
=============================================================