Hi All, Thanks for the suggestions. They look like exactly what we need as we will only require this for one user to run 3 commands. Two of them already work as intended, it's just the 3rd that seems to rely on this token.
I have run into problems though, and it's most likely my ignorance. Is there a document that explains the process of logging in as the user running the service? I have attempted to login using the sshd_server user, but this fails even after all the policies that deny it access in "Default Domain Controller Security Policy" are removed. These are: > "Deny Access to this Computer from the network" > "Deny logon locally" These ones I left alone and then removed them when the above two didn't give me results: > "Replace a process level token" > "Create a token object" This I figured was essential and never modified it. > "Log on as a service" I do understand some of this may compromise security, but at this stage I am not concerned as this will run in a trusted and firewalled environment. I also can't run the service as administrator. Any attempts to change this hang the service until the cygrunsrv process is killed. Any ideas on what I am doing wrong? The administrator service is allowed to log on as a service by default. What exactly is the prerequisite for logging into a cygwin sshd server on the user side? I have found that any new accounts I add to our active directory don't seem to appear in /etc/passwd? Should they? Also, it seems that only administrator accounts created prior to the cygwin install are allowed a login to the server. Is this normal? Thanks again for all your suggestions so far folks, Stuart -----Original Message----- From: Igor Pechtchanski [mailto:[EMAIL PROTECTED] Sent: Thursday, 5 May 2005 1:32 PM To: Stuart Westbury Cc: cygwin@cygwin.com Subject: RE: SSHD key based authentication hangs cscript On Thu, 5 May 2005, Stuart Westbury wrote: > Thanks for the prompt response Corinna. > > At least I now know. > > Can anybody suggest a way of doing this? Can the runas service be used > to gain a new token or will it suffer the same problem? I have attempted > to use it, but the results were unusual. It prompted me for a password > and just drops me back to the shell without the opportunity to even > enter one. > > On a similar note, can anyone who may have had this issue suggest any > alternative way to run remote commands on a windows box from linux with > some form of transparent authentication, or am I dreaming? :) Well, if you only ever log in as one user, you can run sshd as that particular user (maybe on a special port if you need a regular sshd daemon as well). That way, even if public key auth is used, the token will be valid. See the --user option to cygrunsrv. If you need multiple users to log in, you can try to get runas to prompt you for a password properly, but that may be tricky. Try playing with the "tty" value in the CYGWIN variable (see <http://cygwin.com/cygwin-ug-net/using-cygwinenv.html>). HTH, Igor > [snip] > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Corinna Vinschen > Sent: Wednesday, 4 May 2005 7:03 PM > To: [EMAIL PROTECTED] > Subject: Re: SSHD key based authentication hangs cscript Oh, and <http://cygwin.com/acronyms/#PCYMTNQREAIYR>. Thanks. > On May 4 11:15, Stuart Westbury wrote: > > "There are actually two problems here: 1) a problem with CygWin/OpenSSH > > (after public key authentication GetUserName() returns incorrect > > value)..........." > > > > Is this my problem? > > No, that's our problem. There's nothing we can do about it, I'm sorry. > [snip] -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ [EMAIL PROTECTED] ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "The Sun will pass between the Earth and the Moon tonight for a total Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
