This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

problems with RSA authentication for multiple users using SSHD


Hello,

Let me start with a simple question: can multiple users using RSA authentication log into a single Windows 2000 box running sshd?  It seems like this is implied by the README files in /usr/doc.

Assuming this is true then here is my problem:

I am trying to log onto a Windows 2000 (sp2) box using ssh with rsa authentication with different accounts.  While I have no problems logging in as different users using passwords, I can only seem to use rsa authentication when I'm logging on as the user starting the sshd process.  I'm running Cygwin version 1.3.5.  In addition, I have specified "CYGWIN=ntsec" as a system variable.

When I run sshd as LocalSystem, it seems like sshd is happy I've entered the correct rsa passphrase, but then it tries to make me the correct user and dies saying:

"Received disconnect from my.ip.address.here: Authentication rejected for uid 1004."

If I give my user account the following privelages:

"Act as part of the operating system"
"Replace process level token"
"Increase quotas"
"Logon as a service"

and start the sshd server under my account nwilson, I can then ssh into my machine using RSA authentication.

In a little more detail, I did the following:

bash%  chown SYSTEM /etc/ssh*
bash%  cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd"
bash%  cygrunsrv --start sshd
bash%  ssh -l nwilson my_machine_name_here  

  tried to log in as user nwilson using RSA with failure log below

bash%  cygrunsrv --stop sshd
bash%  cygrunsrv --remove sshd

bash%  chown nwilson /etc/ssh*
bash%  cygrunsrv --install sshd --path /usr/sbin/sshd --args "-D -ddd" -u nwilson
bash%  cygrunsrv --start sshd
bash%  ssh -l nwilson my_machine_name_here

  tried to log in as user nwilson with success (log below)


So the heart of my question is what can cause ssh/sshd to agree I'm a given user but be unable to switch the user context properly?  I feel like I've tried nearly everything (file permissions and user on ~/.ssh, /etc/ssh*, /etc/passwd, /etc/group).  

I'm basically running out of ideas.  Hopefully someone can help.  Thanks,

Nathan


running sshd under LocalSystem:

debug1: Seeding random number generator
/etc/sshd_config line 49: Deprecated option CheckMail
debug1: sshd version OpenSSH_3.0p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from my.ip.address.here port 1116
debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1
debug1: match: OpenSSH_3.0p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_3.0p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for nwilson.
debug1: temporarily_use_uid: 1004/513 (e=18)
debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys
debug1: restore_uid
Disconnecting: Authentication rejected for uid 1004.
debug1: Calling cleanup 0x4169cc(0x0)

running sshd under nwilson:

debug1: Seeding random number generator
/etc/sshd_config line 49: Deprecated option CheckMail
debug1: sshd version OpenSSH_3.0p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from my.ip.address.here port 1142
debug1: Client protocol version 1.5; client software version OpenSSH_3.0p1
debug1: match: OpenSSH_3.0p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_3.0p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for nwilson.
debug1: temporarily_use_uid: 1004/513 (e=1004)
debug1: trying public RSA key file /home/nwilson/.ssh/authorized_keys
debug1: restore_uid
Accepted rsa for nwilson from my.ip.address.here port 1142
debug1: session_new: init
debug1: session_new: session 0
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/tty0
... additional lines deleted but connection was successful ...



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]