This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Local accounts can't login via ssh, but domain accounts can
- From: Rodney Beede <cygwin at rodneybeede dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 11 Mar 2015 20:57:01 +0000
- Subject: Local accounts can't login via ssh, but domain accounts can
- Authentication-results: sourceware.org; auth=none
I am having an issue where domain accounts can login to my Cygwin
OpenSSH server, but local user accounts cannot.
I have tested on two separate computers with the following setup:
Windows 7 64-bit (both Ultimate and Enterprise editions) w/SP1
Cygwin - setup-x86_64.exe setup-version 2.870 (64-bit)
Cygwin version: CYGWIN_NT-6.1 1.7.35(0.287/5/3) 2015-03-04 12:09
OpenSSH_6.7p1, OpenSSL 1.0.1k 8 Jan 2015
I ran the following (as cygwin shell with Run as admin)
ssh-host-config
yes to StrictModes
yes to privilege separation
yes to local account sshd
yes to install as service
left blank value of CYGWIN
no to different name
yes to new privileged user account 'machine_name\cyg_server'
Provided a password
net start sshd
Verified I can login with a domain username and password no problem.
I create a local user account (not admin) and attempt to login.
Access denied.
"To many authentication failures for invalid user rodtest from
192.168.145.1 port 50338 ssh2" (also seen in Windows event viewer).
I try changing the local user to be in the Administrators group.
Same error.
I use mkpasswd -l > /etc/passwd
I use mkgroup -l > /etc/group
Same issue. Domain users can still login, but local user accounts cannot.
I also tried "fixing" the /etc/passwd and /etc/group ownership and
permissions so cyg_server owns them. No change.
The local user can login to Windows via RDP.
So to recap I can login with *domain* accounts via ssh, but I cannot
login with *local* user accounts. cyg_server is a local user account
not a domain account.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple