This is the mail archive of the
mailing list for the Cygwin project.
Re: sshd w/o admin?
On Feb 19 10:50, Aaron Davies wrote:
> I tried moving all my keys aside (outside of ~/.ssh). Now "ssh
> localhost" on the local box takes my password, prints the banner, then
> quits with "Connection to localhost closed."
> % ssh localhost
> adavies@localhost's password:
> Last login: Thu Feb 19 10:41:39 2009 from localhost
> Connection to localhost closed.
> The same setreuid error is left in the event log
> Why exactly does it need to setreuid to me when it's already me? This
> sshd process is started by and running under the same id it's trying
> to become.
That's due to the way password authentication works. If you use
password authentication, a new user token is created under the hood.
When seteuid is called, it tries to use the user token, but it can't
because switching the user context requires a special user privilege
(SeImpersonatePrivilege, "Impersonate a client after authentication"),
which only Administrators and Services have by default.
Usually you simply use public key authentication. Be sure that
all sshd related files belong to you:
$ chown YOU /var/empty /etc/ssh*
Append your public key to your authorized_keys file:
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
For testing, start sshd in debug mode from one console window:
$ /usr/sbin/sshd -d
And start a session in another console:
$ ssh localhost
This works fine for me. If you start sshd in a running GUI session
as above, you also won't have problems with network drives.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html