Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

Hello, > On 1 Aug 2017, at 20:25, Achim Gratz wrote: > > Pierre Souchay writes: >> (The issue being that root on CYGWIN is not uid=0 but uid=18 aka >> SYSTEM) > > This is a misconception. There is no root user on Windows and > consequently there is none on Cygwin. There

Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

Pierre Souchay writes: > (The issue being that root on CYGWIN is not uid=0 but uid=18 aka > SYSTEM) This is a misconception. There is no root user on Windows and consequently there is none on Cygwin. There are multiple possibilities of what could be usefully considered a proxy for root, so it's

Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

Hi Corinna, > On 31 Jul 2017, at 22:12, Corinna Vinschen wrote: > > On Jul 31 20:38, Pierre Souchay wrote: >> Hello, >> >> Please consider this patch: >> https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch >> >> It patches opensshd to allow to

Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

On Jul 31 20:38, Pierre Souchay wrote: > Hello, > > Please consider this patch: > https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch > > It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin > (similar to

Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

Hello, Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 ) Regards Pierre Souchay

RE: Possible Security Hole in SSHD w/ CYGWIN?

for this. David -Original Message- From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of Corinna Vinschen Sent: Thursday, February 18, 2016 7:13 AM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? On Feb 17 10:43, Corinna Vinschen wrote: > On

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Fri, Feb 19, 2016 at 6:10 AM, Corinna Vinschen wrote: > Thanks for testing, I really appreciate that. You're very welcome :) -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Feb 18 12:10, Erik Soderquist wrote: > On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote: > > > > I implemented and tested the idea and it seems to work. Note that the > > underlying problem that we can't generate our own login session when using > > method 1 persists. However, the new

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote: > > I implemented and tested the idea and it seems to work. Note that the > underlying problem that we can't generate our own login session when using > method 1 persists. However, the new code should avoid spilling cyg_server >

Re: Possible Security Hole in SSHD w/ CYGWIN?

etuid-overview, only > method 1 should be affected. > [bla, bla] > > If that is the case, it seems this is an unintended side effect of the way > > CYGWIN and sshd work together, and with the current state of Windows there > > isn't really a way around it. > > There migh

Re: Possible Security Hole in SSHD w/ CYGWIN?

, it seems this is an unintended side effect of the way > CYGWIN and sshd work together, and with the current state of Windows there > isn't really a way around it. There might be a way around that. I have a vague idea what to do to create a new logon session, even when creating the token from

RE: Possible Security Hole in SSHD w/ CYGWIN?

this is an unintended side effect of the way CYGWIN and sshd work together, and with the current state of Windows there isn't really a way around it. And that's OK (I can work around it if that's the case), I just wanted to get to the bottom of why this was happening and let people know the situation

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Feb 14 13:36, Erik Soderquist wrote: > I think the key point is that if no network password is stored using > the "passwd -R" option, then there should be absolutely no network > access at all in the current code/design, not a fall through to the > cyg_server account's network access,

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Sun, Feb 14, 2016 at 5:49 AM, Achim Gratz wrote: > Erik Soderquist writes: >> I would suspect Domain Admin for the Cyg_server account is a >> requirement of David's environment, which neither of us know anything >> about at present. I know I've had to do things that were not "best >> practice"

Re: Possible Security Hole in SSHD w/ CYGWIN?

David Willis writes: > So you're telling me any user that logs in using key authentication cannot > access the network as the same user (i.e. this is the intended behavior)? If > that's the case wouldn't it be better not to allow network access at ALL, > rather than allowing it as the service

Re: Possible Security Hole in SSHD w/ CYGWIN?

Erik Soderquist writes: > I would suspect Domain Admin for the Cyg_server account is a > requirement of David's environment, which neither of us know anything > about at present. I know I've had to do things that were not "best > practice" due to corporate policy on more occasions than I care to

RE: Possible Security Hole in SSHD w/ CYGWIN?

: Friday, February 12, 2016 5:04 PM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? With the precise steps listed/demonstrated, I've reproduced it I connected with ssh as a normal user using a private key, and cd'd to //server/c$/ successfully, and in the Windows active

Re: Possible Security Hole in SSHD w/ CYGWIN?

David Willis writes: > I know this is a somewhat unique and I guess obscure issue, but if someone > could please look into this - I would be very surprised if it was NOT > reproducible following the steps below. Because if this is actually the case > it is in fact granting permissions that it

RE: Possible Security Hole in SSHD w/ CYGWIN?

First of all, it is one thing to ask me why I have set this up the way I did - its another to tell me I've set it up "wrong", especially without known the ins and outs of my domain and network. > You still do not seem to have understood what > >

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Sat, Feb 13, 2016 at 3:34 AM, Achim Gratz wrote: > David Willis writes: >> I know this is a somewhat unique and I guess obscure issue, but if someone >> could please look into this - I would be very surprised if it was NOT >> reproducible following the steps below. Because if this is actually

Re: Possible Security Hole in SSHD w/ CYGWIN?

are explicit instructions on how to store your Windows password in a way that Cygwin sshd (and other Cygwin services) can use the password for network authentication and that it says not to store the credentials if you do not need network access when authenticating via public key, I would make the logical

Re: Possible Security Hole in SSHD w/ CYGWIN?

