On 10 Nov 2008 15:48:15 +0100, Corinna Vinschen wrote: > On Nov 8 07:44, Herb Maeder wrote: > > Running sshd (openssh 5.1p1-d57 or 5.1p1-7) on cygwin-1.7 and vista > > results in the following error: > > > > % ssh localhost pwd > > [EMAIL PROTECTED]'s password: > > initgroups: Permission denied > > > > I think this should be easily reproducible with a fresh installation of > > just cygwin 1.7 base + openssh running on a generic vista confiuration > > with UAC enabled. > > > > Can anyone confirm this? If it is specific to my setup, I'll dig deeper > > and provide more information. > > I can't reproduce this. A permission denied in initgroups point to > insufficient privileges of the account running sshd. Are you running > sshd with a local cyg_server account but trying to login with a domain > account? Maybe there's a permission problem.
You are correct. I was indeed running sshd with a local cyg_server, but logging in with a domain account. I tried firing up sshd as me, and I was able to log in successfully. Thanks for pointing me in the right direction. I think this means that "ssh-host-config -y" followed by "cygrunsrv --start sshd" no longer works for setting up sshd for domain users on vista (though it still does on XP). What should be the recommended procedure for setting up sshd on Vista + cygwin-1.7? Am I correct in assuming that you would need to have access to an account with Domain Administrator privileges in order to allow multiple domain users to ssh into a 1.7 vista machine? And if you don't have access to such an account, the best you can do is fire up sshd as yourself (or perhaps one sshd per user on different ports)? I'm guessing that will allow you and local users to ssh in (assuming your domain account has local administrator access). Looking ahead, I suspect that this combo (sshd + 1.7 + vista + domain user) will be pretty common. Is there a plan for steering users in the right direction during the setup of sshd, or maybe giving a more descriptive error message? > 1. Yes, ssh-host-config has to be run elevated, as with all applications > requiring actual admin privileges. There's no way to elevate a child > process running in the same console window. Microsoft tweaked the > ShellExecute() call in shell32.dll heavily to allow the UAC stuff, > but neglected to allow applications using the CreateProcess() call to > do the same. ShellExecute is not an option to use in Cygwin processes. Bum deal. But thanks for the explanation. That clarifies what I was seeing. Herb. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
