This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: W2K and sshd, ssh - asks for password


Regarding this:

I had this problem. It turned out that, despite what I thought, ntsec was _not_
actually in the CYGWIN variable.

You should be aware that certain keywords in the CYGWIN variable, among them "ntsec," are only examined when the Cygwin1.dll initially loads (i.e., every time a Cygwin application starts up and the Cygwin1.dll shared library was not already loaded; that can occur any number of times between reboots or logins).

In particular this means that no Cygwin code or script can meaningfully set the "ntsec" keyword in the CYGWIN variable--it must be supplied by the Windows environment. The usual way of doing this is to use the System control panel's Environment setting function.

Randall Schulz
Mountain View, CA USA

At 12:33 2002-07-26, Max Bowsher wrote:
Brian Keener wrote:
> If I start sshd as a service it doesn't matter if I have ntsec in the
> CYGWIN environmental variable or not - it still will ask me for the
> password. Whereas if I start sshd as Max described above without
> ntsec then ssh will ask for a password, but with ntsec then ssh will
> simply logon to the server and not ask for the password.

I had this problem. It turned out that, despite what I thought, ntsec was _not_
actually in the CYGWIN variable.

Look in the server debug output for the following 2 lines (in order to get the
output from when sshd is run as a service, change -D to -ddde in
The output will be written to /var/log/sshd.log . Note that sshd will die after
every connection with -d, so remember to put it back to -D when you are done.) :

debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
Failed publickey for max from port 3064 ssh2

The important part is "userauth_pubkey: authenticated 1" (NB _1_) followed
immediately by "Failed publickey".

Basically "authenticated 1" is saying 'authenticated successfully'. The only
thing that can cause authntication to fail after this has been printed is a bit
of cygwin specific code that lacks and debug logging. Essentially, if this
combination occurs, the problem is that CYGWIN does not contain ntsec.

If this does not help, then you can try posting the output here for further


Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]