Hi. I've set up cygwin's sshd on a couple of boxes and it's working fine. All boxes are using local password database to authenticate users. Today I installed sshd on a 2000 server that is a member server in an active directory. I followed all the same steps as I did when I installed and successfully ran sshd on the other boxes. I'm running sshd under the system account. I've run ssh -host-config and ssh-user-config for the 'fztm49' user I am trying to connect as. I've done mkpasswd -l > /etc/passwd and mkgroup -l > /etc/group.
Here's a copy of my sshd.conf file " # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 HostKey /etc/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh_host_rsa_key HostKey /etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server ke KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running # NT/W2K, NTFS and CYGWIN=ntsec. StrictModes yes RSAAuthentication no PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no X11Forwarding no X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/sbin/sftp-server " Here's a log from cygwin's bash prompt connecting to the server on localhost. " $ /usr/bin/ssh -l fztm49 -v localhost OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1008 geteuid 1008 anon 1 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: temporarily_use_uid: 1008/513 (e=1008) debug1: restore_uid debug1: temporarily_use_uid: 1008/513 (e=1008) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/fztm49/.ssh/identity type -1 debug1: identity file /home/fztm49/.ssh/id_rsa type 1 debug1: identity file /home/fztm49/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1 debug1: match: OpenSSH_3.1p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none fztm49@ADLEDSU03 /usr/biner aes128-cbc hmac-md5 none $ bug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 128/256 debug1: bits set: 1661/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 35:18:98:8e:a2:78:01:2f:8f:15:85:9f:14:1b:f3:40. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. debug1: bits set: 1557/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug1: next auth method to try is publickey debug1: try privkey: /home/fztm49/.ssh/identity debug1: try pubkey: /home/fztm49/.ssh/id_rsa debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug1: try pubkey: /home/fztm49/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug1: next auth method to try is keyboard-interactive debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug1: next auth method to try is password fztm49@localhost's password: debug1: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64) debug1: authentications that can continue: publickey,password,keyboard-interacti ve Permission denied, please try again. fztm49@localhost's password: debug1: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64) debug1: authentications that can continue: publickey,password,keyboard-interacti ve Permission denied, please try again. fztm49@localhost's password: " I've even added new local users and then run ssh-user-config for these users and tried to log in as them Still no luck. Ever time I get "permission denied, please try again." Can someone see what I'm doing wrong here? Thanks. http://www.sold.com.au - SOLD.com.au Auctions - 1,000s of Bargains! -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
