[Chuck? This affects csih and tcp_wrappers] On Nov 8 07:44, Herb Maeder wrote: > Running sshd (openssh 5.1p1-d57 or 5.1p1-7) on cygwin-1.7 and vista > results in the following error: > > % ssh localhost pwd > [EMAIL PROTECTED]'s password: > initgroups: Permission denied > > I think this should be easily reproducible with a fresh installation of > just cygwin 1.7 base + openssh running on a generic vista confiuration > with UAC enabled. > > Can anyone confirm this? If it is specific to my setup, I'll dig deeper > and provide more information.
I can't reproduce this. A permission denied in initgroups point to insufficient privileges of the account running sshd. Are you running sshd with a local cyg_server account but trying to login with a domain account? Maybe there's a permission problem. > For more details on reproducing this see this message (specifically item 7): > > http://www.cygwin.com/ml/cygwin/2008-10/msg00370.html > > BTW, the following issues in that message also still exist in the 5.1p1-7 > release. But they can be worked around more easily. Concerning the above mail, 1. Yes, ssh-host-config has to be run elevated, as with all applications requiring actual admin privileges. There's no way to elevate a child process running in the same console window. Microsoft tweaked the ShellExecute() call in shell32.dll heavily to allow the UAC stuff, but neglected to allow applications using the CreateProcess() call to do the same. ShellExecute is not an option to use in Cygwin processes. 2. That's fixed. > 3. "ssh-host-config -y" still prompts for user input > 4. Missing warning if cyg_server exists in /etc/passwd but not in SAM > 6. error in setting cyg_server passwd expiry These are csih issues. Charles? Can you have a look into that? > 5. "ssh localhost pwd" gives 'ssh_exchange_identification' error (only if > tcp_wrapper package is installed) Confirmed. Have a look into the event viewer. You'll find a error entry for sshd along the lines of "/etc/hosts.allow, line x: host name/address mismatch: 127.0.0.1 != yourmachine.domain.toplevel. This is, AFAIK, a result of the PARANOID setting in ALL : PARANOID : deny Charles? This is your package. Would it make sense to remove the PARANOID setting from the default file or to turn around the order of the two default rules? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
