This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: ssh - no access to /dev/st0


At 03:02 PM 8/31/2004, you wrote:
>If I add sshd_server to the Administrators group, I can auto logon via
>ssh (using authorized_keys). Even though this is supposed to happen via
>ssh-host-config.



 From '/usr/share/doc/Cygwin/openssh.README':

  2003 Server has a funny new feature.  When starting services under SYSTEM
  account, these services have nearly all user rights which SYSTEM holds...
  except for the "Create a token object" right, which is needed to allow
  public key authentication :-(

  There's no way around this, except for creating a substitute account which
  has the appropriate privileges.  Basically, this account should be member
  of the administrators group, plus it should have the following user rights:

    Create a token object
    Logon as a service
    Replace a process level token
    Increase Quota

  The ssh-host-config script asks you, if it should create such an account,
  called "sshd_server".  If you say "no" here, you're on your own.  Please
  follow the instruction in ssh-host-config exactly if possible.  Note that
  ssh-user-config sets the permissions on 2003 Server machines dependent of
  whether a sshd_server account exists or not.

So your 'sshd_server' user should be a member of the administrators group if
it's going to work.  Did you use 'ssh-host-config' to create it in the first
place?  Does rerunning it make it any better?


>But I still do not have access to /dev/st0, but if I disable auto-logon
>and type in my password, all works.
>
>The interesting thing is that the id command returns a different set of
>groups for me when I log on automatically or I specify the password.
>
>The uid and gid are the same, but the list of groups is different: For
>the automatic logon I only get Domain Admins and Users
>
>Any suggestions would be appreciated.


Beyond what I already suggested (below), which I still think is 
valid/worthwhile advice, you might also review your '/etc/passwd'
and '/etc/group' too.


>Thanks.
>
>-----Original Message-----
>From: Larry Hall [mailto:blah blah blah]

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>

> 
>Sent: Tuesday, August 31, 2004 12:36 PM
>To: Cary Lewis; blah@blah.blah

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>

>Subject: RE: ssh - no access to /dev/st0
>
>At 12:24 PM 8/31/2004, you wrote:
>>The issue is that during command line execution of a tar command, sshd
>>has not set the environment properly, namely the mount points are not
>>there, so /dev/st0 does not exist, and the PATH variable does not point
>>to the correct cygwin files either.
>>
>>What might be causing this.
>>
>>It works fine with an interactive ssh session (providing auto logon is
>>not set up).
>>
>
>
>I think it's time to start over on this one too:
>
>>Problem reports:       http://cygwin.com/problems.html
>
>
>You might want to run your server in debug mode and see if you can 
>spot the problem here.  My WAG is permissions problems on ~/.ssh and/or
>log files/directories and/or 'sshd' isn't running with all the
>permissions 
>it needs.  But that's just guessing.  The debug output should help
>ferret
>out the real answer.

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]