This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: OpenSSH access to join the "Local Account" group
- From: Tom Moore <moortom at gmail dot com>
- To: Glenn G <gluszcz55 at hotmail dot com>, cygwin at cygwin dot com
- Date: Fri, 29 Jan 2016 09:43:40 -0500
- Subject: Re: OpenSSH access to join the "Local Account" group
- Authentication-results: sourceware.org; auth=none
- References: <CANwy9RQ2XE-HWGDrkfnkeZH3iuDOhpOo5pGtxu2afRBxLZKJJw at mail dot gmail dot com> <BLUPR14MB01932E673DC59866097E12ECA1DB0 at BLUPR14MB0193 dot namprd14 dot prod dot outlook dot com>
On Thu, Jan 28, 2016 at 10:44 PM, Glenn G <gluszcz55@hotmail.com> wrote:
> Very strange. You could log in as the user, regenerate the keys and try porting it over again. User id shouldn't have anything to do with this though. Sounds like impersonation is messed up for sshd user on machine b.
>
>
> Sent from my iPad
>
>> On Jan 28, 2016, at 2:11 PM, Tom Moore <moortom@gmail.com> wrote:
>>
>> Hi,
>>
>> I have a couple of Windows 7 machines set up as OpenSSH servers. Both are
>> current with windows updates. Both machines have identical cygwin
>> versions (2.0.4-1). I have tried to make the sshd configuration identical
>> on these two machines, following the instructions on
>> http://www.howtogeek.com/howto/41560/how-to-get-ssh-command-line-access-to-windows7-using-cygwin
>>
>>
>> I have set up the client machines, generated rsa keys, and copied the
>> public keys into the authorized_keys file on the server. Now I can log in
>> to both machines without providing a password. So far so good.
>>
>> When I ssh log in to machine A and check the id that I am logged in with, I get:
>>
>> uid=197608(User) gid=197121(None) groups=197121(None),114(Local account and
>> member of Administrators
>> group),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE
>> LOGON),11(Authenticated Users),15(This Organization),113(Local
>> account),4095(CurrentSession),262154(NTLM Authentication),405504(High
>> Mandatory Level)
>>
>> which is what I need in order to interact with some other resources on the
>> system.
>>
>> When I ssh log in to machine B and check the id I get:
>>
>> uid=197608(Owner) gid=197121(None) groups=197121(None),11(Authenticated
>> Users),66048(LOCAL),66049(CONSOLE LOGON),4(INTERACTIVE),15(This
>> Organization),545(Users),4095(CurrentSession),544(Administrators),405504(High
>> Mandatory Level)
>>
>> However, if on my local client if I remove the private key from the .ssh
>> directory and ssh login again, this time having to specify a password, my
>> session will join the "Local account" group as I want.
>>
>> Is there a configuration that I am missing in order to get machine B to
>> join the "Local account" group when I log in using an rsa key? What could
>> be different between the two machines?
>>
>> Cheers,
>>
>> Tom
To be clear, the sole administrator account on machine A that I am
logging in with has a user name of 'User', and the sole administrative
account on machine B that I am logging in with has a user name of
'Owner'. I have correctly set up the rsa keys for me@client on both
of these hosts. The different account names are the way that these
machines (purchased at different times) were set up by the vendor. I
don't know if there any other subtle differences.
Also, on machine A I must mount additional disk drives every time I
remotely log in by adding "net use" statements in to the
.bash_profile. However, on machine B on the second and subsequent
remote log in after a reboot the disk will already be mounted and I
will get an error message "The local device name is already in use".
What do you mean by sshd impersonation?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple