Can't ssh to a Cygwin machine in the Windows domain -- seteuid

Sat Dec 19 22:53:04 GMT 2020

Hi,

I would like to run Cygwin ssh in a few computers in a Windows Domain.
The DC is Samba, running in Debian 10.

I found several issues. Lastly I decided to follow a guide, this:
https://microtechnology-services.github.io/2016/04/29/cygwin-sshd-on-windows-domain.html

It did not go well, so I followed partially another document, it is not 
specific for the domain,
but it is very recent, this:
https://www.softwareab.net/wordpress/cygwin-sshd-pubkey-authentication/

Still, I can't make it work after about 2 days of struggling.

This is what I did.

1] Install Cygwin, the usual way (i did it more then once). Install packages
openssh and ruby.

2] Prepare a user "cyg_server" in the Windows domain

3] set a GPO in the domain, giving "cyg_server" these attributes:
. act as part of the operating system
. create a token object
. log on as a service
. replace a process level token
. deny access to this computer from the network
. deny log on through Remote Destop Services

4] Open Cygwin as "Administrator" and stop cygsshd to remove a complexity
layer, I want to run "sshd" by hand and see error logs.
cy adm> cygrunsrv.exe --stop cygsshd

5] Copy as administrator the ssh* files in /etc to a /home/cyg_server/myEtc/
and make 'cyg_server' the owner

6] Open a shell Cygwin with "Run as different user", the user is: 
'cyg_server'

7] In this new shell I run the command:
cy>  /usr/sbin/sshd.exe -ddd -f /home/cyg_server/myEtc/sshd_config

8] Move to another machine, a Linux, outside the domain and run a command
similar to what follows. 'domus' is the name of the machine running the 
cygwin sshd server,
it is in the windows domain called 'WINDOM'. 'nicola' is a Domain User 
in Windom.
$> ssh nicola@domus

The output I see from point [7] is:
----------
...
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user nicola service ssh-connection method 
publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user nicola querying public key 
rsa-sha2-512 
AAAAB3NzaC1yc2EAAAADAQABAAABAQCoEX3G1bjNTD17IoXtl3MQU/ImtuetRZpm60BL/GmpG2JvT3TfQH1lqoXR1jY2pdOYRdskN+KQk3ob+2E31xL7PUFd1/h6IIYzNceDS/lD/oeDMkWm4u54M1VBiIRqdSgXAc7Vce34yZTuuHOLk/ZE3ozgln0Asz98+cXA8gy+mohXY/0+Rkr0XHwhU1nRhTnG4sWqByeZ0zmD5m3wXyFfxq4ih3hf+sAarrGQk5IIpl3SYvMu5gvF3q/7s5Kx5brlxH7BnAob7NTPYyC6we1L/D+gsFkHjTffefU62TTjZy+7HC6FtppNadvi5aNJI6yuBg5XJbRgcytLqo9jv9QX 
[preauth]
debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA 
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x8000988e0
debug1: temporarily_use_uid: 1049679/1049089 (e=1049726/1049089)
seteuid 1049679: Operation not permitted
debug1: do_cleanup
debug1: Killing privsep child 804
----------

I tried several variations e.g. change the user logging in, change the 
OS of the
computer running the ssh call. Change permissions to the landing
home user directory. Change to put/delete the /etc/passwd, /etc/groups 
files.
=> Nothing. Always "seteuid" error.

I hope you can give me some advice.

Thanks in advance.

Nicola Mingotti