Web lists-archives.com

Re: sshd: fatal: seteuid XXX : No such device or address




On Mar 14 14:26, renaud.rolles@xxxxxxxxxxxxx wrote:
> > 
> > On Mar 14 12:39, renaud.rolles@xxxxxxxxxxxxx wrote:
> > > I can login via password, it work and lets me in.
> > > But if i tried with my keys, I get in the event viewer :
> > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> > 
> > - Make sure to login with the Administrator account case-sensitive.
> >   If your account is called "Administrator", then use an uppercase
> >   'A' when logging in.
> > 
> >   This case-sensitivity issue is a temporary workaround for a
> >   potential security problem in OpenSSH.  This will be rectified
> >   with OpenSSH 8.0 which allows to login case-insentive again.
> 
> With Uppercase i do have a login prompt, but (with the good password), I cant login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username administrator

As I said above, *if* your account is called Administrator...

> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 port 60876 ssh2
> 
> > 
> > - If that doesn't help, switch the user running the sshd service from
> >   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> > 
> 
> This worked, like a charm, thank you 😊
> 
> >   Cygwin switched the logon method and this method doesn't run
> >   under the "cyg_server" account sometimes.  However, switching
> >   back to "LocalSystem" instead of having to create a special
> >   "cyg_server" service account is one of the advantages of the
> >   new logon method.  For details, see
> > 
> >   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> > 
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing
> the password ?

The cyg_server account has been introduced many years ago as a
workaround for a change in the LocalSystem permissions in 
Windows 2003 and later.  The new S4ULogon method makes the cyg_server
account obsolete because the reduced permissions of LocalSystem
are sufficient now.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature