This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: session user ID error when ssh in terms of public-key exchange

From: "Yue Chen" <godsarmycy at gmail dot com>
To: cygwin at cygwin dot com
Date: Mon, 15 Oct 2007 11:55:16 +0800
Subject: Re: session user ID error when ssh in terms of public-key exchange
References: <4711aed5.1498600a.3683.ffffe154@mx.google.com> <47129F6B.7020305@cygwin.com>

Hi Larry

Thank you for the explanation.

BTW: how can I get this issue-related archives.

2007/10/15, Larry Hall (Cygwin) <reply-to-list-only-lh@cygwin.com>:
> Chen Yue wrote:
> > Greetings
> >
> > I am a new bee in cygwin. Now I am about to setup an sshd environment on a
> > windows2003 server in a project. But there is a weird phenomenon blocking my
> > task.
> >
> > I setup a local account named sshd_server in administrators group, grant
> > "Create a token object", "Log on as a service" and "replace a process level
> > token" to sshd_server in Local Security Settings. The service sshd is
> > started by ID of sshd_server.
> > Two users: userA and userB are domain users who are supposed to be able to
> > log on the server in terms of ssh. I have set up their profiles in
> > /etc/passwd and /etc/group. In the purpose of convenience, they copy their
> > public-key to their home dir so that they need not to input passwd when
> > logon.
> >
> > All above work OK for me.
> >
> > My issue is when the two users log on in term of inputting passwd, they can
> > create files in a shared dir and the file owner is correct. 'net session'
> > command shows the correct user ID of the session. However, when they log on
> > in terms of public-key exchanging, the files they created in shared dir are
> > owned by "sshd_server"!!  (The files created locally are correct though).
> > And the "net session" command shows it is sshd_server but not userA or userB
> > that have logged on the server.
> >
> > I am so puzzled what's the difference between the two ways to log on. Did
> > anyone encounter this ever before?
>
>
> This is a known issue that has been talked about at great length in the
> email archives.  It is a limitation of Windows and won't be remedied in
> the Cygwin 1.5.x series.  The difference is that when you log in with your
> password, you are authenticated through Windows.  So Windows knows who you
> are.  With pubkey authentication, you're not.  So Windows thinks you're
> the user that runs the 'sshd' service.
>
>
> --
> Larry Hall                              http://www.rfk.com
> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> 216 Dalton Rd.                          (508) 893-9889 - FAX
> Holliston, MA 01746
>
> _____________________________________________________________________
>
> A: Yes.
>  > Q: Are you sure?
>  >> A: Because it reverses the logical flow of conversation.
>  >>> Q: Why is top posting annoying in email?
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: session user ID error when ssh in terms of public-key exchange
  - From: Larry Hall (Cygwin)

References:
- session user ID error when ssh in terms of public-key exchange
  - From: Chen Yue
- Re: session user ID error when ssh in terms of public-key exchange
  - From: Larry Hall (Cygwin)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]