On Sat, Feb 13, 2016 at 8:29 PM, David Willis wrote: > Hmm, storing the password in the registry would probably not be optimal... I > would probably rather deal with lack of network share access from SSH > sessions than store a plaintext password (haven't tested it so I can't say > for sure, but

RE: Possible Security Hole in SSHD w/ CYGWIN?

privileges. Thanks, David -Original Message- From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of Erik Soderquist Sent: Saturday, February 13, 2016 4:34 PM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? On Sat, Feb 13, 2016 at 4:15 PM, David

RE: Possible Security Hole in SSHD w/ CYGWIN?

this isn't even really doing anything different) -Original Message- From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of Erik Soderquist Sent: Saturday, February 13, 2016 4:14 PM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? > I don't k

RE: Possible Security Hole in SSHD w/ CYGWIN?

r credentials to do so). Thanks, David -Original Message- From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of David Willis Sent: Tuesday, February 09, 2016 9:21 PM To: cygwin@cygwin.com Subject: RE: Possible Security Hole in SSHD w/ CYGWIN? Thank you for

Re: Possible Security Hole in SSHD w/ CYGWIN?

gt; share as (the user I SSH'd in as). > > And I just found out with further testing that when I connect using a > password to Cygwin SSHD server, then access the file share, I have the > correct permissions and it shows an open session as the user I connected as > like it should.

RE: Possible Security Hole in SSHD w/ CYGWIN?

Sorry for starting a new thread w/ the reply, forgot to subscribe before posting my question yesterday... Thanks for getting back so quickly Yes, I have read that page pretty much from top to bottom, and as far as I know I have configured sshd and the user accounts correctly. I have a

Re: Possible Security Hole in SSHD w/ CYGWIN?

On 9 February 2016 at 21:39, David Willis <david_wil...@comcast.net> wrote: > Just to add an update to this, it appears that processes run from the shell > while logged into the CYGWIN SSHD server are run as the correct user - i.e. > I run a ping or cat a file and pipe it to less,

RE: Possible Security Hole in SSHD w/ CYGWIN?

I connect using a password to Cygwin SSHD server, then access the file share, I have the correct permissions and it shows an open session as the user I connected as like it should. So it is something specifically that happens when connecting using public key authentication. Here is an example thoug

RE: Possible Security Hole in SSHD w/ CYGWIN?

Just to add an update to this, it appears that processes run from the shell while logged into the CYGWIN SSHD server are run as the correct user - i.e. I run a ping or cat a file and pipe it to less, and check Task Manager on the SSHD server, and those processes show as being run as the user I

Possible Security Hole in SSHD w/ CYGWIN?

Hello, I noticed that when connecting via SSH to a CYGWIN-based SSHD server, if the user connects to a network share (i.e. they CD to the share UNC path in the BASH/CYGWIN shell), they get connected as the privileged server user account created for privilege separation when SSHD is configured w

Re: Possible Security Hole in SSHD w/ CYGWIN?

David Willis comcast.net> writes: > To reproduce, connect via SSH (from either a Linux or CYGWIN/Windows client) > to a CYGWIN-based SSHD server using a normal privileged user account (an > account preferably that is not an admin either on the client or server > machine).

Problem running sshd on cygwin (DLL: 1.5.25) and WinPE 2.0

Hi, I'm trying to use cygwin OpenSSH on WinPE 2.0 environment. I've tried the following 2 setups 1. Cygwin+OpenSSH on Windows XP SP2 2. Cygwin+OpenSSH on WinPE 2.0 Both these setups were done by running the bundled ssh-host-config script. I'm not using Privilege Separation and also for Setup#2,

Re: cannot start sshd on cygwin- win xp

Larry Hall (Cygwin) wrote: [EMAIL PROTECTED] wrote: a selection of all the error message I am getting. Messing around trying to start it. it doesn`t show up on netstat -an. I did install and uninstall a windows port of openssh, I don`T know if that messed things up. But nothing i

Re: cannot start sshd on cygwin- win xp

[EMAIL PROTECTED] wrote: Larry Hall (Cygwin) wrote: [EMAIL PROTECTED] wrote: a selection of all the error message I am getting. Messing around trying to start it. it doesn`t show up on netstat -an. I did install and uninstall a windows port of openssh, I don`T know if that messed things

Re: cannot start sshd on cygwin- win xp

Larry Hall (Cygwin) wrote: [EMAIL PROTECTED] wrote: Larry Hall (Cygwin) wrote: [EMAIL PROTECTED] wrote: a selection of all the error message I am getting. Messing around trying to start it. it doesn`t show up on netstat -an. I did install and uninstall a windows port of

