Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
From: Franck <franck DOT perrin AT laposte DOT net>
Subject: Re: Can't use pubkey auth with OpenSSH 3.6p1 under Windows Server
 2003.
Date: Wed, 25 Jun 2003 00:27:50 +0200
Lines: 125
Message-ID: <bdaj8d$m5m$2@main.gmane.org>
References: <20030619141554 DOT GA17304 AT jml DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.2.1) Gecko/20030225
In-Reply-To: <20030619141554.GA17304@jml.net>

Rob Andrews a écrit:
> Having installed cygwin network install and OpenSSH 3.6p1 on Windows Server
> 2003, I've come across a problem.
> 
> Previously, under Windows 2000 Advanced Server, we'd been able to use
> pubkey authentication, but now it seems to fail, leaving password
> authentication the only option (not great for automation purposes).
> 
> Notably, when using password auth:
> 
> [~] -> ssh -l administrator 192.168.1.34
> administrator AT 192 DOT 168 DOT 1 DOT 34's password:
> Fanfare!!!
> You are successfully logged in to this server!!!
> 
> Administrator AT scorpion ~
> $
> [snip]
> 
> But when specifying a password-less key:
> 
> [~] -> ssh -i mykey -l administrator 192.168.1.34
> Fanfare!!!
> You are successfully logged in to this server!!!
> Connection to 192.168.1.34 closed.
> 
> Here's a complete output of ssh -v:
> 
> [~] -> ssh -v -i mykey -l administrator 192.168.1.34
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 506 geteuid 0 anon 1
> debug1: Connecting to 192.168.1.34 [192.168.1.34] port 22.
> debug1: temporarily_use_uid: 506/300 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 506/300 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file mykey type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p1
> debug1: match: OpenSSH_3.6.1p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.1p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 120/256
> debug1: bits set: 1595/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '192.168.1.34' is known and matches the RSA host key.
> debug1: Found key in /home/rob/.ssh/known_hosts:24
> debug1: bits set: 1583/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: userauth_pubkey_agent: testing agent key /home/rob/.ssh/id_dsa
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: try privkey: mykey
> debug1: read PEM private key done: type RSA
> debug1: ssh-userauth2 successful: method publickey
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: channel request 0: pty-req
> debug1: channel request 0: shell
> debug1: fd 3 setting TCP_NODELAY
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Fanfare!!!
> You are successfully logged in to this server!!!
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> Connection to 192.168.1.34 closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 36 bytes in 0.3 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 140.2
> debug1: Exit status 255
> 
> Whilst the Win2k3 event log says:
> sshd: PID 2552: Accepted publickey for administrator from 192.168.1.155 port 38555 ssh2.
> sshd: PID 2828: Accepted publickey for administrator from 192.168.1.155 port 38555 ssh2.
> sshd: PID 2864: fatal: setuid 544: Permission denied.
> sshd: PID 2552: syslogin_perform_logout: logout() returned an error.
> 
> Is there something *really* stupid that I'm missing? All necessary keys are in
> place, /etc/passwd and /etc/group have been created correctly and checked
> against the output of mkpasswd/mkgroup, and I can ssh in using password auth,
> but I completely fail to be able to use key-based authentication.
> 

I have same problem on my new Windows 2003 Server Standard French. I'm 
looking for tunning in .NET configuration MMC but I didn't find for the 
moment.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/