[1.7.1] ssh key auth (pubkey) problem

2010-02-10 Thread Julius Davies 
Hi,


I've read the mailing lists and I know you guys don't think this is a
bug, but I wish you'd reconsider.  I don't really care that "we did
things incorrectly in Cygwin 1.5 and it worked when it shouldn't have"
because:

1.  I don't want my little SCP accounts to be local Administrators!
This is going to get flagged in any security audit.

2.  There is no way I will ever get "Admin" on the domain for the sshd
account.  It's a big domain.  Over 5,000 staff.  I own this one
machine.  That's it.


Windows 2003 Server, Standard Edition, SP2.  I believe Cygwin recently
upgraded itself from 1.5 to 1.7.  Cygcheck.out attached.


1.  I run 'groups' command remotely over ssh.  I'm asked for my password.
-
$ ssh  jul...@1.2.3.4  groups
jul...@1.2.3.4's password:
None Users


2.  I scp my public key.
-
$ scp authorized_keys  jul...@1.2.3.4:~/.ssh/
jul...@1.2.3.4's password:
authorized_keys


3.  I run 'groups' command remotely.  Now it fails.
-
$ ssh  jul...@1.2.3.4groups
 58 [main] sshd 512 C:\cygwin\usr\sbin\sshd.exe: *** fatal error -
could not load user32, Win32 error 1114


4.  I scp my public key again for fun.  It also fails.
-
$ scp authorized_keys  jul...@1.2.3.4:~/.ssh/
105 [main] sshd 5012 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- could not load user32, Win32 error 1114
lost connection


5.   But I can ssh and then type 'groups'.  Hmm.
-
$ ssh  jul...@1.2.3.4
Last login: Wed Feb 10 14:41:32 2010 from flower
jul...@1.2.3.4 ~
$ groups
None Users

jul...@1.2.3.4 ~
$ exit
logout
Connection to 1.2.3.4 closed.


6.  If I add myself to the local "Administrators" group things work.
-
$ ssh  jul...@1.2.3.4groups
None Administrators Users

$ scp authorized_keys  jul...@1.2.3.4:~/.ssh/
authorized_keys


7.  If I remove myself from local "Administrators" group...
-
$ ssh  jul...@1.2.3.4    groups
 26 [main] sshd 3384 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- could not load



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/logging.html


cygcheck.out
Description: Binary data
--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: [1.7.1] ssh key auth (pubkey) problem

2010-02-10 Thread Julius Davies 
>>
>> I've read the mailing lists and I know you guys don't think this is a
>> bug, but I wish you'd reconsider.
>
> If you're going to reference something in your posting, it makes sense
> to actually provide a pointer to the threads you're referring to.
>

This was the most useful thread (closest to my problem), especially
Corinna Vinschen's answers:

http://www.mail-archive.com/cygwin@cygwin.com/msg104485.html


> As for your issue, are you running cyglsa?
>

No.  Is it stable?


> --
> Larry Hall                              http://www.rfk.com
> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> 216 Dalton Rd.                          (508) 893-9889 - FAX
> Holliston, MA 01746
>
> _
>
> A: Yes.
>> Q: Are you sure?
>>> A: Because it reverses the logical flow of conversation.
>>>> Q: Why is top posting annoying in email?
>



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/logging.html

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple