[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
Nicola Mingotti
nmingotti at gmail.com
Sun Apr 11 09:44:08 UTC 2021
On 4/10/21 7:48 PM, Bartłomiej Solarz-Niesłuchowski via samba wrote:
> check rights for files with authorized_keys + etc..
>
> https://github.com/PowerShell/Win32-OpenSSH/wiki/OpenSSH-utility-scripts-to-fix-file-permissions
>
>
>
Hi Bartolomiej,
What you say is for sure corralated to the issue. And the page you post
is interesting,
but only if you install OpenSSH from gituhub. On Windows 10, installing
OpenSSH
as optional App there aren't those scripts.
I need to make a choice, or I proceed testing with the latest github
release
or I go on with the Windows version.
In any case, after I removed permissions from 'id_rsa.pub' I have got some
improvements in the GitHup OpenSSH. With publc key the system was not
working
but in this case rolling back to ask password instead of just failing.
Then by mistake of autocompletion
i run FixHostFilePermissions.ps1 and I wrecked all. I need to reinstall.
On the windows release the story is different. If I write my public key into
authorized_keys the ssh process bombs out.
these logs migth be relevat. They are related do Windows SSHD.
==== connection without public key defined in authorized_keys
===============
---- ssh -vvv
9300 2021-04-11 11:27:12.382 debug3: mm_request_send entering: type 13
***** 9300 2021-04-11 11:27:12.382 Accepted password for nicola from
172.16.3.50 port 47404 ssh2 *****
9300 2021-04-11 11:27:12.382 debug1: monitor_child_preauth: nicola has
been authenticated by privileged process
9300 2021-04-11 11:27:12.382 debug3: mm_get_keystate: Waiting for new keys
9300 2021-04-11 11:27:12.382 debug3: mm_request_receive_expect entering:
type 26
9300 2021-04-11 11:27:12.382 debug3: mm_request_receive entering
9300 2021-04-11 11:27:12.383 debug3: mm_get_keystate: GOT new keys
9300 2021-04-11 11:27:12.383 debug3: mm_auth_password: user
authenticated [preauth]
9300 2021-04-11 11:27:12.383 debug3: send packet: type 52 [preauth]
9300 2021-04-11 11:27:12.383 debug3: mm_request_send entering: type 26
[preauth]
9300 2021-04-11 11:27:12.383 debug3: mm_send_keystate: Finished sending
state [preauth]
9300 2021-04-11 11:27:12.389 debug1: monitor_read_log: child log fd closed
**** 9300 2021-04-11 11:27:12.401 debug3: spawning
"C:\\Windows\\System32\\OpenSSH\\sshd.exe" "-z" ******
9300 2021-04-11 11:27:12.405 User child is on pid 9768
9300 2021-04-11 11:27:12.405 debug3: send_rexec_state: entering fd = 5
config len 361
9300 2021-04-11 11:27:12.405 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:12.406 debug3: send_rexec_state: done
9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:12.406 debug3: ssh_msg_send: type 0
9300 2021-04-11 11:27:16.849 debug3: mm_request_receive entering
9300 2021-04-11 11:27:16.849 debug1: do_cleanup
==== connection with public key defined in authorized_keys ================
-----ssh -v
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/p/.ssh/id_rsa RSA
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE
debug1: Server accepts key: /home/p/.ssh/id_rsa RSA
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE
**** debug1: Authentication succeeded (publickey). ******
Authenticated to domus ([172.16.3.53]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
packet_write_wait: Connection to 172.16.3.53 port 22: Broken pipe
------------------------
---- sshd ------------------------------
4324 2021-04-11 11:30:45.295 Accepted publickey for nicola from
172.16.3.50 port 47434 ssh2: RSA
SHA256:hcDASnV1vvd88xpKM/xN2XtUSCvcW3oPUz0izqFMTBE
4324 2021-04-11 11:30:45.295 debug1: monitor_child_preauth: nicola has
been authenticated by privileged process
4324 2021-04-11 11:30:45.295 debug3: mm_get_keystate: Waiting for new keys
4324 2021-04-11 11:30:45.295 debug3: mm_request_receive_expect entering:
type 26
4324 2021-04-11 11:30:45.295 debug3: mm_request_receive entering
4324 2021-04-11 11:30:45.295 debug3: mm_get_keystate: GOT new keys
4324 2021-04-11 11:30:45.295 debug3: mm_sshkey_verify: waiting for
MONITOR_ANS_KEYVERIFY [preauth]
4324 2021-04-11 11:30:45.295 debug3: mm_request_receive_expect entering:
type 25 [preauth]
4324 2021-04-11 11:30:45.295 debug3: mm_request_receive entering [preauth]
4324 2021-04-11 11:30:45.295 debug1: auth_activate_options: setting new
authentication options [preauth]
**** 4324 2021-04-11 11:30:45.295 debug2: userauth_pubkey: authenticated
1 pkalg rsa-sha2-512 [preauth] ****
4324 2021-04-11 11:30:45.295 debug3: send packet: type 52 [preauth]
4324 2021-04-11 11:30:45.295 debug3: mm_request_send entering: type 26
[preauth]
4324 2021-04-11 11:30:45.295 debug3: mm_send_keystate: Finished sending
state [preauth]
4324 2021-04-11 11:30:45.300 debug1: monitor_read_log: child log fd closed
**** 4324 2021-04-11 11:30:45.340 debug3: lookup_principal_name:
Successfully discovered explicit principal name:
'windom\\nicola'=>'nicola at windom.borghi.lan'
**** 4324 2021-04-11 11:30:45.359 debug1: generate_s4u_user_token:
LsaLogonUser() failed. User 'windom\\nicola' Status: 0xC000009A SubStatus 0.
*****4324 2021-04-11 11:30:45.359 debug3: get_user_token - unable to
generate token for user windom\\nicola
**** 4324 2021-04-11 11:30:47.684 debug3: lookup_principal_name:
Successfully discovered explicit principal name:
'windom\\nicola'=>'nicola at windom.borghi.lan'
**** 4324 2021-04-11 11:30:47.699 debug1: generate_s4u_user_token:
LsaLogonUser() failed. User 'windom\\nicola' Status: 0xC000009A SubStatus 0.
**** 4324 2021-04-11 11:30:47.699 error: get_user_token - unable to
generate token on 2nd attempt for user windom\\nicola
**** 4324 2021-04-11 11:30:47.699 error: unable to get security token
for user windom\\nicola
4324 2021-04-11 11:30:47.699 fatal: fork of unprivileged child failed
4324 2021-04-11 11:30:47.699 debug1: do_cleanup
----------------------------------------
More information about the samba
mailing list