[1.7.1] ssh key auth (pubkey) problem

Julius Davies juliusdavies@gmail.com
Wed Feb 10 22:53:00 GMT 2010 

Hi,


I've read the mailing lists and I know you guys don't think this is a
bug, but I wish you'd reconsider.  I don't really care that "we did
things incorrectly in Cygwin 1.5 and it worked when it shouldn't have"
because:

1.  I don't want my little SCP accounts to be local Administrators!
This is going to get flagged in any security audit.

2.  There is no way I will ever get "Admin" on the domain for the sshd
account.  It's a big domain.  Over 5,000 staff.  I own this one
machine.  That's it.


Windows 2003 Server, Standard Edition, SP2.  I believe Cygwin recently
upgraded itself from 1.5 to 1.7.  Cygcheck.out attached.


1.  I run 'groups' command remotely over ssh.  I'm asked for my password.
---------------------------------
$ ssh  julius@1.2.3.4  groups
julius@1.2.3.4's password:
None Users


2.  I scp my public key.
---------------------------------
$ scp authorized_keys  julius@1.2.3.4:~/.ssh/
julius@1.2.3.4's password:
authorized_keys


3.  I run 'groups' command remotely.  Now it fails.
---------------------------------
$ ssh  julius@1.2.3.4    groups
     58 [main] sshd 512 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114


4.  I scp my public key again for fun.  It also fails.
---------------------------------
$ scp authorized_keys  julius@1.2.3.4:~/.ssh/
    105 [main] sshd 5012 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- could not load user32, Win32 error 1114
lost connection


5.   But I can ssh and then type 'groups'.  Hmm.....
---------------------------------
$ ssh  julius@1.2.3.4
Last login: Wed Feb 10 14:41:32 2010 from flower
julius@1.2.3.4 ~
$ groups
None Users

julius@1.2.3.4 ~
$ exit
logout
Connection to 1.2.3.4 closed.


6.  If I add myself to the local "Administrators" group things work.
---------------------------------
$ ssh  julius@1.2.3.4    groups
None Administrators Users

$ scp authorized_keys  julius@1.2.3.4:~/.ssh/
authorized_keys


7.  If I remove myself from local "Administrators" group...
---------------------------------
$ ssh  julius@1.2.3.4    groups
     26 [main] sshd 3384 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- could not load



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/logging.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck.out
Type: application/octet-stream
Size: 18153 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20100210/777b7218/attachment.obj>
-------------- next part --------------
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list