Re: cygwin 3.0.1-1 breaks my sshd install
Upd: the trick with pre-logging in by other means does not work: $ /usr/bin/editrights -u git -l SeBatchLogonRight I've created the wake-s4u scheduled job following the instructions from the ml thread: "sshd problem on WS2008R2 64bit" cmd.exe is running as that user, but seteuid still fails. Of course, the whole problem applies to the public key auth. Logging in with password works for both domain and local. 15.09.2019 9:12, Basin Ilya пишет: > Hi. > The problem is still there. > With the latest cygwin1.dll you can't have both domain and local users > working. cyg_server only allows local users and Local System only allows > domain users. > Downgrading cygwin1.dll to 2x is the only thing that actually works. (have to > downgrade sshd.exe too, because of missing symbols) > > Running Wow64 Cygwin on Windows 7. See attached cygcheck.out > > > 21.02.2019 0:49, Houder пишет: >> On Wed, 20 Feb 2019 21:27:22, Andy Moreton wrote: >> >>> I've seen a similar failure, on a domain-joined Windows 10 box running >>> cygsshd using a local cyg_server user account. I've fixed it by: >>> 1) Open the "Computer Management" app >>>Select "Services and Applications", then "Services", and >>>choose the cygsshd service from the list. >>> 2) Stop the service >>> 3) Select the "Log On" tab, choose "Local System Account" and click OK. >>> 4) Restart the service. >>> >>> This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" >>> to "LocalSystem". >> >> 64-@@ uname -a >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin >> >> First I replaced cygwin1.dll again w/ the last version, as you can see ... >> >> Then I carried out you instruction ... >> >> To my surprise it did the trick! Thank you! >> >> Perhaps Corinna can give a hint of why the modification made the difference. >> >> Henri >> >> -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
Changing the sshd service to run as localsystem rather than cyg_server allows me to again ssh into the machine. Thanks for everyone on this mailing list - I spent hours trying to figure this out - and because the list doesn't seem to get indexed by google, the web searches I was doing were of no help. Looking forward to a newer version of openssh... On Sat, Feb 23, 2019 at 1:20 PM Cary Lewis wrote: > I’m seeing a similar issue. Will try using localsystem. > > > On Feb 21, 2019, at 6:43 AM, Houder wrote: > > > >> On Thu, 21 Feb 2019 11:09:11, Corinna Vinschen wrote: > >> > >> I managed it today already but I'm somewhat stumped. > >> > >> I ran ssh-host-config and let the script install a new local account > >> "test_server" to use for the sshd service. I started the service and > >> tried to login with a local account and it just worked out of the box. > > > > This is my case: using local accounts only. > > > > Reminder: sshd did work w/ 2.11.2 ... > > (and it works now in 3.0.1 after replacing cyg_server w/ SYSTEM (*) ) > > > > Way back I started using cyg_server because "csih" forced me to create > > this privileged account (W7!). > > > > I studied "csih" (cygwin-service-installation-helper.sh) again ... > > > > 64-@@# editrights -u cyg_server -l > > SeAssignPrimaryTokenPrivilege > > SeCreateTokenPrivilege > > SeServiceLogonRight > > SeDenyInteractiveLogonRight > > SeDenyRemoteInteractiveLogonRight > > > > Compared to "csih", the SeTcbPrivilege privilege was missing. I am not > > in the habit of messing with privileges ... > > > > Consequently, like you, I am stumped too :-) > > > > (*) after "moving" the sshd service from cyg_server to SYSTEM, I also > > changed the ownership of /var/empty and /etc/ssh* (to SYSTEM) ... > > > > Next, I disabled the cyg_server and sshd accounts. ssh still works. > > > > Henri > > > > > > -- > > Problem reports: http://cygwin.com/problems.html > > FAQ: http://cygwin.com/faq/ > > Documentation: http://cygwin.com/docs.html > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
I’m seeing a similar issue. Will try using localsystem. > On Feb 21, 2019, at 6:43 AM, Houder wrote: > >> On Thu, 21 Feb 2019 11:09:11, Corinna Vinschen wrote: >> >> I managed it today already but I'm somewhat stumped. >> >> I ran ssh-host-config and let the script install a new local account >> "test_server" to use for the sshd service. I started the service and >> tried to login with a local account and it just worked out of the box. > > This is my case: using local accounts only. > > Reminder: sshd did work w/ 2.11.2 ... > (and it works now in 3.0.1 after replacing cyg_server w/ SYSTEM (*) ) > > Way back I started using cyg_server because "csih" forced me to create > this privileged account (W7!). > > I studied "csih" (cygwin-service-installation-helper.sh) again ... > > 64-@@# editrights -u cyg_server -l > SeAssignPrimaryTokenPrivilege > SeCreateTokenPrivilege > SeServiceLogonRight > SeDenyInteractiveLogonRight > SeDenyRemoteInteractiveLogonRight > > Compared to "csih", the SeTcbPrivilege privilege was missing. I am not > in the habit of messing with privileges ... > > Consequently, like you, I am stumped too :-) > > (*) after "moving" the sshd service from cyg_server to SYSTEM, I also > changed the ownership of /var/empty and /etc/ssh* (to SYSTEM) ... > > Next, I disabled the cyg_server and sshd accounts. ssh still works. > > Henri > > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Thu, 21 Feb 2019 11:09:11, Corinna Vinschen wrote: > I managed it today already but I'm somewhat stumped. > > I ran ssh-host-config and let the script install a new local account > "test_server" to use for the sshd service. I started the service and > tried to login with a local account and it just worked out of the box. This is my case: using local accounts only. Reminder: sshd did work w/ 2.11.2 ... (and it works now in 3.0.1 after replacing cyg_server w/ SYSTEM (*) ) Way back I started using cyg_server because "csih" forced me to create this privileged account (W7!). I studied "csih" (cygwin-service-installation-helper.sh) again ... 64-@@# editrights -u cyg_server -l SeAssignPrimaryTokenPrivilege SeCreateTokenPrivilege SeServiceLogonRight SeDenyInteractiveLogonRight SeDenyRemoteInteractiveLogonRight Compared to "csih", the SeTcbPrivilege privilege was missing. I am not in the habit of messing with privileges ... Consequently, like you, I am stumped too :-) (*) after "moving" the sshd service from cyg_server to SYSTEM, I also changed the ownership of /var/empty and /etc/ssh* (to SYSTEM) ... Next, I disabled the cyg_server and sshd accounts. ssh still works. Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 23:43, Corinna Vinschen wrote: > On Feb 20 23:36, Corinna Vinschen wrote: > > On Feb 20 22:49, Houder wrote: > > > On Wed, 20 Feb 2019 21:27:22, Andy Moreton wrote: > > > > > > > I've seen a similar failure, on a domain-joined Windows 10 box running > > > > cygsshd using a local cyg_server user account. I've fixed it by: > > > > 1) Open the "Computer Management" app > > > >Select "Services and Applications", then "Services", and > > > >choose the cygsshd service from the list. > > > > 2) Stop the service > > > > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > > > > 4) Restart the service. > > > > > > > > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > > > > to "LocalSystem". > > > > > > 64-@@ uname -a > > > CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > > > > > > First I replaced cygwin1.dll again w/ the last version, as you can see ... > > > > > > Then I carried out you instruction ... > > > > > > To my surprise it did the trick! Thank you! > > > > > > Perhaps Corinna can give a hint of why the modification made the > > > difference. > > > > Actually, I can't. I'm surprised, too, because it still runs > > fine for me under the cyg_server account. > > Actually, maybe I can. On second thought there's a quite high > probability that my AD cyg_server account I'm using for 10 years > or longer, has not the same privileges as a cyg_server account > created via ssh-host-config script. May it works for me because > of these extra permissions the account got during years of playing > around with it. > > I guess I have to crate another, local cyg_server account via > ssh-host-config and try the same with that account. > > Not having much time tomorrow, but at least on Friday I should > be able to test this. I managed it today already but I'm somewhat stumped. I ran ssh-host-config and let the script install a new local account "test_server" to use for the sshd service. I started the service and tried to login with a local account and it just worked out of the box. However, when I tried to logon with a domain account, S4U failed since the local account didn't have enough permissions or so. The call to LsaLogonUser failed with STATUS_NOT_SUPPORTED. So with S4U sshd needs to run under SYSTEM or a privileged domain account to allow domain accounts to login. But from my POV S4U is the way to go. I'm still a bit proud that I managed to figure the "Create user token from scratch" method out back in 2001, but I think it's really outdated now and should not be used anymore. I'd hate having to enable it again generally. Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 23:38:17, Corinna Vinschen wrote: > On Feb 20 23:25, Houder wrote: > > As a final step I rebooted my system (W7, 64 bits, Uising 64-bits Cygwin). > > > > I can still connect to the localhost w/ ssh ... > > > > But I cannot start and stop the "sshd service" using cygrunsrv. > > > > 64-@@ cygrunsrv -E sshd > > cygrunsrv: Error stopping a service: OpenService: Win32 error 5: > > Access is denied. > > > > 64-@@ cygrunsrv -S sshd > > cygrunsrv: Error starting a service: OpenService: Win32 error 5: > > Access is denied. > > > > I have to use the "services applet" from Windows in order to start and > > stop the service. > > Elevated shell? Nope. So I tried an elevated shell ... and surprise, it worked! (both start and stop). But, I really cannot remember that I ever used an elevated shell before to start and stop the service ... (yes, now I know). Thank you, Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 14:31, scow...@ckhb.org wrote: > > On Wed, 20 Feb 2019, Houder wrote: > > On Wed, 20 Feb 2019 22:41:08, Corinna Vinschen wrote: > > > > > On Feb 20 22:35, Houder wrote: > > [snip] > > > > > > > > > > Perhaps I missed something in the last couple of month. Did I have > > > > to change > > > > something in the setup of openssh? > > > > > > I really don't know, this all works fine for me. Try switching the > > > account starting sshd from cyg_server to LocalSystem and change > > > ownership of all files /etc/ssh* to SYSTEM. > > > > I carried out Andy M.'s instruction and it worked (as I wrote). The > > files you mention above are still owned by cyg_server (and readable > > by group Adminstrators). > > > > Henri > > > i, too, made the switch to Local System startup for the sshd daemon. i also > changed ownership of the /etc/ssh* files to SYSTEM. now, ssh services, > under 3.0.1-1, are working as expected. I'm relieved to read that. > many thanks to henri and andy. and thank you. corinna, for your kind > marshalling of this group and cygwin. Thanks! Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 23:36, Corinna Vinschen wrote: > On Feb 20 22:49, Houder wrote: > > On Wed, 20 Feb 2019 21:27:22, Andy Moreton wrote: > > > > > I've seen a similar failure, on a domain-joined Windows 10 box running > > > cygsshd using a local cyg_server user account. I've fixed it by: > > > 1) Open the "Computer Management" app > > >Select "Services and Applications", then "Services", and > > >choose the cygsshd service from the list. > > > 2) Stop the service > > > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > > > 4) Restart the service. > > > > > > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > > > to "LocalSystem". > > > > 64-@@ uname -a > > CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > > > > First I replaced cygwin1.dll again w/ the last version, as you can see ... > > > > Then I carried out you instruction ... > > > > To my surprise it did the trick! Thank you! > > > > Perhaps Corinna can give a hint of why the modification made the difference. > > Actually, I can't. I'm surprised, too, because it still runs > fine for me under the cyg_server account. Actually, maybe I can. On second thought there's a quite high probability that my AD cyg_server account I'm using for 10 years or longer, has not the same privileges as a cyg_server account created via ssh-host-config script. May it works for me because of these extra permissions the account got during years of playing around with it. I guess I have to crate another, local cyg_server account via ssh-host-config and try the same with that account. Not having much time tomorrow, but at least on Friday I should be able to test this. Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 23:25, Houder wrote: > On Wed, 20 Feb 2019 23:01:01, Houder wrote: > > On Wed, 20 Feb 2019 22:41:08, Corinna Vinschen wrote: > > > > > On Feb 20 22:35, Houder wrote: > > [snip] > > > > > > > > > > Perhaps I missed something in the last couple of month. Did I have > > > > to change > > > > something in the setup of openssh? > > > > > > I really don't know, this all works fine for me. Try switching the > > > account starting sshd from cyg_server to LocalSystem and change > > > ownership of all files /etc/ssh* to SYSTEM. > > > > I carried out Andy M.'s instruction and it worked (as I wrote). The > > files you mention above are still owned by cyg_server (and readable > > by group Adminstrators). > > As a final step I rebooted my system (W7, 64 bits, Uising 64-bits Cygwin). > > I can still connect to the localhost w/ ssh ... > > But I cannot start and stop the "sshd service" using cygrunsrv. > > 64-@@ cygrunsrv -E sshd > cygrunsrv: Error stopping a service: OpenService: Win32 error 5: > Access is denied. > > 64-@@ cygrunsrv -S sshd > cygrunsrv: Error starting a service: OpenService: Win32 error 5: > Access is denied. > > I have to use the "services applet" from Windows in order to start and > stop the service. Elevated shell? Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 22:49, Houder wrote: > On Wed, 20 Feb 2019 21:27:22, Andy Moreton wrote: > > > I've seen a similar failure, on a domain-joined Windows 10 box running > > cygsshd using a local cyg_server user account. I've fixed it by: > > 1) Open the "Computer Management" app > >Select "Services and Applications", then "Services", and > >choose the cygsshd service from the list. > > 2) Stop the service > > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > > 4) Restart the service. > > > > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > > to "LocalSystem". > > 64-@@ uname -a > CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > > First I replaced cygwin1.dll again w/ the last version, as you can see ... > > Then I carried out you instruction ... > > To my surprise it did the trick! Thank you! > > Perhaps Corinna can give a hint of why the modification made the difference. Actually, I can't. I'm surprised, too, because it still runs fine for me under the cyg_server account. Puzzled, Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019, Houder wrote: On Wed, 20 Feb 2019 22:41:08, Corinna Vinschen wrote: On Feb 20 22:35, Houder wrote: [snip] Perhaps I missed something in the last couple of month. Did I have to change something in the setup of openssh? I really don't know, this all works fine for me. Try switching the account starting sshd from cyg_server to LocalSystem and change ownership of all files /etc/ssh* to SYSTEM. I carried out Andy M.'s instruction and it worked (as I wrote). The files you mention above are still owned by cyg_server (and readable by group Adminstrators). Henri i, too, made the switch to Local System startup for the sshd daemon. i also changed ownership of the /etc/ssh* files to SYSTEM. now, ssh services, under 3.0.1-1, are working as expected. many thanks to henri and andy. and thank you. corinna, for your kind marshalling of this group and cygwin. -- s. cowles scow...@ckhb.org Key fingerprint = A156 277B 875A D6E3 A00C 23D9 869E 72BE 1FD3 5B80 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 23:01:01, Houder wrote: > On Wed, 20 Feb 2019 22:41:08, Corinna Vinschen wrote: > > > On Feb 20 22:35, Houder wrote: > [snip] > > > > > > > Perhaps I missed something in the last couple of month. Did I have > > > to change > > > something in the setup of openssh? > > > > I really don't know, this all works fine for me. Try switching the > > account starting sshd from cyg_server to LocalSystem and change > > ownership of all files /etc/ssh* to SYSTEM. > > I carried out Andy M.'s instruction and it worked (as I wrote). The > files you mention above are still owned by cyg_server (and readable > by group Adminstrators). As a final step I rebooted my system (W7, 64 bits, Uising 64-bits Cygwin). I can still connect to the localhost w/ ssh ... But I cannot start and stop the "sshd service" using cygrunsrv. 64-@@ cygrunsrv -E sshd cygrunsrv: Error stopping a service: OpenService: Win32 error 5: Access is denied. 64-@@ cygrunsrv -S sshd cygrunsrv: Error starting a service: OpenService: Win32 error 5: Access is denied. I have to use the "services applet" from Windows in order to start and stop the service. Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019, Corinna Vinschen wrote: On Feb 20 21:27, Andy Moreton wrote: On Wed 20 Feb 2019, Corinna Vinschen wrote: On Feb 20 21:01, Houder wrote: On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: i can confirm the same behaviours on a 3.0.0 system. i've done several checks and have been unable to find the source of the problem. ssh -vvv shows that the connection proceeds all the way through the connection process, sends the appropriate key tokens, then the server abruptly closes the connection. all accounts on the system show the same results. my 2.11.1 system, with identical ssh[d]_config files has no such problems. on both systems, all relevant files and directories have correct owners and permissions. Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 Henri 64-@@ uname -a CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin 64-@@ tail /var/log/sshd.log Server listening on 0.0.0.0 port 222. seteuid 1004: Permission denied Sorry guys, but I can't reproduce this problem at all. I tested ssh login on Vista, W7 and W10 1809, in each case on 64 bit and under WOW64. On all systems I can login with domain as well as local accounts. For completeness sake I started sshd under SYSTEM as wel as under cyg_server account and every time it just worked. I've seen a similar failure, on a domain-joined Windows 10 box running cygsshd using a local cyg_server user account. I've fixed it by: 1) Open the "Computer Management" app Select "Services and Applications", then "Services", and choose the cygsshd service from the list. 2) Stop the service 3) Select the "Log On" tab, choose "Local System Account" and click OK. 4) Restart the service. This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" to "LocalSystem". That actually fixed it for you? I'm a bit surprised but at least that's a neat solution, given that the new way to switch the user context doesn't require the cyg_server account anymore. SYSTEM is the way to go in future. While talking about it, i have a couple of OpenSSH upstream patches in the loop: - Rename Cygwin's sshd service to "cygsshd" becasue Microsoft hijacked the "sshd" service name for their own sshd. - The ssh-host-config script will install the service under SYSTEM in future, unless you're trying to install under Windows 7 WOW64, which will still require the cyg_server account. - Allowing to login with case-insensitive usernames. This also enables case-insensitive user and group name matching in sshd_config "Match" rules. The first patch has been merged already, I'm still waiting for feedback on the other two patches... i am also at a loss. i am running local only, no domain. no ssh configs have been changed in the last 3 months. as soon as i downgrade from 3.0.1-1 to 2.11.1 and reboot, ssh is immediately functional, again. -- s. cowles scow...@ckhb.org Key fingerprint = A156 277B 875A D6E3 A00C 23D9 869E 72BE 1FD3 5B80 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 22:41:08, Corinna Vinschen wrote: > On Feb 20 22:35, Houder wrote: [snip] > > > > Perhaps I missed something in the last couple of month. Did I have > > to change > > something in the setup of openssh? > > I really don't know, this all works fine for me. Try switching the > account starting sshd from cyg_server to LocalSystem and change > ownership of all files /etc/ssh* to SYSTEM. I carried out Andy M.'s instruction and it worked (as I wrote). The files you mention above are still owned by cyg_server (and readable by group Adminstrators). Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 21:27:22, Andy Moreton wrote: > I've seen a similar failure, on a domain-joined Windows 10 box running > cygsshd using a local cyg_server user account. I've fixed it by: > 1) Open the "Computer Management" app >Select "Services and Applications", then "Services", and >choose the cygsshd service from the list. > 2) Stop the service > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > 4) Restart the service. > > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > to "LocalSystem". 64-@@ uname -a CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin First I replaced cygwin1.dll again w/ the last version, as you can see ... Then I carried out you instruction ... To my surprise it did the trick! Thank you! Perhaps Corinna can give a hint of why the modification made the difference. Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 22:35, Houder wrote: > On Wed, 20 Feb 2019 21:25:36, Corinna Vinschen wrote: > > > Sorry guys, but I can't reproduce this problem at all. I tested ssh > > login on Vista, W7 and W10 1809, in each case on 64 bit and under > > WOW64. On all systems I can login with domain as well as local > > accounts. > > Understood. > > > For completeness sake I started sshd under SYSTEM as wel as under > > cyg_server account and every time it just worked. > > Mine runs under cyg_server > > > The only reason for failing logins coming to mind is the case of > > the usernames. It must be written *exactly* as returned by > > `getent passwd'. I.e.: > > > > $ getent passwd | grep -i foo > > MACHINE+Foo:*:197608:197121:U-MACHINE\Foo,[...] > > Understood. And not the problem at my side. Also I am using local > accounts. > > Failure starts w/ cygwin1-20190126 ... 0124 works ... > > Your commits on 0126: > > 2019-01-26 Corinna VinschenCygwin: seteuid: use Kerberos/MsV1_0 > S4U authentication... > 2019-01-26 Corinna VinschenCygwin: uname: Raise size of utsname > fields and revamp... > 2019-01-26 Corinna VinschenCygwin: netdb.h: fix __GNU_VISIBLE > tests > 2019-01-26 Corinna VinschenCygwin: create_token: Return NULL, > not INVALID_HANDLE_... > 2019-01-26 Corinna VinschenCygwin: syscalls.cc: fix formatting > 2019-01-26 Corinna VinschenCygwin: lsaauth: Drop outdated test > for loading Secur32.dll > > Last commit: > > Cygwin: seteuid: use Kerberos/MsV1_0 S4U authentication by default > > - This simple and official method replaces cyglsa and "create token" > methods. No network share access, same as before. > > - lsaauth and create_token are disabled now. If problems crop up, > they can be easily reactivated. If no problems crop up, they > can be removed in a while, together with the lsaauth subdir. > > - Bump Cygwin version to 3.0. > > - > > Perhaps I missed something in the last couple of month. Did I have to change > something in the setup of openssh? I really don't know, this all works fine for me. Try switching the account starting sshd from cyg_server to LocalSystem and change ownership of all files /etc/ssh* to SYSTEM. Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 21:27, Andy Moreton wrote: > On Wed 20 Feb 2019, Corinna Vinschen wrote: > > > On Feb 20 21:01, Houder wrote: > >> On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: > >> > > >> > i can confirm the same behaviours on a 3.0.0 system. i've done > >> > several checks and have been unable to find the source of the > >> > problem. ssh -vvv shows that the connection proceeds all the way > >> > through the connection process, sends the appropriate key tokens, > >> > then the server abruptly closes the connection. all accounts on > >> > the system show the same results. > >> > > >> > my 2.11.1 system, with identical ssh[d]_config files has no such > >> > problems. > >> > > >> > on both systems, all relevant files and directories have correct > >> > owners and permissions. > >> > >> Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 > >> > >> Henri > >> > >> 64-@@ uname -a > >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > >> > >> 64-@@ tail /var/log/sshd.log > >> Server listening on 0.0.0.0 port 222. > >> seteuid 1004: Permission denied > > > > Sorry guys, but I can't reproduce this problem at all. I tested ssh > > login on Vista, W7 and W10 1809, in each case on 64 bit and under > > WOW64. On all systems I can login with domain as well as local > > accounts. > > > > For completeness sake I started sshd under SYSTEM as wel as under > > cyg_server account and every time it just worked. > > I've seen a similar failure, on a domain-joined Windows 10 box running > cygsshd using a local cyg_server user account. I've fixed it by: > 1) Open the "Computer Management" app >Select "Services and Applications", then "Services", and >choose the cygsshd service from the list. > 2) Stop the service > 3) Select the "Log On" tab, choose "Local System Account" and click OK. > 4) Restart the service. > > This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" > to "LocalSystem". That actually fixed it for you? I'm a bit surprised but at least that's a neat solution, given that the new way to switch the user context doesn't require the cyg_server account anymore. SYSTEM is the way to go in future. While talking about it, i have a couple of OpenSSH upstream patches in the loop: - Rename Cygwin's sshd service to "cygsshd" becasue Microsoft hijacked the "sshd" service name for their own sshd. - The ssh-host-config script will install the service under SYSTEM in future, unless you're trying to install under Windows 7 WOW64, which will still require the cyg_server account. - Allowing to login with case-insensitive usernames. This also enables case-insensitive user and group name matching in sshd_config "Match" rules. The first patch has been merged already, I'm still waiting for feedback on the other two patches... Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, Feb 20, 2019 at 1:25 PM Corinna Vinschen wrote: > Sorry guys, but I can't reproduce this problem at all. I tested ssh > login on Vista, W7 and W10 1809, in each case on 64 bit and under > WOW64. On all systems I can login with domain as well as local > accounts. > > For completeness sake I started sshd under SYSTEM as wel as under > cyg_server account and every time it just worked. > > The only reason for failing logins coming to mind is the case of > the usernames. It must be written *exactly* as returned by > `getent passwd'. I.e.: > > $ getent passwd | grep -i foo > MACHINE+Foo:*:197608:197121:U-MACHINE\Foo,[...] > > You have to login like this: > > $ ssh MACHINE+Foo > > This will not work: > > $ ssh machine+foo Same here. Can't reproduce either. Works fine for me. Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 21:25:36, Corinna Vinschen wrote: > Sorry guys, but I can't reproduce this problem at all. I tested ssh > login on Vista, W7 and W10 1809, in each case on 64 bit and under > WOW64. On all systems I can login with domain as well as local > accounts. Understood. > For completeness sake I started sshd under SYSTEM as wel as under > cyg_server account and every time it just worked. Mine runs under cyg_server > The only reason for failing logins coming to mind is the case of > the usernames. It must be written *exactly* as returned by > `getent passwd'. I.e.: > > $ getent passwd | grep -i foo > MACHINE+Foo:*:197608:197121:U-MACHINE\Foo,[...] Understood. And not the problem at my side. Also I am using local accounts. Failure starts w/ cygwin1-20190126 ... 