SSHD, Cygwin and Windows 2003 : continued with user rights

Larry Hall
Wed Sep 17 19:49:00 GMT 2003

Hm, I thought I was clear.  Let me try again addressing iisreset

iisreset doesn't work in the scenario you described because it's a Microsoft tool which knows nothing of the Cygwin environment.  Cygwin's ssh using 
pubkey authentication doesn't authenticate the user with Windows.  So if
you need certain credentials to perform some operation in Windows, pubkey
authentication won't provide them.  If you need to run iisreset through ssh,
you will need to use password authentication, which takes the password for 
the user 'administrator' and authenticates for Windows with it.  You should
then be able to use iisreset (if authentication is really the only thing
getting in the way with pubkey).

I don't know what are the "*some commands*" you're speaking of, but if they 
are Cygwin utilities, then I think the answer is obvious.  If they are not 
Cygwin utilities, then I would have to say that they don't require special 
privileges to run.  This is actually true for most utilities.  But if this 
is still confusing for you, you'll have to provide specifics.  However, I 
think you'll find that it's likely that anything that works for you in ssh 
using pubkey authentication falls into one of the two groups of utilities I 



At 02:56 PM 9/17/2003, Olivier ALLART you wrote:

>Thank you for the details, but then, why *some commands* work and not others ?
>And more specifically, how can I make *this command* work ?
>Larry Hall wrote:
>>I think you missed the fact that pubkey authentication does impersonation,
>>not Windows-style authentication.  So Windows apps won't recognize the pubkey
>>authentication as providing permissions to run restricted programs.  You'll
>>have to use password authentication if you want Windows to recognize the
>>user you've become via ssh.  You can find all sorts of discussion on the difference between pubkey and password authentication for ssh in the email archives if you're interested.
>At 12:40 PM 9/17/2003, Olivier ALLART you wrote:
>>Following Mark J de Jong 's step by step howto (see end of mail for some add-ons), I can now effectively log in with pkey method (that is, no password) using the 'administrator' user name.
>>'whoami' returns 'administrator', however asking for a command such as IISRESET returns the error 'you are not a local administrator of this machine...', which means the rights management has failed somewhere.
>>Larry Hall                    
>>RFK Partners, Inc.                      (508) 893-9779 - RFK Office
>>838 Washington Street                   (508) 893-9889 - FAX
>>Holliston, MA 01746                     
>Unsubscribe info:
>Problem reports:

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list