This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: session user ID error when ssh in terms of public-key exchange


Chen Yue wrote:
Greetings

I am a new bee in cygwin. Now I am about to setup an sshd environment on a
windows2003 server in a project. But there is a weird phenomenon blocking my
task.

I setup a local account named sshd_server in administrators group, grant
âCreate a token objectâ, âLog on as a serviceâ and âreplace a process level
tokenâ to sshd_server in Local Security Settings. The service sshd is
started by ID of sshd_server.
Two users: userA and userB are domain users who are supposed to be able to
log on the server in terms of ssh. I have set up their profiles in
/etc/passwd and /etc/group. In the purpose of convenience, they copy their
public-key to their home dir so that they need not to input passwd when
logon.

All above work OK for me.

My issue is when the two users log on in term of inputting passwd, they can
create files in a shared dir and the file owner is correct. ânet sessionâ
command shows the correct user ID of the session. However, when they log on
in terms of public-key exchanging, the files they created in shared dir are
owned by âsshd_serverâ!!  (The files created locally are correct though).
And the ânet sessionâ command shows it is sshd_server but not userA or userB
that have logged on the server.

I am so puzzled whatâs the difference between the two ways to log on. Did
anyone encounter this ever before?


This is a known issue that has been talked about at great length in the
email archives.  It is a limitation of Windows and won't be remedied in
the Cygwin 1.5.x series.  The difference is that when you log in with your
password, you are authenticated through Windows.  So Windows knows who you
are.  With pubkey authentication, you're not.  So Windows thinks you're
the user that runs the 'sshd' service.


-- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]