This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How do I run sshd as a particular user?

On Fri, Apr 11, 2008 at 8:22 PM, Alfred von Campe <> wrote:
> On Apr 11, 2008, at 11:48, I wrote:
> > Well, I spoke a little too soon.  I got this working on two systems, but
> can not get it to work on a third.  The ssh daemon appears to start (neither
> cygrunsrv -S nor starting it from the Services Panel gives an error), but it
> really does not.
> >
>  I managed to solve this by rebooting the system and re-running
> ssh-host-config (and then changing permissions, etc.).  I now have all three
> build systems working as expected.
>  Thanks again for all the help,

I'm a bit late to this discussion.. I set this up a while ago and one
interesting thing that I noticed is that you can:

net use \\whatever /user:domain\user

instead of

net use x: \\whatever /user:domain\user

(ie: without specifying a drive letter).

If you don't specify a drive letter then it works even when you are
logged in without a password. Taking this one step further, you can
make a symlink

ln -s '\\whatever' /remotefilesystem
and then just access files in /remotefilesystem instead of /cygdrive/X

This pretty much solved the issue of accessing network drives when
logged in without a password.

Later a requirement was introduced that we run sshd as an unprivileged
user and so I switched to having a service that logs in with a
password as you are now doing.

In order to run sshd as an unprivileged user I had to use a nasty
hexedit hack on the sshd.exe file to replace the seteuid() call (which
fails / returns -1 without admin privileges and causes sshd to exit)
with a call to isalpha() which has (almost) the same function
prototype, but always returns 0 unless your userid 'is an alphanumeric
charater' :)

If you run without admin privileges sshd can't actually verify
passwords for passworded logins, but ssh keys seemed to work just fine
which is what we wanted anyway. Obviously you can only log in as that
one user that's running ssh, but again this was acceptable.


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]