« Home | Harvesting Cell Phone Numbers with Myspace.com » | Easy Spell Checking » | Apache/IBM Http Server Lockdown » | Be aware of WebSphere's lack of security in regard... » | Kickstarting HP360 and Redhat 4 » | Sun One Proxy Server 4.x - Lockdown for reverse pr... » | Discovering Portals - Jetspeed with WebSphere 5.1 » | Break out of the office using the proxy server! » | Discovering Portals - Jetspeed with Tomcat » | Restricting process information »

Windows 2003, Cygwin - SSHD Issues

I was running into an issue with windows recently. I know Windows has a lot of them but specifically running SSHD (Cygwin based) on Windows 2003 and public keys. The documentation notes to run SSHD as a system account, due to privilege reasons. I’m not to fond of this, I like running things as user accounts with less privileges not to mention under the system account with Windows 2003 seems to have issues with privilege separation.

Running under the new user account I setup sshdsvc (in administrator group), when I fire SSHD up and try to connect ssh closes the connection. Same result when I try to login with a public key. I modified the log level to DEBUG and have it write to the event viewer (syslog) to get more detail.

When I attempt to login it gives me a ‘error setreuid permission denied for sshdsvc’

Trace file here:

I added the following windows privileges (Control Panel, Local Security Policy) to the sshdsvc account.

Act as part of operating system.
Create a token object.
Replace a process level token.
Log on as a service.

I then needed to change the ownership of the directory (specifically the key files), remove the log files, and start the service.

Once restarted I was able to login without issue!

Previous posts