Cygwin OpenSSH 5.1 login session per user

Corinna Vinschen vinschen at redhat.com
Tue Nov 10 20:52:07 EST 2009


On Nov 10 00:09, petesea at bigfoot.com wrote:
> I'm using Cygwin OpenSSH 5.1 on a Windows XP SP3 system.
> 
> Is sshd supposed to create a new "login session" for each user that
> logs in?  Or, is there a way to force it to create a new "login
> session" for each user that logs in?
> 
> Once logged in, I'm trying to use the Kerberos for Windows command
> line utilities (klist/kinit), but I'm told by one of the KfW
> developers, each user must be in it's own login session.  From the
> way klist/kinit are behaving, it appears sshd is NOT creating a new
> login session for each user.

That's a Windows/Cygwin thingy.  Cygwin's sshd creates a new logon
session only if you use password authentication.  If you use pubkey
auth, you're still running in the logon session of the user running sshd
(typically "SYSTEM" or "LocalSystem" on XP).  However, this behaviour
of sshd with pubkey auth is *not* under control of sshd, it's entirely
under control of Cygwin.

Workarounds which allow to use pubkey auth and to get a logon session
are available in the new Cygwin 1.7, which is in it's late beta test
phase.  See http://cygwin.com/#beta-test
http://cygwin.com/1.7/cygwin-ug-net/cygwin-ug-net.html
http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

Please send followup question concerning Cygwin to the Cygwin
mailing list, see http://cygwin.com/lists.html


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list