Mail Archives: cygwin/2015/08/17/15:39:33

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/08/17/15:39:33

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:to:from:subject:date:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=HLb

dUyKQvd/Eps60DM+qsJCYawNQqObgljHImxHCBB8S6xdFZ/JHqQsAta7WuegFTXd

AAJMr8zrUly5r7W3k/S4svK2g+kgVk9u8+lBfcCvtvexDeKJ0m89wLuOPdszt9oD

zOXIU4xyzPp8eWtLdnGjmOd55GpKl4/dF9ClBcJI=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:to:from:subject:date:mime-version

:content-type:content-transfer-encoding; s=default; bh=5Nd2zbhtO

mmah0Ol0Q/WztAcMhI=; b=a3zbpOIVjEKqKhizbCJqkNsOtrL9nCAK7+1whw2kT

XRtfcgb+OFoCrHV6vIB+52/mD8ypusYXwRSPj9OmG3u2+UHiT2tMO3NZAC57W1aR

1paApRjIQiMJ3BJ8Ra4bb7e2xkCoRrDCH1jA8dA9+thenb2VY3qzeHawQBwDCaMT

yk=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_20,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2

X-HELO: BLU004-OMC1S29.hotmail.com

X-TMN: [7uGdy1fRbB/H5NCdi8NNnfbMObcaoEl4]

Message-ID: <BLU436-SMTP8C98370D51206FDE669BD9E790@phx.gbl>

To: cygwin AT cygwin DOT com

From: "Jarek C." <yaro_29 AT hotmail DOT com>

Subject: Problems with ssh connection

Date: Mon, 17 Aug 2015 21:39:11 +0200

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0

MIME-Version: 1.0

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t7HJdUs9002758

I have Cygwin installed on a couple of servers in a domain environment. 
Of all machines regular user accounts can ssh to only one box.
Once installed I configured Cygwin using the following in a .bat file.

c:\cygwin\bin\bash --login -c "chmod +r /etc/passwd"

c:\cygwin\bin\bash --login -c "chmod u+w /etc/passwd"

c:\cygwin\bin\bash --login -c "chmod +r /etc/group"

c:\cygwin\bin\bash --login -c "chmod u+w /etc/group"

c:\cygwin\bin\bash --login -c "chown -R domain_account /var/empty"

c:\cygwin\bin\bash --login -c "chmod 755 /var/empty"

c:\cygwin\bin\bash --login -c "chown domain_account /etc/ssh*"

c:\cygwin\bin\bash --login -c "chmod 755 /var/"

c:\cygwin\bin\bash --login -c "touch /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "chown domain_account /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "chmod 664 /var/log/sshd.log"

c:\cygwin\bin\bash --login -c "editrights -l -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a 
SeAssignPrimaryTokenPrivilege -u domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeCreateTokenPrivilege -u 
domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeTcbPrivilege -u 
domain_account"

c:\cygwin\bin\bash --login -c "editrights -a SeServiceLogonRight -u 
domain_account"

c:\cygwin\bin\bash --login -c "editrights -l -u domain_account"

c:\cygwin\bin\bash --login -c "/bin/ssh-host-config -y -c ntsec -u 
domain_account -w â€œpassword"

Somehow the permissions on the sshd_config file are diferent on the box 
where the sftp connection works

-rw-r--r-- 1 my_domain_account root 3679 Jul 24 12:44 /etc/sshd_config
where on all others I see
-rw-r--r-- 1 domain_account Administrators 3584 Jul 26 20:51 
/etc/sshd_config
where the domain_account is the account under which the Cygwin service 
is running.

When checking NTFS permissions I see in both cases the domain_account as 
the owner.
I read somewhere that I need to run chown root:system /etc/password to 
fix the permissions
but the account reports as invalid. Same if I try just root or just system.
Am I even close focusing on the permissions of sshd_config? No idea why 
they're different.
I think I used the same method on all servers but there were not 
installed at the same time so it's possible I messed something up. I 
don't want to break the working box keeping it as a reference. On others 
I noticed that a regular domain user can connect when their accounts get 
added to local admins which is what I would like to avoid.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:to:from:subject:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=HLb
	dUyKQvd/Eps60DM+qsJCYawNQqObgljHImxHCBB8S6xdFZ/JHqQsAta7WuegFTXd
	AAJMr8zrUly5r7W3k/S4svK2g+kgVk9u8+lBfcCvtvexDeKJ0m89wLuOPdszt9oD
	zOXIU4xyzPp8eWtLdnGjmOd55GpKl4/dF9ClBcJI=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:to:from:subject:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=5Nd2zbhtO
	mmah0Ol0Q/WztAcMhI=; b=a3zbpOIVjEKqKhizbCJqkNsOtrL9nCAK7+1whw2kT
	XRtfcgb+OFoCrHV6vIB+52/mD8ypusYXwRSPj9OmG3u2+UHiT2tMO3NZAC57W1aR
	1paApRjIQiMJ3BJ8Ra4bb7e2xkCoRrDCH1jA8dA9+thenb2VY3qzeHawQBwDCaMT
	yk=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.4 required=5.0 tests=AWL,BAYES_20,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	BLU004-OMC1S29.hotmail.com
X-TMN:	[7uGdy1fRbB/H5NCdi8NNnfbMObcaoEl4]
Message-ID:	<BLU436-SMTP8C98370D51206FDE669BD9E790@phx.gbl>
To:	cygwin AT cygwin DOT com
From:	"Jarek C." <yaro_29 AT hotmail DOT com>
Subject:	Problems with ssh connection
Date:	Mon, 17 Aug 2015 21:39:11 +0200
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version:	1.0
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id t7HJdUs9002758