Web lists-archives.com

Re: sshd: PID 2308: fatal: seteuid 1090146: Permission denied --> Login to domain server windows 2k12r2 not possible




On 2018-03-08 04:44, Bernhard Finster wrote:
> login via ssh to cygwin on a domain server 2012r2 standardis not possible (see error in mail subject). The login is either with password, nor with publickey possible.
> The package was created with cygwinsetup.exe v 2.877 (32bit) and works fine on every standalone servers. I have createt a setup batch file with the content below:
> 
> 	c:\start\cygwin\setup.exe -q --local-install --root c:\cygwin -l c:\Start\cygwin
> 	cd C:\cygwin\bin  
> 	bash --login -c "ssh-host-config -y -c "tty ntsec" -u "cyg_server" -w "password" --privileged"  
> 	bash --login -c "mkdir .ssh"  
> 	bash --login -c "cp /cygdrive/c/Start/authorized_keys .ssh/authorized_keys"  
> 	bash --login -c "chmod 700 .ssh"
> 	bash --login -c "cygrunsrv -S sshd"
> 	bash --login -c "syslog-ng-config -y"
> 	bash --login -c "cygrunsrv -S syslog-ng"
> 
> The setup is always startet with the user "Administrator@domain" after joining the domain.
> In my test-domain I have enabled the following user right assignement for the domain admin cyg_server:
> 
> * Act as part of the operating system
> * Create a token object
> * Log on as a batch job
> * Log on as a service
> * Repace a process level token
> * Deny log on locally
> * Deny logon through Remotedesktop Services
> 
> Attachements:
> 
> * ssh_config, sshd_config, original copy from the server
> * ssh-ddd.txt is the output of the command "/usr/sbin/sshd -d -d -d"
> * ssh-vvv.txt is the output of a login attempt to the server (usual Administrator@hostname), I have defined in .ssh/config (host * user Administrator)
> * messages.txt is the output of a login attemt to the server from his syslog-ng log
> * cygcheck
> 
> Sorry for my bad english, I hope it will get better.
> Please help if you have any idea for me to get out of this desaster.

You might want to try upgrading setup, upgrading installed packages, and
manually running the ...-config scripts elevated, to see if that fixes the problem.

seteuid handling:
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple