[SOLVED] ssh to Cygwin sshd - bat file fails when trust established but works with password
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ssh to Cygwin sshd - bat file fails when trust established but works with password
We recently setup Cygwin and sshd on one of our Windows servers to allow one of our Linux (RHEL6) servers to call a bat file on the Windows server. Since this will be automated from the Linux side I setup standard ssh trust from the Linux user to a Windows user. Testing the trust verified it works and can be used to execute Windows bat files.
The problem is that there is a specific bat file that is failing when the command it calls tries to login to the application (i.e. not OS level login) but appears to be running the other commands in the bat file properly.
The weirdness is that this failure only occurs when we call it using ssh trust to make the connection. If we make the connection without a trust so that it prompts for the OS level password the bat file then executes correctly including its application level login.
This suggests there is some environmental difference when ssh logs in with a password vs when it connects with a trust. I've checked the "set" and "env" Linux commands output as well as the DOS "set" command output and there is no difference between them when logged in via trust vs logged in via password.
To reiterate the “login” that is failing is something with the application not the OS user. The OS user works either way. Calling the bat file works either way – it is only this application “login” that is failing within the bat file when doing trust.
I also found sshpass allows one to feed the OS level password to the ssh call and using that also works when I call the bat file. This reinforces the idea of an environmental difference between password login and trust connection.
Has anyone seen this kind of behavior before and if so can you share what you did to resolve it for trusts?
Last edited by MensaWater; 09-02-2016 at 12:17 PM.
I did of course look at ssh -v (and -vvv) but those really don't tell me much other than connection information and methods. I've used them often for debugging failed ssh/sftp connections but as noted in my original post I am connecting successfully and am even able to execute the specific bat file. This isn't a connection issue but rather some subtle difference between the way it sees the user based on whether it came in via the trust or via password authentication.
In a simple cygwin on windows 7 sshd setup, I had to assign some additional user rights to the sshd service account, using the cygwin editrights program.
In a simple cygwin on windows 7 sshd setup, I had to assign some additional user rights to the sshd service account, using the cygwin editrights program.
Thanks but that thread doesn't seem to apply to the issue I described. It is about sshd not starting and on our Windows server sshd is running fine. I can login either via password or via trust.
What is different for my issue is what occurs in one bat file after the login as I originally wrote. If there are specific sshd settings you think would account for the behavior I described please feel free to share them.
I got the answer from the Cygwin mailing list when I posted the question there today:
Quote:
That most likely means that this application needs network access. If you log in via public key and don't have a password stored in registry via 'passwd -R' and cygserver running to use it, then you won't have any access rights to non-local resources.
If all you need is indeed to run one script, you might alternatively be able to set up a service that starts under a network user and just runs that script when triggered by your remote user login in via ssh.
On doing the "passwd -R" (which is a Cygwin option as described in above link) to update the Registry and re-establishing the trust we found the problem to be solved when connecting via trust.
Thanks for the update. I was thinking maybe a problem because windows service accounts can't use the desktop without having that right assigned. This has been the case since NT4 afaik.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.