PuTTY error: /bin/bash Operation not permitted when connecting to Cygwin sshd

When trying to connect to an SSH server using PuTTY, I get an error:

/bin/bash: Operation not permitted

And then I get a message box saying:

Connection closed by remote host

This started happening unexpectedly today and I have no idea why, the SSH connection used to work fine before that.

What is causes this error, and is there any way to fix it?

Edit: The server is a Windows box, not Linux, and it is running Cygwin's sshd. Also I found this post which I think might be relevant - https://cygwin.com/ml/cygwin/2016-03/msg00097.html

sashoalm

Posted 2017-09-14T08:48:29.787

Reputation: 2 680

1Seems like /bin/bash is either deleted or your user doesn't have permissions to it. You should probably contact the administrator and ask him to fix it. – Mikael Kjær – 2017-09-14T08:52:52.167

Can you login with another user? – Zumo de Vidrio – 2017-09-14T08:53:12.660

@MikaelKjær Hm, if bash is missing wouldn't the error message be "command not found" or some such? Likely you're right about the permissions though. – sashoalm – 2017-09-14T08:53:48.797

@ZumodeVidrio I asked one of my colleagues and she get the same error. – sashoalm – 2017-09-14T08:56:12.067

This bash error is coming from the Linux server. The cause is maybe a bad command in the file .bashrc of the user profile you are connecting to. – harrymc – 2017-09-19T12:59:04.363

@harrymc It's a windows server with cygwin. – sashoalm – 2017-09-19T13:05:09.993

If you don't know where .bashrc is located under cygwin, you could run on the server the command echo $HOME on the same user profile you are connecting to. – harrymc – 2017-09-19T13:21:16.787

Answers

Here is a more direct way doing what the previous posts by Константин Брызгалов and Mun-dee say. Run a cygwin terminal as Administrator, then:

# stop the running sshd:
net stop sshd
# give the ssh user required privileges:
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
# restart sshd:
net start sshd

Uwe Mayer

Posted 2017-09-14T08:48:29.787

Reputation: 36

I spent a lot of time trying to solve the same problem. Accidentally stumbled upon a solution here:

https://cygwin.com/ml/cygwin/2015-08/msg00162.html

On cygwin server:

Go to Control Panel > Administrative Tools.
Select Local Security Policy > Local Policies > User Rights Assignment.
Right-click Replace a Process Level Token and select Security or Properties.
Click Add to add the account sshd is running on. ( cyg_server in my case )
gpupdate
Restart sshd service

Now try to connect via ssh ... I was successful

Константин Брызгалов

Posted 2017-09-14T08:48:29.787

Reputation: 41

I had this problem and resolved it.

Initially I followed the answer from Константин Брызгалов and was able to login with a password, but could not get public key authentication working. (I had created a local cyg_server administrator account manually.)

On further investigation, I was reading this page and it said to avoid having both a domain and a local account. I checked and I did have both; apparently someone else in my organization is running a cygwin server and had already created a cyg_server on the domain, which was getting confused with my local account.

I deleted my local cyg_server account, uninstalled the sshd service, and reinstalled as described on that page, and everything worked perfectly out of the box. The trick was to say "no" to using the existing cyg_server account, and tell ssh-host-config to create a "cyg_server1" account. It created a local account and set everything up correctly. Specifically:

cygrunsrv --stop sshd
cygrunsrv --remove sshd
Ctrl Panel > User Accounts > Manager User Accounts > (delete local cyg_server account)
mkpasswd -l -d >/etc/passwd
mkgroup -l -d >/etc/group
ssh-host-config
- overwrite = yes
- strict = yes
- CYGWIN = ntsec
- user to run = cyg_server1
- password = {...}

Checking user accounts you will see that cyg_server1 is indeed a local account but has additional setup.

maharvey67

Posted 2017-09-14T08:48:29.787

Reputation: 121

I had forgotten that question, but in the end I solved my problem by rerunning the ssh-host-config in my Cygwin server install (fortunately I had RDP access as well).

That was all that was needed but I have no idea why it worked.

sashoalm

Posted 2017-09-14T08:48:29.787

Reputation: 2 680

Thank you Константин Брызгалов for pointing me to the right direction, had the exact same problem.

A more thorough solution can ge found here: https://cygwin.com/faq.html#faq.using.sshd-in-domain There are actually 3 policy settings that need to have the cyg_server configured:

Act as part of the operating system (SeTcbPrivilege)
Create a token object (SeCreateTokenPrivilege)
Replace a process level token (SeAssignPrimaryTokenPrivilege)

Mun-dee

Posted 2017-09-14T08:48:29.787

Reputation: 11