0124 works ... Your commits on 0126: 2019-01-26 Corinna VinschenCygwin: seteuid: use Kerberos/MsV1_0 S4U authentication... 2019-01-26 Corinna VinschenCygwin: uname: Raise size of utsname fields and revamp... 2019-01-26 Corinna VinschenCygwin: netdb.h: fix __GNU_VISIBLE tests 2019-01-26 Corinna VinschenCygwin: create_token: Return NULL, not INVALID_HANDLE_... 2019-01-26 Corinna VinschenCygwin: syscalls.cc: fix formatting 2019-01-26 Corinna VinschenCygwin: lsaauth: Drop outdated test for loading Secur32.dll Last commit: Cygwin: seteuid: use Kerberos/MsV1_0 S4U authentication by default - This simple and official method replaces cyglsa and "create token" methods. No network share access, same as before. - lsaauth and create_token are disabled now. If problems crop up, they can be easily reactivated. If no problems crop up, they can be removed in a while, together with the lsaauth subdir. - Bump Cygwin version to 3.0. - Perhaps I missed something in the last couple of month. Did I have to change something in the setup of openssh? Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed 20 Feb 2019, Corinna Vinschen wrote: > On Feb 20 21:01, Houder wrote: >> On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: >> > >> > i can confirm the same behaviours on a 3.0.0 system. i've done several >> > checks >> > and have been unable to find the source of the problem. ssh -vvv shows >> > that the >> > connection proceeds all the way through the connection process, sends the >> > appropriate key tokens, then the server abruptly closes the connection. >> > all >> > accounts on the system show the same results. >> > >> > my 2.11.1 system, with identical ssh[d]_config files has no such problems. >> > >> > on both systems, all relevant files and directories have correct owners >> > and >> > permissions. >> >> Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 >> >> Henri >> >> 64-@@ uname -a >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin >> >> 64-@@ tail /var/log/sshd.log >> Server listening on 0.0.0.0 port 222. >> seteuid 1004: Permission denied > > Sorry guys, but I can't reproduce this problem at all. I tested ssh > login on Vista, W7 and W10 1809, in each case on 64 bit and under > WOW64. On all systems I can login with domain as well as local > accounts. > > For completeness sake I started sshd under SYSTEM as wel as under > cyg_server account and every time it just worked. I've seen a similar failure, on a domain-joined Windows 10 box running cygsshd using a local cyg_server user account. I've fixed it by: 1) Open the "Computer Management" app Select "Services and Applications", then "Services", and choose the cygsshd service from the list. 2) Stop the service 3) Select the "Log On" tab, choose "Local System Account" and click OK. 4) Restart the service. This changed the account reported by "cygrunsrv -VQ" from "./cyg_server" to "LocalSystem". AndyM -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Feb 20 21:01, Houder wrote: > On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: > > > > i can confirm the same behaviours on a 3.0.0 system. i've done several > > checks > > and have been unable to find the source of the problem. ssh -vvv shows > > that the > > connection proceeds all the way through the connection process, sends the > > appropriate key tokens, then the server abruptly closes the connection. all > > accounts on the system show the same results. > > > > my 2.11.1 system, with identical ssh[d]_config files has no such problems. > > > > on both systems, all relevant files and directories have correct owners and > > permissions. > > Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 > > Henri > > 64-@@ uname -a > CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin > > 64-@@ tail /var/log/sshd.log > Server listening on 0.0.0.0 port 222. > seteuid 1004: Permission denied Sorry guys, but I can't reproduce this problem at all. I tested ssh login on Vista, W7 and W10 1809, in each case on 64 bit and under WOW64. On all systems I can login with domain as well as local accounts. For completeness sake I started sshd under SYSTEM as wel as under cyg_server account and every time it just worked. The only reason for failing logins coming to mind is the case of the usernames. It must be written *exactly* as returned by `getent passwd'. I.e.: $ getent passwd | grep -i foo MACHINE+Foo:*:197608:197121:U-MACHINE\Foo,[...] You have to login like this: $ ssh MACHINE+Foo This will not work: $ ssh machine+foo Corinna -- Corinna Vinschen Cygwin Maintainer signature.asc Description: PGP signature
