Windows Guest Account Locked SSH
Jez.Noake@gmp.police.uk
Jez.Noake@gmp.police.uk
Wed Nov 6 10:26:00 GMT 2013
I have a similar problem to this post:
http://cygwin.com/ml/cygwin/2012-06/msg00507.html
except that the version I am using is 1.7.25, downloaded relatively recently.
It seems that making an ssh connection to the CygWin host, using RSA certificate to achieve passwordless connection, causes the SSHD service on the host to perform an authentication using the account that the service is hosted with ... but that it apparently does not qualify the account with a domain (ie. the local machine) and apparently the assumption is that it should be a DOMAIN account - there was no DOMAIN\CYG_SERVER account so it fails and I assume it then tries DOMAIN\Guest as a fall-back, with the wrong password and therefore locks out DOMAIN\Guest
So I created a DOMAIN\CYG_SERVER account with the same password as <LOCALDOMAIN>\CYG_SERVER and presto!, SSH connections from my client with no domain guest lockout.
I have googled to infinity and beyond and found only a few references to this problem, and none of them suggest this or any other solution, merely that you can try this and that (one relating to duplicated SID's - not the reason)
I have tried to attach the sanitized output of cygcheck -s -v -r > cygcheck.out
as suggested and copies of the ssh config files, but Cygwin mailserver sees the mail as spam?!
The SSH configs on both the host and client have been modified to eliminate any passworded/ Kerberos/GSSAPI options leaving just the publickey authentication.
Can anyone specify a better solution than creating a matching domain account?
I can't help thinking that I have missed some configuration item that would deal with this directly.
To contact the police in an emergency call 999 or to contact Greater Manchester Police for a less urgent matter call 101.
For the latest news and information about your Neighbourhood Policing Team visit www.gmp.police.uk. You can also follow us on Twitter: www.twitter.com/gmpolice or find us on Facebook: www.facebook.com/GtrManchesterPolice , Flickr: www.flickr.com/gmpolice or YouTube: www.youtube.com/gmpolice
This e mail carries a disclaimer, a copy of which may be read at:
http://www.gmp.police.uk/emaildisclaimer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck.out
Type: application/octet-stream
Size: 27718 bytes
Desc: cygcheck.out
URL: <http://cygwin.com/pipermail/cygwin/attachments/20131106/f4ef368b/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ssh_config.txt
URL: <http://cygwin.com/pipermail/cygwin/attachments/20131106/f4ef368b/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sshd_config.txt
URL: <http://cygwin.com/pipermail/cygwin/attachments/20131106/f4ef368b/attachment-0001.txt>
-------------- next part --------------
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list