Re: cannot start sshd on cygwin- win xp

jameshanley39 wrote: Larry Hall (Cygwin) wrote: jameshanley39 wrote: Larry Hall (Cygwin) wrote: jameshanley39 wrote: a selection of all the error message I am getting. Messing around trying to start it. it doesn`t show up on netstat -an. I did install and uninstall a windows port of

cannot start sshd on cygwin- win xp

/sbin/sshd cygrunsrv: Error installing a service: OpenService: Win32 error 1073: The specified service already exists. $ net start sshd The CYGWIN sshd service is starting. The CYGWIN sshd service was started successfully. Current [EMAIL PROTECTED] ~ $ net start sshd The CYGWIN sshd

Re: cannot start sshd on cygwin- win xp

[EMAIL PROTECTED] wrote: a selection of all the error message I am getting. Messing around trying to start it. it doesn`t show up on netstat -an. I did install and uninstall a windows port of openssh, I don`T know if that messed things up. But nothing i easily do about that if it did..

the instruction of setting up sshd in cygwin is too vague

Thanks to let me know which instruction is correct one. I got the trouble with the official instruction. I just wonder if you can give me some help, I am new in this area? My goal is establishing a vista or XP professional base sshd server in laboratory so that everyone in the lab can use this

Re: the instruction of setting up sshd in cygwin is too vague

I am not like you (I am beginner) or a experienced it depends, if you want the truth I'll tell you. I understand you. But you are never going to believe me. And may be it is not a good way for you. 2007/7/27, shiliang Wang [EMAIL PROTECTED]: Thanks to let me know which instruction is correct

Installing sshd w/Cygwin under Win2K/SP4

Hi Folks, Here's the conclusion to my sshd journey. Larry was correct. When installed properly, sshd should just work, even using keys with multiple users. Here's an exact record of the process I used for those considering embarking on this journey for themselves. :-) thanks best regards,

Re: Installing sshd w/Cygwin under Win2K/SP4

Thanks for this record. It should be useful for others. Larry At 10:37 AM 1/4/2005, you wrote: Hi Folks, Here's the conclusion to my sshd journey. Larry was correct. When installed properly, sshd should just work, even using keys with multiple users. Here's an exact record of the process

Re: sshd under Cygwin

pedal2metal wrote: [...] I'm running Windows 2000 Pro SP4 using a February 25,2004 archive of the redhat mirror for the Cygwin install. This is ten month old and no longer supported, try to update to a recent version of Cygwin and tools. Gerrit -- =^..^= -- Unsubscribe info:

RE: sshd under Cygwin

: [EMAIL PROTECTED] -Original Message- From: pedal2metal [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 1:37 AM To: cygwin@cygwin.com Subject: sshd under Cygwin Hello, Ok, I installed all of Cygwin then attempted to get sshd running. I did this about 1.5 years ago it didn't seem

RE: sshd under Cygwin

directories up to including '/' in openssh.README in the scripts would be a helpful reminder. thanks best regards, eric -Original Message- From: pedal2metal [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 6:45 AM To: cygwin@cygwin.com Subject: RE: sshd under Cygwin Hello, After

RE: sshd under Cygwin

At 07:44 AM 1/2/2005, you wrote: Hello, After using the following references: http://ist.uwaterloo.ca/~kscully/SSH/CygwinSSHD_W2K3.html http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html /usr/share/doc/Cygwin/openssh.README /usr/bin/ssh-host-config /usr/bin/ssh-user-config plenty of

RE: sshd under Cygwin

multiple users working. thanks best regards, eric rose email: [EMAIL PROTECTED] -Original Message- From: Larry Hall [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 1:26 PM To: pedal2metal; cygwin@cygwin.com Subject: RE: sshd under Cygwin At 07:44 AM 1/2/2005, you wrote

sshd under Cygwin

working reliably with sshd under Cygwin. I'm running Windows 2000 Pro SP4 using a February 25,2004 archive of the redhat mirror for the Cygwin install. I am operational since I can use my password but I'm completely baffled by why the RSA2 keys don't work since I use them on my other systems which I

Re: Question concerning SSHD on CYGWIN

, Marcel wrote: Hello, For a internal prototype we are using cygwin on a windows 2000 system to transfer data via ssh from one windows machine to this windows system with cygwin sshd. If we have alot of data to transfer (e.g. 800 MB) after approximately 10 minutes the transfer hangs

sshd in cygwin

Hi, I'm not sure whether this is the right place to ask this question. My apologies if I am intruding into your mailbox. After starting sshd in cygwin on my winXP machine, do I need to setup user accounts? I am unable to ssh into my windows machine (using my regular windows account) from

Re: sshd in cygwin

On Thu, 12 Feb 2004, Rachan Malhotra wrote: Hi, I'm not sure whether this is the right place to ask this question. My apologies if I am intruding into your mailbox. After starting sshd in cygwin on my winXP machine, do I need to setup user accounts? I am unable to ssh into my windows