This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: AW: Inaccessible remote volumes when logged in via ssh

From: "Rob S.i.k.l.o.s" <rob2 at siklos dot ca>
To: <cygwin at cygwin dot com>
Date: Thu, 20 May 2004 22:04:04 -0400
Subject: Re: AW: Inaccessible remote volumes when logged in via ssh
References: <cb51e2e040510142043015a25@mail.gmail.com> <00fc01c43758$24e95e20$0500a8c0@ron> <6.1.0.6.0.20040512222556.031ef9c8@127.0.0.1>

Hello,

I just noticed that I am also using this problem.

For example:

$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)
w: on /w type system (binmode,noumount)
z: on /z type system (binmode,noumount)

$ ssh rsiklos@localhost
rsiklos@localhost's password:
Last login: Thu May 20 22:00:01 2004 from localhost
You are successfully logged in to this server!!!

$ mount
C:\cygwin\bin on /usr/bin type system (binmode)
C:\cygwin\lib on /usr/lib type system (binmode)
C:\cygwin on / type system (binmode)
c: on /c type system (binmode,noumount)

I have no idea why this is happening.  I know I had it working with sshd on
win2k, but I'm running XP now.  Other than the o/s change, and updating
cygwin every once in a while (including today), I haven't done anything
different.  I just reinstalled cygwin from scratch (wanted to do it anyways)
and the problem is still there.

Anything I can do to to figure out what the problem is?

Thanks a million,

Rob.

----- Original Message ----- 
From: "Larry Hall" <cygwin-lh@cygwin.com>
To: "Brindl Ronald" <rbrindl@gmx.at>; <cygwin@cygwin.com>
Sent: Wednesday, May 12, 2004 10:53 PM
Subject: Re: AW: Inaccessible remote volumes when logged in via ssh


> At 09:01 AM 5/11/2004, you wrote:
> >I am logging in using password (i already heard of troubles using
> >publickey, altough i can log in as normal user using public key)
> >The volume is mounted using the explorer menu (extra -> connect drive, i
> >dont know if thats correct because i have a german version), and it is
> >configured to mount automatically at startup.
>
>
> Well, something is wrong with your password authentication then because
> the behavior you're getting is exactly the same as with public key
> authentication.
>
>
> >I just tried to use "net use" in my ssh-session and noticed it doesnt
> >work (system error 1312)
> >It is the same case as in
> >http://archive.erdelynet.com/ssh-l/2004-04/msg00033.php
> >And in
> >http://archive.erdelynet.com/ssh-l/2002-11/msg00006.php
> >
> >And
> >http://archive.erdelynet.com/ssh-l/2004-03/msg00057.php
> >
> >It has something to do with user-privileges and that the sshd runs as
> >user SYSTEM. It seems, that the ssh-sessions also runs as SYSTEM, and
> >not as user which logged in.
>
>
> No, that's not quite right.  *If* you use password authentication when you
> 'ssh' into your Cygwin ssh server, you will be authenticated by Windows
and
> have full access to whatever resource (including shares) Windows allows
you.
> *If* you use public key authentication, you can access any resource that
does
> not require Windows authentication (including public shares).  Either way,
> you are running the 'ssh' session as the user you specify (or default to)
> for that session.  Only 'sshd' runs as SYSTEM (by default).  Running
'sshd'
> allows switching the user context from SYSTEM to the requested user for
> the 'ssh' session.
>
>
> >What i dont understand is, why it works when i log in locally via ssh
> >(ssh localhost -l bpc).
>
>
> It "works" because you're already authenticated with Windows on that
machine
> as the user you're shelling in as.  So Windows knows this user and
therefore
> will provide access to the restricted resources.
>
>
> >It should also run as user system without
> >network-privileges.
>
>
> No that's incorrect.
>
>
> >I tried the following:
> >At <current-time + 1> /INTERACTIVE cmd
> >
> >Which should open a cmd-shell in one minute which runs as SYSTEM.
> >The shell opens and i also have no access to the network.
>
>
> That's expected.
>
>
> >So i tried to start the sshd service as user "sshd" (changed owner of
> >all files, adjusted the security policies etc). The service starts but
> >the strange result is, that i cant login with password anymore, only
> >with public key !!! And i still dont have acces to network .
> >When i do a ps -W -f i get:
> >
> >    sshd    1608       1   ?  14:10:21 /usr/bin/cygrunsrv
> >    sshd    1348    1720   ?  14:11:09 /usr/sbin/sshd
> >       0     756       0   ?  14:11:11 C:\cygwin\bin\bash.exe
> >     bpc    1716    1680   1  14:11:46 /usr/bin/ps
> >       0    1760       0   ?  14:11:47 C:\cygwin\bin\ps.exe
>
>
> Don't know why you tried this but as you can see, it doesn't buy you
> anything.
>
>
> >So i assume, the shell still run under SYSTEM account
>
>
> No.  Now it would be run as user 'sshd', with whatever privileges the
'sshd'
> user has.  By default, this user has no ability to switch user contexts so
> no matter who you log in as, you will always be 'sshd'.
>
>
> >Trying around with UsePrivilegeSeperation i had trouble starting the
> >service at all. (complained about wrong privileges of /var/empty)
>
>
> If you start changing the user that 'sshd' runs as, you're going to need
> to be careful about resetting file ownership on many files and directories
> that 'sshd' and 'ssh' use.  It isn't recommended that you run 'sshd' as
> any user other than SYSTEM (unless you're running on W2K3 - see the
openssh
> README for details on running on that platform).  At this point, you're
> probably best off removing 'openssh' from your system, cleaning up any
> leftover files, and reinstalling, using the install scripts and directions
> provided with the package.  If you're still have problems, we need to know
> the steps you took, any messages you got, log files generated,
configuration
> file settings, etc.  But keep in mind you can find out allot about what
> 'sshd' and 'ssh' are doing by running them with verbosity/debugging turned
> on.  See the man pages for details.
>
>
>
> --
> Larry Hall                              http://www.rfk.com
> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> 838 Washington Street                   (508) 893-9889 - FAX
> Holliston, MA 01746
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: AW: Inaccessible remote volumes when logged in via ssh
  - From: Larry Hall

References:
- Re: Inaccessible remote volumes when logged in via ssh
  - From: Joshua Daniel Franklin
- AW: Inaccessible remote volumes when logged in via ssh
  - From: Brindl Ronald
- Re: AW: Inaccessible remote volumes when logged in via ssh
  - From: Larry Hall

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]