LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-02-2016, 11:56 AM   #1
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
ssh to Cygwin sshd - bat file fails when trust established but works with password


We recently setup Cygwin and sshd on one of our Windows servers to allow one of our Linux (RHEL6) servers to call a bat file on the Windows server. Since this will be automated from the Linux side I setup standard ssh trust from the Linux user to a Windows user. Testing the trust verified it works and can be used to execute Windows bat files.

The problem is that there is a specific bat file that is failing when the command it calls tries to login to the application (i.e. not OS level login) but appears to be running the other commands in the bat file properly.

The weirdness is that this failure only occurs when we call it using ssh trust to make the connection. If we make the connection without a trust so that it prompts for the OS level password the bat file then executes correctly including its application level login.

This suggests there is some environmental difference when ssh logs in with a password vs when it connects with a trust. I've checked the "set" and "env" Linux commands output as well as the DOS "set" command output and there is no difference between them when logged in via trust vs logged in via password.

To reiterate the “login” that is failing is something with the application not the OS user. The OS user works either way. Calling the bat file works either way – it is only this application “login” that is failing within the bat file when doing trust.

I also found sshpass allows one to feed the OS level password to the ssh call and using that also works when I call the bat file. This reinforces the idea of an environmental difference between password login and trust connection.

Has anyone seen this kind of behavior before and if so can you share what you did to resolve it for trusts?

Last edited by MensaWater; 09-02-2016 at 12:17 PM.
 
Old 09-02-2016, 01:23 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora 34
Posts: 3,664

Rep: Reputation: 1059Reputation: 1059Reputation: 1059Reputation: 1059Reputation: 1059Reputation: 1059Reputation: 1059Reputation: 1059
No idea what this could be. Try running 'ssh -v' to show all of the steps for each login method. Maybe that will help track down the difference.
 
Old 09-02-2016, 02:15 PM   #3
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831

Original Poster
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
I did of course look at ssh -v (and -vvv) but those really don't tell me much other than connection information and methods. I've used them often for debugging failed ssh/sftp connections but as noted in my original post I am connecting successfully and am even able to execute the specific bat file. This isn't a connection issue but rather some subtle difference between the way it sees the user based on whether it came in via the trust or via password authentication.
 
Old 09-02-2016, 04:14 PM   #4
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
In a simple cygwin on windows 7 sshd setup, I had to assign some additional user rights to the sshd service account, using the cygwin editrights program.

Google found this maillist thread on the subject: https://cygwin.com/ml/cygwin/2013-02/msg00185.html.
 
Old 09-06-2016, 12:13 PM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831

Original Poster
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Quote:
Originally Posted by Doug G View Post
In a simple cygwin on windows 7 sshd setup, I had to assign some additional user rights to the sshd service account, using the cygwin editrights program.

Google found this maillist thread on the subject: https://cygwin.com/ml/cygwin/2013-02/msg00185.html.
Thanks but that thread doesn't seem to apply to the issue I described. It is about sshd not starting and on our Windows server sshd is running fine. I can login either via password or via trust.

What is different for my issue is what occurs in one bat file after the login as I originally wrote. If there are specific sshd settings you think would account for the behavior I described please feel free to share them.
 
Old 09-06-2016, 03:21 PM   #6
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831

Original Poster
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
I got the answer from the Cygwin mailing list when I posted the question there today:

Quote:
That most likely means that this application needs network access. If you log in via public key and don't have a password stored in registry via 'passwd -R' and cygserver running to use it, then you won't have any access rights to non-local resources.

https://cygwin.com/cygwin-ug-net/nts...etuid-overview

If all you need is indeed to run one script, you might alternatively be able to set up a service that starts under a network user and just runs that script when triggered by your remote user login in via ssh.
On doing the "passwd -R" (which is a Cygwin option as described in above link) to update the Registry and re-establishing the trust we found the problem to be solved when connecting via trust.
 
Old 09-06-2016, 05:33 PM   #7
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
Thanks for the update. I was thinking maybe a problem because windows service accounts can't use the desktop without having that right assigned. This has been the case since NT4 afaik.
 
  


Reply

Tags
cygwin sshd ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Scripting to automate Process of SSH Trust (Password less Login ) RamTeja Programming 3 02-07-2014 05:58 AM
Passwordless ssh works. Normal login/ssh Fails. gurunarayanan Linux - Newbie 9 11-08-2012 04:42 AM
Execute nmake command with cygwin.bat rks_hs General 0 09-05-2011 11:24 PM
SSH to work without a password between CentOS & Cygwin timmywo Linux - Server 9 08-08-2010 03:26 AM
running wget from .bat using cygwin - syntax question alpinescott Linux - General 3 02-02-2010 01:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration