Web lists-archives.com

Re: sshd: computer name's case must match?




On Feb 13 11:32, Corinna Vinschen wrote:
> On Feb 12 16:07, Bill Stewart wrote:
> > Good day,
> > 
> > I am testing sshd using the cygwin1.dll 3.x version (run as SYSTEM -
> > S4U logon - works great!).
> > 
> > One thing I've noticed is that if I use ssh log onto a remote
> > domain-joined machine (e.g., connect with COMPUTER+localname), the
> > 'COMPUTER' prefix must be uppercase - if I specify
> > 'computer+LocalName', the user is unknown.
> > 
> > This doesn't seem to be the case if I change the username's case -
> > 'COMPUTER+localname' also works.
> > 
> > Is this by design or by accident?
> 
> sshd checks usernames case-sensitive against their name stored in the
> user DB.  The problem that you can use differently cased usernames
> here is that the Windows function for checking the name is case-
> insensitive, so it takes the username any way it comes in and
> sshd eventually checks against the wrongly cased name.
> 
> I fixed that partially in Cygwin by making sure that the account name
> stored in the internal passwd/group info is stored case-correct:
> https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=9a3cc77b2afc
> 
> So if you have a domain DOMAIN and a user xyz
> 
> $ getent passwd DoMaIn+XyZ
> 
> Prior to the above patch  it returned
> 
>   DOMAIN+XyZ:...
> 
> Now it will return
> 
>   DOMAIN+xyz:...
> 
> The problem is this:  If the account is from another domain than the
> local machine or the machine domain, the call to LookupAccountSid to fix
> the account name won't fix the account name.
> 
> Apparently the account name is cached on the local machine in exactly
> the same spelling as has been used when asking for the account the first
> time.  I still have to find a way to workaround that.

That should be fixed now as well.  I uploaded new developer snaps to
https://cygwin.com/snapshots/  and will generate YA test release later
today.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature