This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi, I installed Cygwin 1.7.1 on a freshly installed Windows Webserver 2008. I set up sshd using ssh-host-config -y, and initialized passwd and group using mkpasswd and mkgroup respectively. I followed http://cygwin.com/cygwin-ug-net/ntsec.html and executed /usr/bin/cyglsa-config, followed by a reboot. When I then tried to connect via ssh using password authentication, everything worked fine. Using public key authentication resulted in the following error message: /usr/bin/bash.exe: error while loading shared libraries: ?: cannot open shared object file: No such file or directory Setting the ssh client to verbose output, it showed up that this happened after a successful authentication. bash.exe itself works fine, cygcheck reports no error, but several dependencies on shared libraries, all marked OK. I copied c:\windows\system32\cmd.exe (which has no dependencies to shared libraries) to c:\cygwin\bin\cmd.exe , allowed Everyone to access this file and put it as shell into /etc/passwd. Now the public key login worked, providing the CMD shell. However, I could not do anything, even "dir" resulted in Access Denied. I used Process Explorer to compare the security settings of a password-based cmd.exe instance with a public-key-based instance. Both instances where assigned to the correct user account. However, the groups differed significantly. Whereas the password-based instance showed all the groups assigned to the user account, the public-key-based instance was missing these and the "NT Authority\NTML-Authentication" (translated from a German windows), but had an additional "NT Authority\Service" group. Then I modified /etc/passwd and changed the group specification for my account from None to Users. On the next login, ProcessExplorer showed that the Users group was also assigned. I could access files, even /bin/bash worked as login shell with no shared library issues. This allowed me to create a windows group with all the rights I needed during ssh sessions, so I can actually use public key authentication. Nevertheless, this seems strange to me. Since it's working for me now, I don't require immediate assistance. I just wanted to let you know about this, and probably help some people encountering the same problem with my work-around. Best regards Malte
Attachment:
cygcheck.out
Description: Binary data
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |