I have a bit of trouble working a passwordless SSH from UNIX to Cygwin running windows 2k3. Here are some details. I AM able to SSH from the Windows box to the UNIX box using the keys. Also, I'm able to SSH from UNIX to Windows w/o the keys. However, when I try to do it with the keys the following output is produced
....
debug3: check_host_in_hostfile: match line 1
debug1: Host 'xx.xx.xx.xxis known and matches the RSA host key.
debug1: Found key in /cygdrive/c/cygwin/home/user/.ssh/known_hosts:1
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/identity (0x0)
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/id_rsa (0x0)
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard- interactive
debug3: start over, passed a different list publickey,password,keyboard- interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/cygwin/home/user/.ssh/identity
debug3: no such identity: /cygdrive/c/cygwin/home/user/.ssh/identity
debug1: Trying private key: /cygdrive/c/cygwin/home/user/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
Connection closed by [remote host]
I'm not entirely sure that I'm using priveledged separation. Honestly it was so difficult to start the sshd service that I can't remember. When I check the windows service it does state that the CYGWIN sshd server is logged on as Local System.
Yes I tried that but still no luck. Here is some additional info regarding the issue:
SSH using keys for authentication
Sun -> Sun good
Sun -> WindowsXP good
WindowsXP -> Sun good
Win2K3 - > Sun good
Win2K3 - > WinXP good
Sun - > Win2K3 bad
WinXP - Win2K3 bad
If it helps, here is the output to "ssh localhost"
$ ssh -vvv localhost
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /c/Documents and Settings/USER/.ssh/identity type -1
debug3: Not a RSA1 key file /c/Documents and Settings/USER/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /c/Documents and Settings/USER/.ssh/id_rsa type 1
debug1: identity file /c/Documents and Settings/USER/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
"/c/Documents and Settings/USER" is my home directory (I know it's a pain but I'm first concentrating on getting this sshd up and running.
Generally you don't get very useful information from the ssh client when troubleshooting this kind of issue for security reasons.
Try running your sshd in debug mode, i.e. /usr/sbin/sshd -d -p 1234 and then try connecting to it from another window, ssh -p 1234 localhost. If that works (I've not tried it under Cygwin) it will hopefully give you a better idea why it's terminating the connection.
I think i might be making progress. Here is the output when I run sshd
$ /c/cygwin/usr/sbin/sshd -d -p 1234
debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
/var/empty must be owned by root and not group or world-writable.
I changed /var is not writeable by group or world but when I try to change the owner to root it tells me that 'root is an invalid user'
Did you create a directory called /var/empty too? I wouldn't fiddle with /var ownership or permissions unless you're still stuck after trying that.
I'm surprised the ssh-host-config script didn't do this for you if it's required... I've looked at the script and the commands to do it are in there, are you sure you followed that step?
I definitely did do the ssh-host-config but it may not have executed in it's entirety. Immediately after saying yes to the privelaged separation question there are two lines that print:
These are the defaults anyway for those attributes (see man sshd_config)
This sounds strange, as to my knowledge /var on a Unix-like system should either be owned by root or bin.
Also why were you using a relative path when you issued the chown command,
and what directory were you in when you did it?
The $ in your prompt implies to me that you were issuing the chown as a non-root user which without sudo or similar also looks strange to me.
But I guess this all refers to the sshd server running in Cygwin where ownerships and admin rights may differ strangely.
Sorry, I have no Cygwin sshd setup experience to tell if this is all normal.
There actually is no "root" in Cygwin. Since SSHD is run as a service on Local System, everything must be owned by "SYSTEM". I am an Administrator on this machine so everything that root can do on an actual Unix system, I should be able to do in Cygwin.
After a few attempts to yank my hair out I finally got the SSH server working in Cygwin. Basically the key was removing the service from the registry using cygrunsrv �R sshd. Then I just ran ssh-host-config again and made sure the �sshd_server� user is configured correctly and running the service. I guess in Windows 2K3 the it can�t be run as Local System. From there it�s business as usual. I do thank you for all your help. If you happen to come across anyone else having the similar issues setting one up this should help.