Re: 1.7.1: problem with public key authentication on domain accounts

2010-01-06 Thread Andrew Ng
Larry Hall (Cygwin  cygwin.com> writes:

> 
> On 01/04/2010 06:18 PM, Thomas Nisbach wrote:
> > Bob Burger  gmail.com>  writes:
> >
> >>
> >> When I try to login to my cygwin 1.7.1 system using ssh and public key
> >> authentication to my domain account, I get the error:
> >>3 [main] sshd 3128 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
> >> - could not load ws2_32, Win32 error 126
> >>
> > For me I discovered that the problem seems to be in 'cygrunsrv' wrapping.
> > If I stop the service (cygrunsrv -E sshd) and start the sshd on the command
> > line (/usr/sbin/sshd) as administrative user, anything works fine.
> >
> > Any ideas?
> 
> Are you using LSA?  Have you read the security sections of the Users Guide?
> 
> 
> > PS: I stopped Google Desktop (known as application from BLODA list), but 
> > this
> > was not the problem.
> 
> BLODA is often not removed from having an effect without uninstalling the
> offending package.  I can't say whether that's a requirement for Google
> Desktop however.
> 

I've also been seeing problems with sshd (and inetd) since upgrading to 1.7.1.
>From my investigations it does look to be something to do with launching via
cygrunsrv. If I manually start sshd then everything seems to work fine.

The one key thing that I've noticed is that some of the security privileges for
the special user used to launch sshd via cygrunsrv don't appear to be available
to sshd which I'm guessing is then causing problems with setuid.

Could it be some kind of process create/fork security privilege inheritance
problem?



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: 1.7.1: problem with public key authentication on domain accounts

2010-01-14 Thread Andrew Ng
Corinna Vinschen  cygwin.com> writes:

> 
> On Jan  5 11:39, Bob Burger wrote:
> > | Sonic Solutions burning software containing DLA component
> > | Detected: Named process.
> > 
> > I uninstalled this component, but the problem remains.
> 
> Nevertheless, the problem must be some other BLODA.  I have sshd running
> on every OS since NT4 and I have no trouble running it.  and logging in
> to any admin or non-admin account.  If it's really a Cygwin bug, it's
> quite non-deterministic since logging in via the normal old-style
> public/private key pair works fine for me.  
> 
> [...time passes...]
> 
> Did you regenerate /etc/passwd and especially /etc/group so that all
> usual local and domain groups are included?  Maybe the generated user
> token does not contain the necessary groups to access ws2_32.dll under
> some circumstances.
> 
> Corinna
> 

I've at last managed to get sshd working again via cygrunsrv (like it was before
upgrading to 1.7.1). However, what I've done seems to be more a workaround
rather than a fix. And I can't remember if I had to do something similar even
for the previous version.

What I did was to change the group of my domain user to be "Administrators" in
"/etc/passwd" rather than the domain group. This stops the following error from
occurring every time I try to ssh to my machine as my domain user: -

  1 [main] -tcsh 13776 C:\Cygwin\bin\tcsh.exe: *** fatal error - couldn't
dynamically determine load address for 'WSAGetLastError' (handle 0x),
Win32 error 126

In fact making the group "Users" also works fine, just not the domain group.
Using the domain group seems to result in no file access permissions to the
system libraries and hence the error above when starting the "tcsh" shell.

This isn't ideal as I would really prefer to be using the domain group but it's
better than having to start sshd manually which was my previous workaround. By
the way I'm running on Windows XP Pro x64 SP2.

Andrew


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: 1.7.1: problem with public key authentication on domain accounts

2010-01-15 Thread Andrew Ng
Corinna Vinschen  cygwin.com> writes:
> 
> On Jan 14 17:32, Andrew Ng wrote:
> > What I did was to change the group of my domain user to be "Administrators"
> > in
> > "/etc/passwd" rather than the domain group. This stops the following error
> > from
> > occurring every time I try to ssh to my machine as my domain user: -
> > 
> >   1 [main] -tcsh 13776 C:\Cygwin\bin\tcsh.exe: *** fatal error - 
> > couldn't
> > dynamically determine load address for 'WSAGetLastError' (handle 
> > 0x),
> > Win32 error 126
> > 
> > In fact making the group "Users" also works fine, just not the domain group.
> > Using the domain group seems to result in no file access permissions to the
> > system libraries and hence the error above when starting the "tcsh" shell.
> > 
> > This isn't ideal as I would really prefer to be using the domain group but
> > it's
> > better than having to start sshd manually which was my previous workaround. 
> > By
> > the way I'm running on Windows XP Pro x64 SP2.
> 
> http://cygwin.com/ml/cygwin/2010-01/msg00334.html
> 
> Corinna
> 

