Public key authentication issues on cygwin

Question

I've been trying "ssh localhost" on cygwin (I use WIndows 7), but it keeps asking for the password.

When I did "ssh -vvv localhost", I found out that the public key authentications were not happening (or failing). Hence, it was asking for the password.

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/xxxxxxxx/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive

I'm not sure if it is unable to read the authorized_keys file, or if there is a timeout issue with this, or did the authentication fail? Is there any way to get more details?

I have done the following steps:

• ssh-host-config. Answered yes to all.
• Generated the RSA key and added it to the authorized_keys file.
• net start sshd
• ssh localhost

These are the permissions:

-rw------- 1 xxxxxxxx mkgroup  402 May 18 16:34 authorized_keys
-rw------- 1 xxxxxxxx mkgroup 1675 May 18 16:33 id_rsa
-rw-r--r-- 1 xxxxxxxx mkgroup  402 May 18 16:33 id_rsa.pub
-rw-r--r-- 1 xxxxxxxx mkgroup  171 May 18 14:33 known_hosts

There are a couple of issues as well: - The group is displayed as mkgroup. - The user "xxxxxxxx" does not exist in the localhost, I guess. It was not displayed in "net user sshd". "xxxxxxxx" is a Domain account. Could this be causing the public key authentication issue?

Just to see if there is any difference in the output, I deleted the authorized_keys file and tried. There was no difference in the output. It still sends a packet and proceeds to the next mode of authentication. There is no error message. Is there any other way to get more details (I'm a Cygwin and SSH n00b)? I would like to find it fails while reading the authorized_keys file.

Answer 1

Re-Install it on

C:\

Many problems will be solved.

Answer 2

My problem was that I thought cygwin is OK if its files gets copy and pasted, so if I wanted to clone the installation I just copied and pasted C:\cygiwn64 folder somewhere else and ran the .bat file.

But I was wrong. Every time you copy a file with windows explorer the permission and ownerships gets corrupted in cygwin. So dont use windows explorer for making changes to any of the cygwin files, only use the command line apps like cp, mkdir, mv, vim, nano and others.

Also If you want to create a new installation just use the setup_x86_64.exe file and simply choose a new root directory for it and let the setup install packages and do the rest for you.

This way you make sure that nothing gets corrupted and you wont get surprised by some amazing error messages in the future.

Answer 3

I had a similar problem setting up public key authentication (with similar verbose output from the client), though I was trying to do it from an Ubuntu client to a Cygwin SSHD server, and it was a very old Cygwin environment (version 1.5.12 on Windows 2000!). I had copied the public key using ssh-copy-id.

In my case, making the authorized_keys files world readable (mode 644) on the Cygwin side appeared to allow public key authentication to succeed.

From what I've seen, mode 600 is standard, so perhaps this "fix" in my case is actually a sign of a problem elsewhere in the Cygwin SSHD setup. But now that pub key authentication is finally working, I probably won't be digging any deeper.

Answer 4

Quick double-check, did you add your public key or private key to authorized_keys? It needs to be your public key.

I notice that the server is not responding with a "Server accepts key..." upon receipt of your pubkey_test and I have seen that when the public key is missing from the authorized_keys file on the server you're connecting to. You should see:

debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279

Easiest way to set it up is to use ssh-copy-id to do the work, e.g.,:

# ssh-copy-id localhost

That will create your authorized_keys file with the correct permissions. When you run this, you will be prompted for your password, because the server doesn't have the key. Once this command runs successfully, you'll be able to simply ssh to the server using your identity file. Note that ssh_config defaults the identity file to ~/.ssh/identity, ~/.ssh/id_rsa, ~/.ssh/id_dsa, so if you want to use a different file, you should set up an alias in ~/.ssh/config.

Hope this helps.

Answer 5

It appears that there are some problems with your cygwin setup, which is why the user/group is not showing up correctly. You need to run mkgroup to generate your /etc/group, and possibly mkpasswd as well. I had a similar problem - I had to run mkpasswd to regenerate my /etc/passwd. After running mkpasswd, I could finally ssh into my localhost. It's a shame the debug info does not log enough info to easily diagnose the problem.

This page describes more about Windows security in cygwin: http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

Answer 6

At the very least you need to

chmod 700 id_rsa

This is my setup if it helps

-rwx------ 1 Steven None 1675 May 17 12:49 id_rsa
-rwx------ 1 Steven None  399 May 17 12:49 id_rsa.pub
-rwx------ 1 Steven None  803 May 18 01:13 known_hosts