ssh with password allows commands that fail with ssh via key

Blando, Frank (Helion Managed Engineering) frank.blando@hpe.com
Fri Oct 2 00:14:00 GMT 2015


Thanks you for the pointer. I hope I read this correctly (It is kind of overwhelming), and unfortunately, that does not appear to be it.
1 - Unlike the mentioned description, access to network share works fine either way (Example command that works either way "powershell -command get-childitem \\server\share") - I have enabled CredSSP and I this might be why.
2 - Using passwd -R to register the password did not make the problem go away (In the windows tradition I restarted the service and killed all sessions)

Frank Blando
Your English beats my non-existent Russian!
-----Original Message-----
From: Andrey Repin [mailto:anrdaemon@yandex.ru] 
Sent: Thursday, October 1, 2015 5:27 PM
To: Blando, Frank (Helion Managed Engineering) <frank.blando@hpe.com>; cygwin@cygwin.com
Subject: Re: ssh with password allows commands that fail with ssh via key

Greetings, Blando, Frank (Helion Managed Engineering)!

> I suspect this is already answered somewhere, but my googling has not brought up an answer.

> Environment:
> CygWin with OpenSSH 6.6.1p1-3 on Windows 2012 R2. Using the domain 
> administrator account as the target on Windows.

> Issue:
> When I ssh into Windows from Linux, if I use a password, "powershell 
> -command get-cluster" works. If I use key (store in 
> .ssh/authorized_keys), "powershell -command get-cluster" returns 
> access denied. Simpler commands do not appear to make a distinction and work equally well with password or keys.

Please read the documentation. It is explicitly explained there in great detail.
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview


--
With best regards,
Andrey Repin
Friday, October 2, 2015 02:24:20

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list