This is the mail archive of the
mailing list for the Cygwin project.
Re: sshd client can't access remote shares
- From: Igor Peshansky <pechtcha at cs dot nyu dot edu>
- To: Steve Briggs <zzybaloobah at yahoo dot com>
- Cc: cygwin at cygwin dot com
- Date: Sat, 21 Jan 2006 17:53:40 -0500 (EST)
- Subject: Re: sshd client can't access remote shares
- References: <firstname.lastname@example.org>
- Reply-to: cygwin at cygwin dot com
On Sat, 21 Jan 2006, Steve Briggs wrote:
> --- Igor Peshansky <pechtcha@XX.XXX.XXX> wrote:
> > On Fri, 20 Jan 2006, Steve Briggs wrote:
> > > I can't access network shares when I connect via sshd.
> > > bash>cygrunsrv -I sshd -p /usr/sbin/sshd -A -d
> > ^^^^^
> > I hope this is a typo (though your sshd output indicates that it isn't).
> > First off, the options should be "-a -D" (otherwise sshd will detach, and
> > won't be under cygrunsrv's control). Also, the "-d" option will cause
> > sshd to exit after the first connection.
> The "-A" is a typo, should be "-a".
That's what I thought.
> I tried both the "-D" (normally used option) and also "-d" during
> testing to get the additional debugging info.
Right, just making sure.
> > > bash>cygrunsrv -S sshd
> > > then login as Steve via sshd using password authentication
> > > (I have NOT set up authentication with keys), it says:
> > > "debug1: permanently_set_uid 14896/544"
> > > It lets me login as Steve with my password, but
> > > bash>"net use s: '\\rem_mach\rem_share'" immedidately gives:
> > > "System error 1312 has occured."
> > "net helpmsg 1312" shows that this error means that "A specified logon
> > session does not exist. It may already have been terminated."
> > > This also happens with
> > > bash>net use s: '\\rem_mach\rem_share' /user:Steve
> > > but
> > > bash>net use s: '\\rem_mach\rem_share' '/user:FDE\Steve' mypassword
> > > works (seems to be the only combination that does work).
> > > It doesn't seem to matter if I ssh in from a remote machine or locally
> > > (bash>ssh localhost).
> > You should also be able to issue a "net use s: '\\rem_mach\rem_share'
> > /user:Steve '*'", which will prompt you for a password.
> I tried that, it immediately responds with the 1312 error; does not
> prompt for a password (or if it does, it doesn't wait for a response...)
Probably the same issue that caused the original problem.
> BTW, if I login via ssh and try
> bash>cd //different_rem_mach/different_rem_share
> I get a "permission denied" error
Looks like ssh isn't creating the correct authentication token (even with
a password). Corinna used to have a program for inspecting the created
tokens -- she might have you run it and report the results at some point.
> > > I thought that if I used password authentication with sshd, that the
> > > process had all the correct user tokens to access shares on the
> > > domain?
> > This should be correct.
> > I wonder if this is related to the recent WindowStation changes in
> > Cygwin's fhandler_console...
> > > I've attached the output of "cgycheck -svr".
> > Which looks normal, BTW -- the only weird thing is that the userid for
> > "Steve" is 4896, not 14896 as you indicated in your /etc/passwd quote
> > above.
> Yes, let me explain. For some odd reason, the mkpasswd script
> added 10000 to the Win RIDs of 4896/544 to generate a UID/GID of 14896/
> 10544 in the /etc/passwd file.
This is avoid UID clashes between domain users and local ones.
> When my ssh login problems started, I manually edited the passwd file to
> make the UID/GID 4896/544 to agree with the SID entry in /etc/passwd.
> I've tried both ways (UID=4896 and UID=14896, with reboots in between),
> the error is the same.
> I assume that as far as user authentication is concerned, it's the
> SID in /etc/passwd and the user-supplied password that matters, not
> the UNIX UID?
Your assumption is correct. You don't even need to reboot when you change
the UID. What threw me off was that your original /etc/passwd quote
contained the larger UID.
> > If you're willing to build Cygwin from CVS, try commenting out lines
> > 149-151 of fhandler_console.cc and see if that makes your problem go
> > away. That should tell us if my guess is correct and the WindowStation
> > changes were the culprit.
> Thanks, I may try that later in the week.
Good. It's likely you'll have to debug it yourself, if other developers
can't reproduce your problem. Good luck.
|\ _,,,---,,_ email@example.com | firstname.lastname@example.org
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html