This is the mail archive of the
cygwin
mailing list for the Cygwin project.
RE: Connection closed message when trying to connect with sftp using public key authentication to OpenSSH 3.7.1p2 on Windows 2003 Server
- From: "Des Atkinson" <Des at metron dot co dot uk>
- To: "Cygwin List" <cygwin at cygwin dot com>
- Date: Fri, 24 Jun 2005 15:45:35 +0100
- Subject: RE: Connection closed message when trying to connect with sftp using public key authentication to OpenSSH 3.7.1p2 on Windows 2003 Server
I have downloaded and tested 4.1p1-1 and all is now working just fine.
The key lessons for me were:
1. Yes, use privilege separation as that seems to work just fine. It
creates a user called sshd to run the non-privileged operations.
2. If you want to use a pre-existing user to own the sshd service,
ensure that it has the following privileges:
* Adjust memory quotas for a process
* Create a token object
* Logon as a service
* Replace a process level token
These privileges should be set using the "Domain Controller Security
Settings" utility (go to Local Policies -> User Rights Assignment).
The user must also have Administrator rights on the server. It should
also have ownership of the following files:
/etc/ssh_host*
/var/empty
Many thanks for your help.
-----Original Message-----
From: Larry Hall [mailto:lh-no-personal-replies-please@cygwin.com]
Sent: 15 June 2005 15:51
To: Cygwin List; Des Atkinson; cygwin@cygwin.com
Subject: Re: Connection closed message when trying to connect with sftp
using public key authentication to OpenSSH 3.7.1p2 on Windows 2003
Server
At 10:39 AM 6/15/2005, you wrote:
>At 10:14 AM 6/15/2005, you wrote:
>>I have been trying to connect to OpenSSH on my Windows 2003 Server
system using public key authentication. I have tried using both sftp and
ssh. In both cases the verbose output shows that the authentication
succeeded okay, but the session itself just seems to die with an "Exit
status 255" message (followed by "Connection closed" for sftp).
>>
>
>
><snip>
>
>
>>Is there some additional configuration I need to attempt on my server
to make this all work? I am running the CYGWIN sshd service under the
Local System account on the server.
>
>
>The Local System account does not have the permissions necessary to
permit
>pubkey authentication to work on W2K3. Did you install with
ssh-host-config
>and ssh-user-config? ssh-host-config will ask you if you want to
create the
>"sshd_server" user that will have the proper permissions to permit
pubkey
>authentication. See 'usr/share/doc/Cygwin/openssh.README' for more
details.
I should also point out that OpenSSH 3.7.1p2 is very old now. The
current
version is 4.1p1-1. It may be that ssh-host-config doesn't have the
option
to create the "sshd_server" user in that version. I don't remember. If
it
does not, all the more reason to upgrade. ;-)
>
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/