Hello all,

I have a bit of trouble working a passwordless SSH from UNIX to Cygwin running windows 2k3. Here are some details. I AM able to SSH from the Windows box to the UNIX box using the keys. Also, I'm able to SSH from UNIX to Windows w/o the keys. However, when I try to do it with the keys the following output is produced
....

debug3: check_host_in_hostfile: match line 1
debug1: Host 'xx.xx.xx.xxis known and matches the RSA host key.
debug1: Found key in /cygdrive/c/cygwin/home/user/.ssh/known_hosts:1
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/identity (0x0)
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/id_rsa (0x0)
debug2: key: /cygdrive/c/cygwin/home/user/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard- interactive
debug3: start over, passed a different list publickey,password,keyboard- interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/cygwin/home/user/.ssh/identity
debug3: no such identity: /cygdrive/c/cygwin/home/user/.ssh/identity
debug1: Trying private key: /cygdrive/c/cygwin/home/user/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
Connection closed by [remote host]




I'm not entirely sure that I'm using priveledged separation. Honestly it was so difficult to start the sshd service that I can't remember. When I check the windows service it does state that the CYGWIN sshd server is logged on as Local System.

I did uncomment out the following in sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If someone could work with me on this I'd very much appreciate it.

Thanks,
Kevin

Here's a good HOWTO, did you follow all of the steps there?

HOWTO setup the Cygwin SSH daemon on a Windows 2003 server

Yes I tried that but still no luck. Here is some additional info regarding the issue:

SSH using keys for authentication
Sun -> Sun good
Sun -> WindowsXP good
WindowsXP -> Sun good
Win2K3 - > Sun good
Win2K3 - > WinXP good
Sun - > Win2K3 bad
WinXP - Win2K3 bad



If it helps, here is the output to "ssh localhost"
$ ssh -vvv localhost
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /c/Documents and Settings/USER/.ssh/identity type -1
debug3: Not a RSA1 key file /c/Documents and Settings/USER/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /c/Documents and Settings/USER/.ssh/id_rsa type 1
debug1: identity file /c/Documents and Settings/USER/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

"/c/Documents and Settings/USER" is my home directory (I know it's a pain but I'm first concentrating on getting this sshd up and running.

Also, I'm using RSA keys.

Generally you don't get very useful information from the ssh client when troubleshooting this kind of issue for security reasons.

Try running your sshd in debug mode, i.e. /usr/sbin/sshd -d -p 1234 and then try connecting to it from another window, ssh -p 1234 localhost. If that works (I've not tried it under Cygwin) it will hopefully give you a better idea why it's terminating the connection.

First off thank you for the replies.


I think i might be making progress. Here is the output when I run sshd

$ /c/cygwin/usr/sbin/sshd -d -p 1234
debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
/var/empty must be owned by root and not group or world-writable.

I changed /var is not writeable by group or world but when I try to change the owner to root it tells me that 'root is an invalid user'

Did you create a directory called /var/empty too? I wouldn't fiddle with /var ownership or permissions unless you're still stuck after trying that.

I'm surprised the ssh-host-config script didn't do this for you if it's required... I've looked at the script and the commands to do it are in there, are you sure you followed that step?

Try chown 0 /var/empty instead perhaps.

I definitely did do the ssh-host-config but it may not have executed in it's entirety. Immediately after saying yes to the privelaged separation question there are two lines that print:

Updating /etc/sshd_config file

Host configuration finished. Have fun!


I tried your suggestion but no luck

$ chown 0 var/empty
chown: changing ownership of `var/empty': Invalid argument

Currently /var is owned by me and /var/empty is owned by by SYSTEM and has the permissions "drwxr-xr-x"