DanielJiang Respected Contributor.
Respected Contributor.
7771 views

Cygwin SSH Not Working - Permission denied error

Jump to solution

Our PPM 9.32 is on Window 2012 R2 server. We just installed the most recent Cywin, and went through all the steps to set up the SSH for PPM object migration. But we cannot get the SSH working so the PPM environment check failed. When I tested the SSH command to the current PPM server, I always got the error of "Permission denied" even the password and user account are correct. The account used is a domain account which we used to install the PPM and Cygwin. 
We went through the steps of creating CYGWIN sshd service by running Cygwin ssh-host-config command, also created the pubic and private keys folllowing the PPM Installation and Admin guide.

When we test the SSH from command prompt, we kept getting the error "Permission denied, please try again", after we providede password.

Anybody else had this issue?

Thanks a lot!

Daniel

Tags (1)
0 Likes
1 Solution

Accepted Solutions
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

That's right, I am giving up the key authentication now. I really don't think that's worth the time...

Also ran into the permission issue again, but later found out that the account is somehow in the Window local policy of Deny Log On Locally. It's kind of funny even the same account is in the Allow Log On locally, but it could still in the same Deny policy...

Issue resolved, and thanks again...

Daniel

0 Likes
12 Replies
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Hi Daniel,

Couplle of things to check:

1. User that is running the sshd service was used to perform cygwin installation?

2. Make sure the user is part of the passwd and group files present under C:/Cygwin/etc [or where ever cygwin is installed]. To do so, take a backup of passwd and group files; place the backup files locally somewhere not under '/cygwin/etc' folder.

3. To modify passwd file, launch cygwin from shortcut and type:

      mkpasswd -l > /etc/passwd

      mkpasswd -d -u userUsedtoRunSSHD >> /etc/passwd

4. To modify group file, type; replace <DOMAIN> with user domain.

     mkgroup -l > /etc/group

     mkgroup -d <DOMAIN> -g 'Domain Users' >> /etc/group 

5. Make the user who is running the ssh service is owner of var, log and empty files.

6. Check the permissions on 'var' and 'log' files present under C:/Cygwin/var and C:/Cygwin/Var/log. To change permission, launch cygwin and type chmod 711 /var ; chmod 711 /var/empty

ideally the permissions and owner in step 5 and 6 should be correct, if the user that is runnig sshd service was used to do the cygwin installation.

Let me know how it goes.

 

Cheers,

Ajay

Regards,
Ajay Mishra
0 Likes
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Hi Ajay,

I used one Window domain account to install PPM application and Cywin: ourdomain\ppmadmin

During the SSH configuration by running the ssh-host-config, a default account cyg_server was created. This is the account which is the logon of the Cygwin SSHD service. I tried to change the logon from cyg_server to ourdomain\ppmadmin and local admin, but then I couldn't start this sshd service, so I had to change it back.

I did updated the passwd file, tried to add both ppmadmin and cyg_server accounts, but still failed with permission denied error.

I tried change the permission of the var folder, also no luck...

Anything else I am missing?

Thanks,

Daniel

0 Likes
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Hi Daniel,

The matter of fact that you created a user during ssh-host-config; the ssh service is trying and using it. When you use other domain users to start the service you wont be able to as there are multiple permissions on various files. 

Can you check?

1. Anything captured in the logs c:/cygwin/var/log look at sshd file; typically after every error, there is a log generated under there. 

2. Did you try to run the service under 'local system account' instead of running under domain or cyg_server? 

3. If all these doesnt work then you may uninstall sshd service and reinstall it using ssh-host-config this time do not create cyg_server user; you can say I want to use my own account, then use the ppmadmin account there.

 

Let me know how it goes.

Ajay

 

Regards,
Ajay Mishra
0 Likes
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

oh one more thing, since you are on Windows 2012.. Please check which Cygwin version you are installing.. I recollect having some issues with 2012.. had to get the latest cygwin package. I will have to double check which version i installed. or maybe some dll was missing.. Can you also check the logs.. 

In the meanwhile i will try and find more details. 

 

 

Regards,
Ajay Mishra
0 Likes
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Ajay,

The error in the sshd log is "/var/empty must be owned by root and not group or world-writable."

I had to changed the owner of the "empty" folder in order to start the sshd service by 'local system account'.

Then I tried the sshd using my PPM admin account, but it still failed with permission denied error. The onlything is that this time the sshd log is updated with a new error.

Any thoughts?

Thanks,

Daniel

0 Likes
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Hi Daniel,

clearly it is permission issue - basically you have installed ssh using different user and trying to run the service using different user. Try running ssh service using cyg_server user (one that you created during installation). 

Else try and uninstall ssh and reinstall this time use your domain account. 

If you want a installation guide, send me your email address and i will flick you one. 

 

Ajay

Regards,
Ajay Mishra
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Ajay,

Thanks for your installation guide!

I was able to create SSHD service and then get it running using my ourdomain\ppmadmin account. This is the same domain account to install Cygwin and PPM. I think there is still some file permission issue when I tried SSH.

In the meantime, it seemes it messed up its Remote Desktop access. Once I got it resolved, I will try to work on the file permission issue again.

Thanks!

Daniel

0 Likes
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Ajay,

Now I am able to establish the SSH connection. I verified the SSH connection to the current PPM server through the command prompt on this server using SSH command. After I provided my password, the connection was established. Also the known_host file was generated. Then I followed the PPM Admin guide to create id_rsa, id_rsa.pub, authorized_keys files in the .ssh folder.

I also added the com.kintana.core.server.SSH2_JSCH_KNOWN_HOSTS_FILE_PATH in the server.conf.

I checked the current environement through Workbench, but received error as:

java.io.FileNotFoundException: D:\Server_Apps\Cygwin64\home\ppmadm\.ssh\           (Access is denied)com.jcraft.jsch.JSchException: java.io.FileNotFoundException: D:\Server_Apps\Cygwin64\home\ppmadm\.ssh\id_rsa (Access is denied)

Then I granted full access of id_rsa file to my PPM server administrator account, but still received the same error...

Any thoughts?

Thanks again in advance...

Daniel

0 Likes
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Hi Daniel,

Why do you need to set up the id_rsa, id_pub_rsa and host_keys files ? are you planning to use 'key' based (password less)  authentication?

Further, It is not recommended to give full access to id_rsa key as that is a private key.

If you dont want to use 'key' based authentication or in short keyboard authentication, then probably remove the id_rsa and id_rsa_pub files ... 

Also ok for you send the screen shot? 

 

Regards,
Ajay Mishra
0 Likes
DanielJiang Respected Contributor.
Respected Contributor.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

That's right, I am giving up the key authentication now. I really don't think that's worth the time...

Also ran into the permission issue again, but later found out that the account is somehow in the Window local policy of Deny Log On Locally. It's kind of funny even the same account is in the Allow Log On locally, but it could still in the same Deny policy...

Issue resolved, and thanks again...

Daniel

0 Likes
Vipin Bansal
New Member.

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

Please send installation guide to me bansal.vipin@icloud.com  specially for Windows Domain Level.

0 Likes
Outstanding Contributor.. Amishra Outstanding Contributor..
Outstanding Contributor..

Re: Cygwin SSH Not Working - Permission denied error

Jump to solution

done

Regards,
Ajay Mishra
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.