Thanks for the link. That does explain what's going on in this situation. I
think your suggestion of adding the local BUILTIN\Users group would be nice.
I'm not too sure our IT will be too keen on adding a domain user for Cygwin
sshd purposes.

Regards,

Andrew


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: OpenSSH-5.8p1-1 Connection Problems

2011-02-12 Thread Andrew Ng
> As usual the logs only show what happens, but they don't show why.
> 
> I installed OpenSSH-5.8p1 on Windows 7 64 bit.  I tried to connect from
> 32 and 64 bit Cygwin machines using ssh 5.8p1 and I tried it from a
> Linux machine with ssh 5.5p1.  No problems at all.  I removed the ECDSA
> host key to get the same "Can't load host key" message... still no
> problems at all.
> 
> What about deleting and reinstalling sshd as a service?  Maybe that
> helps.  
> 
>   $ cygrunsrv -E sshd
>   $ cygrunsrv -R sshd
>   $ cd /etc
>   $ mkdir OLD-KEYS
>   $ mv ssh_host* OLD-KEYS
>   $ rmdir /var/empty
>   $ rm -f /var/log/sshd.log
>   $ ssh-host-config
>   $ mv OLD-KEYS/* .
>   $ chown cyg_server ssh_host*
>   $ cygrunsrv -S sshd
> 
> Corinna

Unfortunately, that isn't really going to help with my connection problems to
Solaris systems which also work fine with 5.6. I am connecting through VPN using
Juniper Networks Network Connect. I wonder if that's what might be causing
issues for 5.8. But I guess it really shouldn't make any difference.

I will try to investigate a bit further.

Thanks.

Andrew



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Repeated input in PTY with SSH when a native process runs a Cygwin process that consumes input

2020-05-30 Thread Andrew Ng via Cygwin
Hi,

There appears to be an issue with repeated input in PTY (with pcon enabled)
when using SSH. If I run MinGW git from the bash shell via ssh, and git
then executes Cygwin less, e.g. for git log, then any input to less is
repeated as input after git exits. So typically, you will end up with some
number of space characters and 'q' in your terminal.

I have also seen this same behaviour in MSYS2 with pcon enabled.

Both Cygwin and MSYS2 are running 3.1.4.

Thank you,
Andrew Ng
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple


Re: Repeated input in PTY with SSH when a native process runs a Cygwin process that consumes input

2020-05-31 Thread Andrew Ng via Cygwin
Hi Takashi,

> The developers snapshot, in which the issue has been fixed,
> is ready. Could you please test?

Thanks for the fast response.

I have tested the snapshot and can confirm that it fixes the issue. I
have also applied the same fix to MSYS2 and confirmed the issue is
fixed there too.

I did take a look at the code when I came across this issue and I
noticed a few things that looked a bit odd. I noticed that the
following functions appear to make use of rabuf () without
consideration for raixget ():

  fhandler_termios::eat_readahead
  fhandler_pty_master::accept_input
  fhandler_pty_master::transfer_input_to_pcon

Also fhandler_pty_slave::eat_readahead does 'eols' processing without
any guard on is_line_input (), which seems to differ from the code
pattern seen elsewhere.

I don't know if these are important, but thought I should mention
them, just in case.

Thanks,
Andrew
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple


Long lines output by a native process in the PTY have new lines at the wrap point in the terminal

2020-06-29 Thread Andrew Ng via Cygwin
Hi,

If you run a native process in bash using mintty that outputs lines
longer than the width of the terminal, these lines become "split" with
a new line at the wrap point. This can make copying the output
somewhat tricky, especially if the output is a command line you want
to copy, paste and run.

Can be reproduced using GnuWin32 'echo' or a native version of Python
using print.

I am running Cygwin 3.1.5 and mintty 3.2.0.

Thank you,
Andrew Ng
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple