Problem logging into ssh

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem logging into ssh

Noah White
I’ve installed and configured sshd to run as a service under a particular account which is an Administrator. I can ssh in fine as that user. However, if I try to ssh as any other user I get the following error:

Last login: Wed May 21 18:58:35 2014 from foo.home
/bin/bash: Operation not permitted
Connection to tango closed.

I’ve found a few threads talking about this issue but none of the details/solutions were either pertinent or worked.  

Other details:

Windows Server 2008 R2
Cygwin 1.7.29(0.272/5/3) CYGWIN_NT-6.1-WOW64
OpenSSH 6.6p1-1

TIA,

-Noah



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: Problem logging into ssh

Larry Hall (Cygwin)
On 05/21/2014 07:22 PM, Noah White wrote:
> I’ve installed and configured sshd to run as a service under a
> particular  account which is an Administrator. I can ssh in fine as that
> user. However, if I try to ssh as any other user I get the following error:

> Last login: Wed May 21 18:58:35 2014 from foo.home
> /bin/bash: Operation not permitted
> Connection to tango closed.
>
> I’ve found a few threads talking about this issue but none of the
> details/solutions were either pertinent or worked.
>
> Other details:
>
> Windows Server 2008 R2
> Cygwin 1.7.29(0.272/5/3) CYGWIN_NT-6.1-WOW64
> OpenSSH 6.6p1-1

While what you're describing could, perhaps, work, if you set the all
up in the right way, you would at most be able to get it to work with
password authentication.  If that's not working for you either, my
best recommendation is to read through the openssh README under
/usr/share/doc/Cygwin and follow the directions there for
configuring sshd.  Note that '/usr/bin/ssh-host-config' will create
a local user to run sshd under.  If you're trying to use public-key
authentication, this will only work for users on your local machine.
You will need to look into the configuration scripts that
'/usr/bin/ssh-host-config' runs to see how it creates this user
and create a like one for your domain, if that's your goal.  There is
more discussion of this in the email archives, though it is probably
several years back.  Otherwise, if a local pub-key user is enough
for your needs, these scripts should be enough to get you going or
provide you the details of what you need to get things working in
this way.  If you have further issues that you want to bring back
to the list, I recommend you read and follow the problem reporting
guidelines found at the link below.  You'll find what the list needs
from you as bootstrap information to help diagnose your particular
problem.

> Problem reports:       http://cygwin.com/problems.html



--
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: Problem logging into ssh

PolarStorm
In reply to this post by Noah White
Noah White wrote
I’ve installed and configured sshd to run as a service under a particular account which is an Administrator. I can ssh in fine as that user. However, if I try to ssh as any other user I get the following error:

Last login: Wed May 21 18:58:35 2014 from foo.home
/bin/bash: Operation not permitted
Connection to tango closed.
The sshd installation scripts creates two users, one which should not be
used for login, so make sure you sue the right one. Some months ago
I posted details about various other issues with sshd setup on W8
machines. I have no idea if any of these have been fixed and implemented,
but have a close look at the thread:
http://cygwin.1069669.n5.nabble.com/Silently-configure-sshd-fails-via-system-account-td106607.html

Also, one of the accounts are erroneously set to expire in 42 days.


Reply | Threaded
Open this post in threaded view
|

Re: Problem logging into ssh

Larry Hall (Cygwin)
On 05/31/2014 02:55 PM, PolarStorm wrote:

> Noah White wrote
>> I’ve installed and configured sshd to run as a service under a particular
>> account which is an Administrator. I can ssh in fine as that user.
>> However, if I try to ssh as any other user I get the following error:
>>
>> Last login: Wed May 21 18:58:35 2014 from foo.home
>> /bin/bash: Operation not permitted
>> Connection to tango closed.
>
> The sshd installation scripts creates two users, one which should not be
> used for login, so make sure you sue the right one. Some months ago

Actually, neither of the two possible accounts, one for running the service
and one for, optionally, privilege separation, should be used by the user as
a login.  The user should login via ssh using their Windows account login
name, after running 'ssh-user-config' as that user.

> I posted details about various other issues with sshd setup on W8
> machines. I have no idea if any of these have been fixed and implemented,
> but have a close look at the thread:
> http://cygwin.1069669.n5.nabble.com/Silently-configure-sshd-fails-via-system-account-td106607.html
>
> Also, one of the accounts are erroneously set to expire in 42 days.

The privilege separation account, sshd, is disabled by design.  This
keeps anyone from using it as a login, since the account is supposed to
be used solely by the service as an added security measure.


--
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple