W2K and sshd, ssh - asks for password

Igor Pechtchanski pechtcha@cs.nyu.edu
Fri Jul 26 13:31:00 GMT 2002 

On Fri, 26 Jul 2002, Brian Keener wrote:

> Now any ideas why running from the SYSTEM bash shell (with ntsec in use)
> sshd/ssh doesn't require the password but running as a service it does?
> Is this as I surmise a problem with the way the service is created and
> thus being run.

Brian,
I've had a similar thing happen on AIX.  Is your home directory on a
network share, by any chance?  When you run something as a service (or
from a service, like rexec), you cannot access network shares (at least I
couldn't).  ssh looks in $HOME/.ssh/ to figure out whether the host/user
is trusted.  If your home directory is on a network drive, it cannot be
reached from the ssh service, and so it has to authenticate you.
Hope this helps.
	Igor

Full message below:
On Fri, 26 Jul 2002, Brian Keener wrote:

> Corinna Vinschen wrote:
> > > I think that only the POSIX file mode using ACLs requires NTFS. The rest of what
> > > ntsec does just requires an NT OS, and FAT will do.
> >
> > You're right.  You just don't get real POSIX permissions on files,
> > but on process level ntsec still works.
> >
>
> Well you guys just clarified and confirmed what I discovered last night and problem
> now solved (partly) and sshd/ssh appears to be functioning as it should at least
> from the SYSTEM bash shell.
>
> I prepared and did the following test as Max described:
> > The server needs to run under the SYSTEM account, so you will need to get a
> > shell running under this account: As an administrator, run 'at hh:mm
> > /interactive C:\cygwin\cygwin.bat', where hh:mm is current time +1m. Once the
> > minute rolls over, you will have a bash shell running as SYSTEM. Now run
> > '/usr/sbin/sshd -ddde >sshd-log 2>&1'. Now, in a separate shell (not as SYSTEM),
> > try to log in - 'ssh myuser@localhost' As soon as you get the password prompt,
> > Ctrl-C. The sshd will exit as it is running in debug mode. Send sshd-log to
> > cygwin@cygwin.com in the body of an email.
>
> and I had the file all prepared to email and then decided based on his other
> comments about ntsec that I would just give it a try (which I should have done in
> the first place and saved everyone a lot of grief - but I was afraid of the NTFS
> requirement and screwing something up big time).  Lo and behold with sshd started as
> Max described and with NTSEC as part of my CYGWIN variable - I could type in:
>
> ssh localhost
>
> and there I was - the message of the day and logged in via SSH without it asking for
> a password.
>
> I then decided to try sshd as a service again (installed and started from within the
> SYSTEM bash shell I had running) but this time however it was back to asking for my
> password.  I tried testing various combinations of using the bash shell with user
> SYSTEM (as Max described above) and ntsec in my CYGWIN variable and essentially
> discovered the following:
>
> If I start sshd as a service it doesn't matter if I have ntsec in the CYGWIN
> environmental variable or not - it still will ask me for the password.  Whereas if I
> start sshd as Max described above without ntsec then ssh will ask for a password,
> but with ntsec then ssh will simply logon to the server and not ask for the
> password.
>
> One thing I have noticed though is that when I use cygrunsrv to install sshd as a
> service (with the cygwin variable specified with ntsec specified) and then go look
> at the service that was created - I see where it references cygrunsrv.exe but see no
> reference to those parameters about the cygwin variable.  This is on a Windows 2000
> system - where is this information kept that would cause sshd to start as a service
> with the cygwin variable set as required?  This is probably the big question that
> will fix my service problem.
>
> So I now have learned (and you folks confirmed) that ntsec does affect part of the
> system even when you don't NTFS.
>
> Good to know and thanks for the clarification from both of you.  Now any ideas why
> running from the SYSTEM bash shell (with ntsec in use) sshd/ssh doesn't require the
> password but running as a service it does?  Is this as I surmise a problem with the
> way the service is created and thus being run.
>
> bk

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

It took the computational power of three Commodore 64s to fly to the moon.
It takes a 486 to run Windows 95.  Something is wrong here. -- SC sig file


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list