"/bin/bash: permission denied" using Cygwin ssh/sshd under WinXP 2003 x64: resolved

Brian Kasper kasper@aero.org
Wed Dec 13 23:18:00 GMT 2006

I've been having terrible problems getting Cygwin ssh/sshd to work under 
the x64 version of WinXP 2003 SP1.  The basic symptom has been that if I 
ran sshd as a service, I was unable to run any executables during the 
ssh login procedure.  This included bash.exe, so my attempts to ssh into 
localhost have looked like this:

C:\cygwin\etc>ssh localhost
kasper@localhost's password:
Last login: Tue Nov 14 12:09:47 2006 from
You are successfully logged in to this server!!!
/bin/bash: Permission denied
Connection to localhost closed.

This happened with any executable I tried to use as my shell.

If, however, I ran sshd from a bash prompt, I could log in without 
problems.  After much Googling, reading of the gmane.os.cygwin archives, 
and posting a few messages to the newsgroup (thanks to those who 
replied!), I was still completely befuddled.  Today, while trying random 
things, I tried running sshd from a bash prompt that I'd started as 
another user (Administrator, in this case) and then ssh'ing to localhost 
as kasper -- and I was unable to log in.

The failure involved a "permission denied" error when sshd tried to run 
the "seteuid" command.  I surmised that the problems I'd been seeing 
might stem from the fact that the user running sshd is "sshd_server" and 
the user logging in via ssh is "kasper".

I then tried to start a bash prompt as user sshd_server to test further, 
and I was informed that this user didn't have this right on my system. 
Looking at "Local Security Settings" in the Local Security Policy 
control panel (under "Settings..Administrative Tools"), I discovered 
that while sshd_server is in the Users group, and Users is granted the 
"Allow log on locally" right, the sshd_server user is also listed under 
"Deny log on locally".

I removed sshd_server from the "Deny log on locally" list, and was then 
able to start a bash session as sshd_server.  Starting sshd from this 
bash session, I was then able to ssh to localhost as kasper.

Because I'd mucked about with a few things and wanted to make sure ssh 
would still work under "vanilla" conditions, I then rebooted my system. 
  After the reboot cycle, ssh to localhost or to the hostname of my 
system still worked.

The only odd thing is that the ssh authentication prompt is now "Enter 
passphrase for key '/home/kasper/.ssh/id_rsa':" instead of 
"kasper@localhost's password:", but I don't *think* that's too big a deal.


Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list