0
As have many, apparently, I struggle to find a forum to ask Cygwin questions. (Cygwin.com has a mailing list. How quaint.)
We have a number of Windows servers running cygwin sshd for administrative purposes. They all run as a domain account, let's call it my_domain\cyg_server.
Recently upper management required that we break out the account for development and production. So on the development machines, I have to change an existing sshd service from running as my_domain\cyg_server to my_domain\cyg_dev.
So, I've verified that my_domain\cyg_dev exists and belongs to the same A/D groups as cyg_server, and that I can log into the server as either cyg_server or cyg_dev.
I've added cyg_dev to the local administrator group.
I've changed the existing CYGWIN sshd service to run as cyg_dev.
With the service down, I've re-run ssh-host-config from a cygwin shell that was started with "Run as administrator". I answered "yes" to all questions.
I note that /etc/ssh* are now all owned by cyg_dev, as I would expect.
I started the service, and it started correctly, and runs as cyg_dev.
When I attempt to log into localhost as myself, I get:
/bin/bash: Operation not permitted
I can log in as my_domain\cyg_dev.
This is usually an indication that the account that sshd runs as, does not have admin privileges. But I confirm that my_domain\cyg_dev is in the administrators group.
I tried updating /etc/passwd with all domain accounts, and that didn't affect the problem.
I'm not sure what to try at this point. I've considered deleting /etc/ssh_host* and then running ssh-host-config again and hope the files are recreated. Is this worth trying, or will it make things worse?
Ask the mailing list. I see no reason and utility for the change from
cyg_server
tocyg_dev
. It an auxiliary user to separate the sshd service from the system one; no one is supposed to log in a shell from it. – matzeri – 2018-02-04T11:03:03.360I see no utility in making the change either, but nevertheless we are required to do so. We have spent a lot of time and effort arguing that position to no avail. – roc97007 – 2018-03-22T01:23:25.270
cyg_server is just a default name. You can config sshd and when the configure script suggests to use cyg_server just change to cyg_dev. – matzeri – 2018-03-22T02:46:07.053