File access and open-ssh issue

Serge Pluess spluess@sanmateocourt.org
Fri Sep 7 11:10:00 GMT 2001


Hi

thanks for the response, This is exactly why I mentioned Point 1 - File access.

The files have the correct permissions (0600) (as also mentioned on that website).
But the owner can't open the files with this mode set, so I think that is why then in Point 2 Open-SSH fails with the passphrase but works with the password.

Thanks again

Serge

>>> Peter Buckley <peter.buckley@cportcorp.com> 09/07/01 09:40AM >>>
2. SSH-

Check out Mike Erdely's webpage 
http://tech.erdelynet.com 
it has some info no setting 
up and configuring SSH for cygwin, 
with a section on chmod-ing the 
host and key files. 

HTH,
Peter

-----Original Message-----
From: Serge Pluess [ mailto:spluess@sanmateocourt.org ] 
Sent: Friday, September 07, 2001 12:25 PM
To: cygwin@cygwin.com 
Subject: File access and open-ssh issue


Hi

two things I would like to find some help with:

First of all. I downloaded and installed the setup.exe from the website this
Tuesday. The machine is running Windows 2000 Server and is part of an NT
Domain (but is not the PDC nor BDC). At the side of having full
administrative rights on the NT domain I also added a local user to the
machine with the same password and gave it the rights mentioned in the
docs/faqs.

I also created a system wide variable CYGWIN=binmode ntsec tty

1. File access. 

When I double click on the cygwin icon I get the bash shell. I create a
test.txt file with vi and when I do a ls -lisa I get the following output:

    835139    1 -rw-rw-rw-    1 spluess  None            5 Sep  7 06:30
test.txt

if I do a chmod 600 on test.txt:

  565193935    1 -rw-------    1 spluess  None            5 Sep  7 06:30
test.txt

Now if I try to use vi again or less I get 

  spluess@COURTNET ~
  $ less test.txt
  test.txt: Permission denied

Now this is with the default installation and nothing changed in any
configuration file.

I think that this is also causing my problems with the second item SSH

2. Open-SSH

Ok, so on a clean install of Cygwin I open the bash shell and issue the
following command:

  spluess@COURTNET ~
  $ ssh-host-config
  Generating /etc/ssh_host_key
  Generating /etc/ssh_host_rsa_key
  Generating /etc/ssh_host_dsa_key
  Generating /etc/ssh_config file
  Generating /etc/sshd_config file

  Do you want to install sshd as service?
  (Say "no" if it's already installed as service) (yes/no) yes

  Which value should the environment variable CYGWIN have when
  sshd starts? It's recommended to set at least "ntsec" to be
  able to change user context without password.
  Default is "binmode ntsec tty".  CYGWIN=binmode ntsec tty

  The service has been installed under LocalSystem account.

  Host configuration finished. Have fun!

Then I issue the ssh-user-config:

  spluess@COURTNET ~
  $ ssh-user-config
  Shall I create an SSH1 RSA identity file for you? (yes/no) yes
  Generating /home/spluess/.ssh/identity
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Do you want to use this identity to login to this machine? (yes/no) yes
  Adding to /home/spluess/.ssh/authorized_keys
  Shall I create an SSH2 RSA identity file for you? (yes/no)  (yes/no) yes
  Generating /home/spluess/.ssh/id_rsa
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Do you want to use this identity to login to this machine? (yes/no) yes
  Adding to /home/spluess/.ssh/authorized_keys2
  Shall I create an SSH2 DSA identity file for you? (yes/no)  (yes/no) yes
  Generating /home/spluess/.ssh/id_dsa
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Do you want to use this identity to login to this machine? (yes/no) yes
  Adding to /home/spluess/.ssh/authorized_keys2

  Configuration finished. Have fun!

Now if I look at my .ssh folder I get the following output:

spluess@COURTNET ~/.ssh
$ ls -lisa
total 16
1465433688    4 drwxrwxrwx    2 spluess  None         4096 Sep  7 06:39 .
    376421    4 drwxrwxrwx    3 spluess  None         4096 Sep  7 06:36 ..
    769643    1 -rw-rw-rw-    1 spluess  None          335 Sep  7 06:36
authorized_keys
    376447    1 -rw-rw-rw-    1 spluess  None          832 Sep  7 06:39
authorized_keys2
 496617810    1 -rw-------    1 spluess  None          736 Sep  7 06:39
id_dsa
    376449    1 -rw-r--r--    1 spluess  None          606 Sep  7 06:39
id_dsa.pub
 447068477    1 -rw-------    1 spluess  None          951 Sep  7 06:36
id_rsa
   1490550    1 -rw-r--r--    1 spluess  None          226 Sep  7 06:36
id_rsa.pub
 432150836    1 -rw-------    1 spluess  None          531 Sep  7 06:36
identity
    769641    1 -rw-r--r--    1 spluess  None          335 Sep  7 06:36
identity.pub

Now as mentioned above I do not have access to any of the key files

So now if I launch sshd -d  and ssh -v localhost I get the following
scenario:

  $ ssh -v localhost
  OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
  debug1: Reading configuration data /etc/ssh_config
  debug1: Applying options for *
  debug1: Seeding random number generator
  debug1: Rhosts Authentication disabled, originating port will not be
trusted.
  debug1: restore_uid
  debug1: ssh_connect: getuid 1006 geteuid 1006 anon 1
  debug1: Connecting to localhost [127.0.0.1] port 22.
  debug1: temporarily_use_uid: 1006/513 (e=1006)
  debug1: restore_uid
  debug1: temporarily_use_uid: 1006/513 (e=1006)
  debug1: restore_uid
  debug1: Connection established.
  debug1: identity file /home/spluess/.ssh/identity type -1
  debug1: identity file /home/spluess/.ssh/id_rsa type 1
  debug1: identity file /home/spluess/.ssh/id_dsa type 2
  debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p2
  debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
  Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_2.9p2
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug1: dh_gen_key: priv key bits set: 141/256
  debug1: bits set: 1032/2049
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Forcing accepting of host key for loopback/localhost.
  debug1: bits set: 1022/2049
  debug1: ssh_rsa_verify: signature correct
  debug1: kex_derive_keys
  debug1: newkeys: mode 1
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: waiting for SSH2_MSG_NEWKEYS
  debug1: newkeys: mode 0
  debug1: SSH2_MSG_NEWKEYS received
  debug1: done: ssh_kex2.
  debug1: send SSH2_MSG_SERVICE_REQUEST
  debug1: service_accept: ssh-userauth
  debug1: got SSH2_MSG_SERVICE_ACCEPT
  debug1: authentications that can continue:
publickey,password,keyboard-interactive
  debug1: next auth method to try is publickey
  debug1: try privkey: /home/spluess/.ssh/identity
  Enter passphrase for key '/home/spluess/.ssh/identity':
  Enter passphrase for key '/home/spluess/.ssh/identity':
  Enter passphrase for key '/home/spluess/.ssh/identity':
  debug1: try pubkey: /home/spluess/.ssh/id_rsa
  debug1: authentications that can continue:
publickey,password,keyboard-interactive
  debug1: try pubkey: /home/spluess/.ssh/id_dsa
  debug1: authentications that can continue:
publickey,password,keyboard-interactive
  debug1: next auth method to try is password
  spluess@localhost's password:
  debug1: ssh-userauth2 successful: method password
  debug1: channel 0: new [client-session]
  debug1: channel_new: 0
  debug1: send channel open 0
  debug1: Entering interactive session.
  debug1: client_init id 0 arg 0
  debug1: channel request 0: shell
  debug1: channel 0: open confirm rwindow 0 rmax 16384
  Last login: Thu Sep  6 09:14:35 2001 from athlon_sp
  >

Even though I entered the identical Passphrase all the tries with it failed
and I got in on the password try.
66 Sep  7 06:39 id_dsa
    3764
Right now I am just guessing that this has to do with the file permissions
of the "key" files.

I have looked at the faq and the documentation and so far I haven't been
able to figure out how to get this to work.

Thanks for any hints/help/information in advance 

Serge


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple 
Bug reporting:         http://cygwin.com/bugs.html 
Documentation:         http://cygwin.com/docs.html 
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list