This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Permission denied (publickey,password,keyboard-interactive).


Larry,

  I can't get the mkpasswd command see my domain account, I get:
$ mkpasswd -d -u je28004@tjanus.cap>>  /etc/passwd
mkpasswd (272): [2221] The user name could not be found.

je28004@S-EXSYSLOG01 ~
$ mkpasswd -d -u janusdev\je28004>>  /etc/passwd
mkpasswd (272): [2221] The user name could not be found.

  I am not sure if it matters, as the device I am backing up will be using public key authorization. But I don't know how to tell if any of this is working or should be working, so I was following that tutorial I linked in my first post. If there is a better way to test to see if my service is working correctly besides trying to ssh into it with a local account, please point me in the right direction.
  I am sorry for being so vague, I really am trying to help you help me. But I am not familiar with ssh, sftp, public key authorization or Cygwin. I know a little bit of linux, but most of this is past my comfort zone.
  I might try another product, but our security department has already approved this one, so I don't want to delay my project with getting another app approved. Plus, it seems like cygwin is the gold standard for sftp and is very security conscious.
  Again, thanks for your assistance, any further assistance would be greatly appreciated.
Dave M



----- Original Message ----
From: Dave M <dindenver@yahoo.com>
To: cygwin@cygwin.com
Sent: Wednesday, September 23, 2009 10:56:27 AM
Subject: Re: Fw: Permission denied (publickey,password,keyboard-interactive).



Larry,
  I started with the just running the script and it didn't work. I have only been trying chmod and the other stuff in my previous post since then.
  Will I get more help if I uninstall everything and try it again? I am just trying to get sftp to work. 
  I'll run
mkpasswd -d je28004@tjanus.cap>>  /etc/passwd
je28004@tjanus.cap is the domain account I am signed on with.
  But the issue I am having is logging into ssh with a local account (test), not je28004.

  And I will change the owner of /var/empty to sshd_server which is the local account that the sshd service uses. I have separated privileges turned on and in the readme it looked like it wanted the Owner to be SYSTEM.
  Thanks for your help, any guidance will be appreciated. I have tried all the stuff I know how to do so I am boned unless someone can help me.
  SFTP is the only way I can back up this device and the project I am working on is at a complete standstill until I can get a backup solution in place. Any time spent helping me is enormously appreciated.
Dave M


----- Original Message ----
From: Larry Hall (Cygwin) <reply-to-list-only-lh@cygwin.com>
To: cygwin@cygwin.com
Sent: Wednesday, September 23, 2009 9:28:56 AM
Subject: Re: Fw: Permission denied (publickey,password,keyboard-interactive).

On 09/23/2009 11:01 AM, Dave M wrote:
> Dave,
> 
> I checked that readme file. Um, I am not sure what it is telling me, it
> is  not really laid out step by step. I think it would be more useful if I read
> it from the bottom to the top. But still, I THINK I did everything it
> suggested. I had run ssh-host-config before, today I ran ssh-user-config and
> made SYSTEM the owner of /var/empty and checked the permissions on the
> sshd_server account (the host-config script had set them correctly, I didn't
> have to do anything to the account privileges).

SYSTEM is the proper owner for XP and W2K.  For later WIndows versions, it's
cyg_server.  See ssh-host-config and related scripts for all the details. Since it's
not possible to know what you've done in the process of playing around with this,
you'll need to manually check all the permissions and ownerships of files mentioned
in the scripts to make sure they are set as they are supposed to be.  This is why
using the scripts is highly recommended.  It's allot less work and error-prone. ;-)

<snip>

>    Also, every time I log in to the bash shell, I get this:
> Your group is currently "mkgroup".  This indicates that
> the /etc/group (and possibly /etc/passwd) files should be rebuilt.
> See the man pages for mkpasswd and mkgroup then, for example, run
> mkpasswd -l [-d]>  /etc/passwd
> mkgroup  -l [-d]>  /etc/group
> Note that the -d switch is necessary for domain users.
>    I have run:
> mkpasswd -l>  /etc/passwd
> mkgroup  -l>  /etc/group
> Both successfully (in that order) and the contents of those files "look"
> right, but I still keep getting that message. I don't know if this is
> related or not.

Since your user is a domain user, you need to use the '-d' flag indicated above in
both commands.

-- Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]