Hello, I have cygwin running on a windows 2000 server, which is also a PDC. I setup sshd in cygwin and I've been using it for some time to login as administrator, both using the password and using public-key auth, and it has been working great. I now need to have a regular user (a member of the Domain User group) login using ssh. I'll call this user "user1". I created the user in active directory, and synced cygwin's passwd file with "mkpasswd -d > /etc/passwd". However, this does not allow me to login over ssh as my new user, using the password I set.
I try to ssh to the server as the user and I enter the password when I am prompted by ssh, but it does not accept it; I get "Permission denied, please try again.". I checked the windows event log, and it says: "...sshd: PID:2588: Failed password for user1 from 10.0.0.2...". If I upload my public key to ~user1/.ssh/authorized_keys, I can login. I understand that is because ssh pub-key auth bypasses windows auth altogether. Unfortunately, I cannot use pub-key auth for this particular user. The only way I've found to make password-auth work, is to add the user to the Administrators group. As soon as I do that, I can successfully ssh to the server and succesfully login with the "user1" user and its password. Then as soon as I remove the user from the Administrators group, I can no longer login over ssh. Actually I've found that adding this user to one of a variety of elevated-privledge groups will allow him to login. Making the user a member of any one of: "Server Operators", "Backup Operators", or "Domain Admin" will allow the user to login over ssh with his password. The problem is this user cannot have special permissions; he needs to be a standard user/ Domain User. I tried making him a member of the local Users group, but that had no effect. From the research I've done so far, I haven't found any good reason why this shouldn't work. There should be a way to allow this user to login with his password without him needing elevated privledges, yes? Can someone please point me in the right direction? Thanks, RP -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
