From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from endymion.arp.harvard.edu (endymion.arp.harvard.edu [140.247.179.94]) by sourceware.org (Postfix) with ESMTPS id 3A6FF3959C8E for ; Thu, 23 Apr 2020 18:57:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3A6FF3959C8E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=huarp.harvard.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=allen@huarp.harvard.edu Received: from [192.168.7.24] (pool-74-104-152-231.bstnma.fios.verizon.net [74.104.152.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by endymion.arp.harvard.edu (Postfix) with ESMTPSA id DBD7B6C005A; Thu, 23 Apr 2020 14:57:24 -0400 (EDT) Subject: Re: Problems with ssh when I log into my PC using my corporate domain while working from home To: cygwin@cygwin.com References: <871roeyuy0.fsf@Otto.invalid> <49c12452-3402-54ff-57ba-f61757d99ae0@mehconsulting.com> From: Norton Allen Cc: Mark Hansen Message-ID: Date: Thu, 23 Apr 2020 14:57:24 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <49c12452-3402-54ff-57ba-f61757d99ae0@mehconsulting.com> Content-Language: en-US X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, HTML_MESSAGE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 18:57:27 -0000 On 4/23/2020 2:10 PM, Mark Hansen wrote: > On 4/23/2020 10:26 AM, ASSI wrote: >> Mark Hansen writes: >>> Here is my user id (from the id command) when I log in from the office: >>> >>> uid=1293438(Mark.Hansen) gid=1049089(Domain Users) ... >>> >>> Here is the same when I've logged in with the machine at home: >>> >>> uid=1293438(MAN+User(244862)) gid=1293438 >>> >>> (MAN) is the domain. >> >> That likely means that when you connect from home, you cannot talk to >> the >> corporate domain server or you are ion a different domain.  The domain >> part is only shown when it isn't the primary domain IIRC and since the >> numerical user instead of the name is shown, that SID did not resolve. >> >>> The actual problem I'm having is that Cygwin tools like ssh, git, >>> etc. can't find my .ssh >>> directory. They are looking in "/" rather than my home directory. >> >> Depending on how this is set up in your domain, you might need to point >> either Cygwin or sshd to use a separate local directory.  You have no >> network access on Windows (i.e. you won't be able to access any fils >> shares) until you've authenticated with a password. >> >>> I tried copying my .ssh directory from my home to "/" and although >>> it was created, the >>> files have the wrong permissions and I'm unable to change them. >> >> You would need to be either an admin and/or the user who installed >> Cygwin for that to work, but you shouldn't do that. >> >>> Is there something I can tweak to get Cygwin to understand which >>> user I am so the ssh >>> stuff can start working again? >> >> If Cygwin doesn't know who you are, then that means Windows doesn't know >> either, so fixing this on the Cygwin side won't get you much further. >> >> >> Regards, >> Achim. >> > > I think Windows knows who I am. I log into the machine using my normal > domain login > credentials. The machine looks the way it does when I log in when the > machine is in the > office - the desktop is the same, etc. - it's not acting like I'm a > new user or anything > like that. > > Everything on the Windows side seems to be working fine. The only > issue I've found is with > Cygwin. Is there a way (short of removing and reinstalling Cygwin) > that I can get Cygwin > to recognize my current user so ssh and git can know where my home > directory is located? I also have had to deal with this problem. You should certainly read https://cygwin.com/cygwin-ug-net/ntsec.html. After much experimenting and consultation with Corinna, we decided the best solution for me was: * Create /etc/passwd and /etc/group files o For /etc/passwd, I included just my account, and I actually editted it further to use my preferred username (rather than my domain username) and my correct home directory * Edit /etc/nsswitch.conf with: o passwd: files o group: files This is not the generally recommended configuration, but in the situation where you cannot reach the domain server, it may be the best alternative. You may or may not need to back these changes out when you are back at work. I have not had a problem at work, but we are only loosely connected to the domain, so YMMV. -- ============================================================= Norton Allen (he/him/his) Software Engineer Harvard University School of Engineering and Applied Sciences 12 Oxford St., Link Bldg. (Office 282) Cambridge, MA 02138 Phone: (617) 998-5553 =============================================================