Re: sshd permits logon using disabled user?
- Date: Thu, 24 Jan 2019 09:48:17 -0700
- From: Bill Stewart <bstewart@xxxxxxxxx>
- Subject: Re: sshd permits logon using disabled user?
I performed the following steps:
1. Downloaded cygwin-20190124.tar.xz
2. Extracted it
3. Stopped sshd
4. Renamed existing /bin/cygwin1.dll to cygwin1-20181108.dll
5. Copied cygwin1.dll from download to /bin
6. Started sshd
Did I miss anything?
It still allows logon with disabled account.
On Thu, Jan 24, 2019 at 8:45 AM Corinna Vinschen <corinna-cygwin@xxxxxxxxxx>
> On Jan 24 06:28, Bill Stewart wrote:
> > I am running Windows 10 (1803) and experimenting with sshd installed as a
> > Windows service.
> > The computer is a domain member. I created a local computer account for
> > testing.
> > I created host keys and a public/private key pair to use to log on the
> > This works, except I notice that if I disable the Windows user account, I
> > can still log on using ssh using that account.
> > In the shell, logged on as the disabled user, the 'whoami' command
> > the name of the disabled user.
> > This seems unexpected and not good.
> > Why does sshd allow logon for a disabled user?
> Because the underlying Cygwin function responsible for changing the user
> account only checks if the account exists. It does not check for any of
> the flags in the user DB. Yet.
> I pushed a patch to disallow changing the user account to a disabled or
> locked out account.
> I just uploaded new developer snapshots containing this change to
> Please give them a try.
> Corinna Vinschen
> Cygwin Maintainer
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple