This is the mail archive of the
mailing list for the Cygwin project.
RE: ssh - no access to /dev/st0
- From: Larry Hall <lh-no-personal-replies-please at cygwin dot com>
- To: "Cary Lewis" <CLewis at mobilecom dot com>, "Cygwin List" <cygwin at cygwin dot com>
- Date: Tue, 31 Aug 2004 22:44:25 -0400
- Subject: RE: ssh - no access to /dev/st0
- References: <536E63F3472B3F4486A01F301164FEC8584E24@mccmsrv.mccnet.mobilecom.com>
- Reply-to: Cygwin List <cygwin at cygwin dot com>
At 03:02 PM 8/31/2004, you wrote:
>If I add sshd_server to the Administrators group, I can auto logon via
>ssh (using authorized_keys). Even though this is supposed to happen via
2003 Server has a funny new feature. When starting services under SYSTEM
account, these services have nearly all user rights which SYSTEM holds...
except for the "Create a token object" right, which is needed to allow
public key authentication :-(
There's no way around this, except for creating a substitute account which
has the appropriate privileges. Basically, this account should be member
of the administrators group, plus it should have the following user rights:
Create a token object
Logon as a service
Replace a process level token
The ssh-host-config script asks you, if it should create such an account,
called "sshd_server". If you say "no" here, you're on your own. Please
follow the instruction in ssh-host-config exactly if possible. Note that
ssh-user-config sets the permissions on 2003 Server machines dependent of
whether a sshd_server account exists or not.
So your 'sshd_server' user should be a member of the administrators group if
it's going to work. Did you use 'ssh-host-config' to create it in the first
place? Does rerunning it make it any better?
>But I still do not have access to /dev/st0, but if I disable auto-logon
>and type in my password, all works.
>The interesting thing is that the id command returns a different set of
>groups for me when I log on automatically or I specify the password.
>The uid and gid are the same, but the list of groups is different: For
>the automatic logon I only get Domain Admins and Users
>Any suggestions would be appreciated.
Beyond what I already suggested (below), which I still think is
valid/worthwhile advice, you might also review your '/etc/passwd'
and '/etc/group' too.
>From: Larry Hall [mailto:blah blah blah]
>Sent: Tuesday, August 31, 2004 12:36 PM
>To: Cary Lewis; email@example.com
>Subject: RE: ssh - no access to /dev/st0
>At 12:24 PM 8/31/2004, you wrote:
>>The issue is that during command line execution of a tar command, sshd
>>has not set the environment properly, namely the mount points are not
>>there, so /dev/st0 does not exist, and the PATH variable does not point
>>to the correct cygwin files either.
>>What might be causing this.
>>It works fine with an interactive ssh session (providing auto logon is
>>not set up).
>I think it's time to start over on this one too:
>>Problem reports: http://cygwin.com/problems.html
>You might want to run your server in debug mode and see if you can
>spot the problem here. My WAG is permissions problems on ~/.ssh and/or
>log files/directories and/or 'sshd' isn't running with all the
>it needs. But that's just guessing. The debug output should help
>out the real answer.
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html