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote: > > i can confirm the same behaviours on a 3.0.0 system. i've done several > checks > and have been unable to find the source of the problem. ssh -vvv shows that > the > connection proceeds all the way through the connection process, sends the > appropriate key tokens, then the server abruptly closes the connection. all > accounts on the system show the same results. > > my 2.11.1 system, with identical ssh[d]_config files has no such problems. > > on both systems, all relevant files and directories have correct owners and > permissions. Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2 Henri 64-@@ uname -a CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin 64-@@ tail /var/log/sshd.log Server listening on 0.0.0.0 port 222. seteuid 1004: Permission denied = -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
user names are not the problem. and my reply was incomplete; my observations are for windows 10 pro, 1809, installations. i have now seen the thread "Problem with sshd on W7 with 32bit cygwin 3.0" and am looking at that for leads. -- s. cowles scow...@ckhb.org +1 510 380 8661 Key fingerprint = A156 277B 875A D6E3 A00C 23D9 869E 72BE 1FD3 5B80 On Wed, 20 Feb 2019, Bill Stewart wrote: Date: Wed, 20 Feb 2019 11:04:29 From: Bill Stewart To: cygwin@cygwin.com Subject: Re: cygwin 3.0.1-1 breaks my sshd install In Cygwin 3.x, the case of the username must match exactly. I wonder if that's the problem? Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
On Wed, Feb 20, 2019 at 11:53 AM scowles wrote: > i can confirm the same behaviours on a 3.0.0 system. i've done several checks > and have been unable to find the source of the problem. ssh -vvv shows that > the > connection proceeds all the way through the connection process, sends the > appropriate key tokens, then the server abruptly closes the connection. all > accounts on the system show the same results. > > my 2.11.1 system, with identical ssh[d]_config files has no such problems. > > on both systems, all relevant files and directories have correct owners and > permissions. In Cygwin 3.x, the case of the username must match exactly. I wonder if that's the problem? Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: cygwin 3.0.1-1 breaks my sshd install
i can confirm the same behaviours on a 3.0.0 system. i've done several checks and have been unable to find the source of the problem. ssh -vvv shows that the connection proceeds all the way through the connection process, sends the appropriate key tokens, then the server abruptly closes the connection. all accounts on the system show the same results. my 2.11.1 system, with identical ssh[d]_config files has no such problems. on both systems, all relevant files and directories have correct owners and permissions. -- s. cowlewm scow...@ckhb.org Key fingerprint = A156 277B 875A D6E3 A00C 23D9 869E 72BE 1FD3 5B80 On Wed, 20 Feb 2019, James R. Phillips via cygwin wrote: Date: Wed, 20 Feb 2019 10:16:44 From: James R. Phillips via cygwin Reply-To: James R. Phillips To: "cygwin@cygwin.com" Subject: cygwin 3.0.1-1 breaks my sshd install Hello, My sshd install stops working when upgrading from cygwin 2.11.2-1 to 3.0.1-1. After upgrading and restarting sshd, an attempted connection is always closed, even coming from localhost. I have verified that I can get a server response with "$ telnet localhost 22", so I'm quite sure this is not a firewall issue. I have not been able to locate any relevant information in /var/log. I see no diagnostic information in the files there. After downgrading back to 2.11.2-1, connection functionality returns to normal. Note: cygcheck.out created _after_ downgrade. Regards James R. Phillips -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
cygwin 3.0.1-1 breaks my sshd install
Hello, My sshd install stops working when upgrading from cygwin 2.11.2-1 to 3.0.1-1. After upgrading and restarting sshd, an attempted connection is always closed, even coming from localhost. I have verified that I can get a server response with "$ telnet localhost 22", so I'm quite sure this is not a firewall issue. I have not been able to locate any relevant information in /var/log. I see no diagnostic information in the files there. After downgrading back to 2.11.2-1, connection functionality returns to normal. Note: cygcheck.out created _after_ downgrade. Regards James R. Phillips cygcheck.out Description: Binary data -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple