[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain

Nicola Mingotti nmingotti at gmail.com
Sun Apr 11 09:44:08 UTC 2021 



On 4/10/21 7:48 PM, Bartłomiej Solarz-Niesłuchowski via samba wrote:
> check rights for files with authorized_keys  + etc..
>
> https://github.com/PowerShell/Win32-OpenSSH/wiki/OpenSSH-utility-scripts-to-fix-file-permissions 
>
>
>

Hi Bartolomiej,

What you say is for sure corralated to the issue. And the page you post 
is interesting,
but only if you install OpenSSH from gituhub. On Windows 10, installing 
OpenSSH
as optional App there aren't those scripts.

I need to make a choice, or I proceed testing with the latest github 
release
or I go on with the Windows version.

In any case, after I removed permissions from 'id_rsa.pub' I have got some
improvements in the GitHup OpenSSH. With publc key the system was not 
working
but in this case rolling back to ask password instead of just failing. 
Then by mistake of autocompletion
i run FixHostFilePermissions.ps1 and I wrecked all. I need to reinstall.

On the windows release the story is different. If I write my public key into
authorized_keys the ssh process bombs out.

these logs migth be relevat. They are related do Windows SSHD.

==== connection without public key defined in authorized_keys 
===============

---- ssh -vvv

9300 2021-04-11 11:27:12.382 debug3: mm_request_send entering: type 13

***** 9300 2021-04-11 11:27:12.382 Accepted password for nicola from 
172.16.3.50 port 47404 ssh2 *****

9300 2021-04-11 11:27:12.382 debug1: monitor_child_preauth: nicola has 
been authenticated by privileged process

9300 2021-04-11 11:27:12.382 debug3: mm_get_keystate: Waiting for new keys

9300 2021-04-11 11:27:12.382 debug3: mm_request_receive_expect entering: 
type 26

9300 2021-04-11 11:27:12.382 debug3: mm_request_receive entering

9300 2021-04-11 11:27:12.383 debug3: mm_get_keystate: GOT new keys

9300 2021-04-11 11:27:12.383 debug3: mm_auth_password: user 
authenticated [preauth]

9300 2021-04-11 11:27:12.383 debug3: send packet: type 52 [preauth]

9300 2021-04-11 11:27:12.383 debug3: mm_request_send entering: type 26 
[preauth]

9300 2021-04-11 11:27:12.383 debug3: mm_send_keystate: Finished sending 
state [preauth]

9300 2021-04-11 11:27:12.389 debug1: monitor_read_log: child log fd closed

**** 9300 2021-04-11 11:27:12.401 debug3: spawning 
"C:\\Windows\\System32\\OpenSSH\\sshd.exe" "-z" ******

9300 2021-04-11 11:27:12.405 User child is on pid 9768

9300 2021-04-11 11:27:12.405 debug3: send_rexec_state: entering fd = 5 
config len 361

9300 2021-04-11 11:27:12.405 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:12.406 debug3: send_rexec_state: done

9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0

9300 2021-04-11 11:27:16.849 debug3: mm_request_receive entering

9300 2021-04-11 11:27:16.849 debug1: do_cleanup



==== connection with public key defined in authorized_keys ================

-----ssh -v

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: 
publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Offering public key: /home/p/.ssh/id_rsa RSA 
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE

debug1: Server accepts key: /home/p/.ssh/id_rsa RSA 
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE

**** debug1: Authentication succeeded (publickey). ******

Authenticated to domus ([172.16.3.53]:22).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions at openssh.com

debug1: Entering interactive session.

debug1: pledge: network

packet_write_wait: Connection to 172.16.3.53 port 22: Broken pipe

------------------------

---- sshd ------------------------------

4324 2021-04-11 11:30:45.295 Accepted publickey for nicola from 
172.16.3.50 port 47434 ssh2: RSA 
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE

4324 2021-04-11 11:30:45.295 debug1: monitor_child_preauth: nicola has 
been authenticated by privileged process

4324 2021-04-11 11:30:45.295 debug3: mm_get_keystate: Waiting for new keys

4324 2021-04-11 11:30:45.295 debug3: mm_request_receive_expect entering: 
type 26

4324 2021-04-11 11:30:45.295 debug3: mm_request_receive entering

4324 2021-04-11 11:30:45.295 debug3: mm_get_keystate: GOT new keys

4324 2021-04-11 11:30:45.295 debug3: mm_sshkey_verify: waiting for 
MONITOR_ANS_KEYVERIFY [preauth]

4324 2021-04-11 11:30:45.295 debug3: mm_request_receive_expect entering: 
type 25 [preauth]

4324 2021-04-11 11:30:45.295 debug3: mm_request_receive entering [preauth]

4324 2021-04-11 11:30:45.295 debug1: auth_activate_options: setting new 
authentication options [preauth]

**** 4324 2021-04-11 11:30:45.295 debug2: userauth_pubkey: authenticated 
1 pkalg rsa-sha2-512 [preauth] ****

4324 2021-04-11 11:30:45.295 debug3: send packet: type 52 [preauth]

4324 2021-04-11 11:30:45.295 debug3: mm_request_send entering: type 26 
[preauth]

4324 2021-04-11 11:30:45.295 debug3: mm_send_keystate: Finished sending 
state [preauth]

4324 2021-04-11 11:30:45.300 debug1: monitor_read_log: child log fd closed

**** 4324 2021-04-11 11:30:45.340 debug3: lookup_principal_name: 
Successfully discovered explicit principal name: 
'windom\\nicola'=>'nicola at windom.borghi.lan'

**** 4324 2021-04-11 11:30:45.359 debug1: generate_s4u_user_token: 
LsaLogonUser() failed. User 'windom\\nicola' Status: 0xC000009A SubStatus 0.

*****4324 2021-04-11 11:30:45.359 debug3: get_user_token - unable to 
generate token for user windom\\nicola

**** 4324 2021-04-11 11:30:47.684 debug3: lookup_principal_name: 
Successfully discovered explicit principal name: 
'windom\\nicola'=>'nicola at windom.borghi.lan'

**** 4324 2021-04-11 11:30:47.699 debug1: generate_s4u_user_token: 
LsaLogonUser() failed. User 'windom\\nicola' Status: 0xC000009A SubStatus 0.

**** 4324 2021-04-11 11:30:47.699 error: get_user_token - unable to 
generate token on 2nd attempt for user windom\\nicola

**** 4324 2021-04-11 11:30:47.699 error: unable to get security token 
for user windom\\nicola

4324 2021-04-11 11:30:47.699 fatal: fork of unprivileged child failed

4324 2021-04-11 11:30:47.699 debug1: do_cleanup

----------------------------------------

More information about the samba mailing list