W2K and sshd, ssh - asks for password

Randall R Schulz rrschulz@cris.com
Fri Jul 26 20:59:00 GMT 2002 

Max,

Regarding this:

>I had this problem. It turned out that, despite what I thought, ntsec was 
>_not_
>actually in the CYGWIN variable.


You should be aware that certain keywords in the CYGWIN variable, among 
them "ntsec," are only examined when the Cygwin1.dll initially loads (i.e., 
every time a Cygwin application starts up and the Cygwin1.dll shared 
library was not already loaded; that can occur any number of times between 
reboots or logins).

In particular this means that no Cygwin code or script can meaningfully set 
the "ntsec" keyword in the CYGWIN variable--it must be supplied by the 
Windows environment. The usual way of doing this is to use the System 
control panel's Environment setting function.

Randall Schulz
Mountain View, CA USA


At 12:33 2002-07-26, Max Bowsher wrote:
>Brian Keener wrote:
> > If I start sshd as a service it doesn't matter if I have ntsec in the
> > CYGWIN environmental variable or not - it still will ask me for the
> > password.  Whereas if I start sshd as Max described above without
> > ntsec then ssh will ask for a password, but with ntsec then ssh will
> > simply logon to the server and not ask for the password.
>
>I had this problem. It turned out that, despite what I thought, ntsec was 
>_not_
>actually in the CYGWIN variable.
>
>Look in the server debug output for the following 2 lines (in order to get the
>output from when sshd is run as a service, change -D to -ddde in
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshd\Parameters\AppArgs.
>The output will be written to /var/log/sshd.log . Note that sshd will die 
>after
>every connection with -d, so remember to put it back to -D when you are 
>done.) :
>
>debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
>Failed publickey for max from 127.0.0.1 port 3064 ssh2
>
>The important part is "userauth_pubkey: authenticated 1" (NB _1_) followed
>immediately by "Failed publickey".
>
>Basically "authenticated 1" is saying 'authenticated successfully'. The only
>thing that can cause authntication to fail after this has been printed is 
>a bit
>of cygwin specific code that lacks and debug logging. Essentially, if this
>combination occurs, the problem is that CYGWIN does not contain ntsec.
>
>If this does not help, then you can try posting the output here for further
>suggestions.
>
>Max


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list