This is the mail archive of the
mailing list for the Cygwin project.
Re: W2K and sshd, ssh - asks for password
Corinna Vinschen wrote:
> > I think that only the POSIX file mode using ACLs requires NTFS. The rest of what
> > ntsec does just requires an NT OS, and FAT will do.
> You're right. You just don't get real POSIX permissions on files,
> but on process level ntsec still works.
Well you guys just clarified and confirmed what I discovered last night and problem
now solved (partly) and sshd/ssh appears to be functioning as it should at least
from the SYSTEM bash shell.
I prepared and did the following test as Max described:
> The server needs to run under the SYSTEM account, so you will need to get a
> shell running under this account: As an administrator, run 'at hh:mm
> /interactive C:\cygwin\cygwin.bat', where hh:mm is current time +1m. Once the
> minute rolls over, you will have a bash shell running as SYSTEM. Now run
> '/usr/sbin/sshd -ddde >sshd-log 2>&1'. Now, in a separate shell (not as SYSTEM),
> try to log in - 'ssh myuser@localhost' As soon as you get the password prompt,
> Ctrl-C. The sshd will exit as it is running in debug mode. Send sshd-log to
> email@example.com in the body of an email.
and I had the file all prepared to email and then decided based on his other
comments about ntsec that I would just give it a try (which I should have done in
the first place and saved everyone a lot of grief - but I was afraid of the NTFS
requirement and screwing something up big time). Lo and behold with sshd started as
Max described and with NTSEC as part of my CYGWIN variable - I could type in:
and there I was - the message of the day and logged in via SSH without it asking for
I then decided to try sshd as a service again (installed and started from within the
SYSTEM bash shell I had running) but this time however it was back to asking for my
password. I tried testing various combinations of using the bash shell with user
SYSTEM (as Max described above) and ntsec in my CYGWIN variable and essentially
discovered the following:
If I start sshd as a service it doesn't matter if I have ntsec in the CYGWIN
environmental variable or not - it still will ask me for the password. Whereas if I
start sshd as Max described above without ntsec then ssh will ask for a password,
but with ntsec then ssh will simply logon to the server and not ask for the
One thing I have noticed though is that when I use cygrunsrv to install sshd as a
service (with the cygwin variable specified with ntsec specified) and then go look
at the service that was created - I see where it references cygrunsrv.exe but see no
reference to those parameters about the cygwin variable. This is on a Windows 2000
system - where is this information kept that would cause sshd to start as a service
with the cygwin variable set as required? This is probably the big question that
will fix my service problem.
So I now have learned (and you folks confirmed) that ntsec does affect part of the
system even when you don't NTFS.
Good to know and thanks for the clarification from both of you. Now any ideas why
running from the SYSTEM bash shell (with ntsec in use) sshd/ssh doesn't require the
password but running as a service it does? Is this as I surmise a problem with the
way the service is created and thus being run.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html