This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows Guest Account Locked SSH

On 11/6/2013 5:26 AM, wrote:
I have a similar problem to this post:

except that the version I am using is 1.7.25, downloaded relatively recently.

It seems that making an ssh connection to the CygWin host, using RSA
certificate to achieve passwordless connection, causes the SSHD service on
the host to perform an authentication using the account that the service is
hosted with ... but that it apparently does not qualify the account with a
domain (ie. the local machine) and apparently the assumption is that it
should be a DOMAIN account - there was no DOMAIN\CYG_SERVER account so it
fails and I assume it then tries DOMAIN\Guest as a fall-back, with the wrong
password and therefore locks out DOMAIN\Guest

So I created a DOMAIN\CYG_SERVER account with the same password as
<LOCALDOMAIN>\CYG_SERVER and presto!, SSH connections from my client with no
domain guest lockout.

I have googled to infinity and beyond and found only a few references to
this problem, and none of them suggest this or any other solution, merely
that you can try this and that (one relating to duplicated SID's - not the


Can anyone specify a better solution than creating a matching domain account?

I can't help thinking that I have missed some configuration item that
would deal with this directly.

No, this is exactly the way to do it.  ssh-host-config cannot create a
privileged domain account when run as any user from any machine so it
doesn't try to.  If you need a domain user to be able to authenticate with
pubkey, you have to do what you did to make that work.  The side effect
of locking the domain guest account is a new twist I hadn't heard of
before but then again, it is Windows we're talking about. ;-)



A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]