Hi!
I've got back and tried to set up sshd again.
Now it tricks me in other way. It fails on seteuid() when I try to connect
with a domain user.
"""
$ /usr/sbin/sshd.exe -dd
...
debug1: userauth-request for user domain_user service ssh-connection method
publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 11135/10513 (e=1003/513)
seteuid 11135: Permission denied
debug1: do_cleanup
debug1: do_cleanup
"""
I've tried to login with a local user. It seems it seteuid() works with
local user. But then it claims again that chown() on tty fails:
"""
debug1: userauth-request for user local_user service ssh-connection method pass
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method password
Accepted password for local_user from ::1 port 63997 ssh2
debug1: monitor_child_preauth: local_user has been authenticated by
privileged s
debug2: mac_setup: found hmac-md5
debug2: mac_setup: found hmac-md5
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessi...@openssh.com want_re
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty3
chown(/dev/tty3, 1001, 513) failed: Bad file descriptor
debug1: do_cleanup
debug1: session_pty_cleanup: session 0 release /dev/tty3
"""
Should I try to run sshd service with a domain user for privilege
separation? Currently it is local, one of administrators group.
Both local_user and domain_user are administrators too. Does it matter?
>> Today I tried login to sshd running as windows service. ssh client
told: """
>> user@localhost's password:
>> Last login: Mon Aug 8 19:21:03 2011 from ::1
>> /bin/bash: Permission denied
>> Connection to localhost closed.
>>
>> However, /bin/bash exists and the user is able to run it and the privilege
>> separation account as well.
>
> This doesn't really mean that /bin/bash is inaccessible. It means that bash
> found something else inaccessible when running.
I also checked all the paths I can guess. They are accessible by privilege
separation user and by both local_user and domain_user.
The previous time I was trying only a domain user.
Thank you for your help, Larry!
--
Regards,
Alexey.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
