RE: MFC function GetUserName always return id SYSTEM when using sshd

        This is "normal" for publickey authentication, any version of
Windows. Simply, because the sshd does not have your password, it cannot
impersonate you. This is also a problem for Microsoft's own server
software. See http://support.microsoft.com/?scid=207671

> -----Original Message-----
> From: ssh-l-bounces@erdelynet.com
> [mailto:ssh-l-bounces@erdelynet.com]
> Sent: Tuesday, December 16, 2003 9:57 AM
> To: Secure Shell Discussions
> Subject: MFC function GetUserName always return id SYSTEM when using
> sshd
>
> Greetings:
>
> And TIA.
>
> Quick summary of my configuration:
>
> W2K Server (Windows 2000 - Not 2003)
> Latest downloads of all cygwin resources
>
> I have successfully configured this W2K host to authenticate via publickey
> (which I am aware is problematic as indicated in the following link:
> http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0311/10.html ).
> That said, whenever this W2K server machine connects to any other Windows
> host (XP, W2K, etc) the return from a program which employs a GetUserName
> call via MFC (Visual C++ 6.0) is always SYSTEM (as opposed to the login id
> via the ssh call). So if I
>
> ssh <host> -l <username> the login ID is SYSTEM instead of <username>
> NOTE: password authentication always returns the correct <username>
> result. I have confirmed the following:
>
> 1). This behavior is observed from any W2K server connection i.e.
>
> W2K (2000) Server -> XP
> W2K (2000) Server -> W2K
>
> 2). ssh calls via cygwin sshd servers running on any other Windows Host
> return the expected id: <username> during publickey authentication,
> including connecting to this W2K server
>
> 3). I have run the sshd process via cygrunsrv (normal default) and also
> standalone (i.e. run sshd from a bash window) and there was no observed
> difference. This was a bit of a suprise, since I thought that without the
> cygrunsrv use, I would have expected the current user running sshd to be
> identified as the user from GetUserName. This leads me to believe that
> the configuration/setup process of sshd (perhaps the account sshd?) or the
> binary itself is somehow responsible for this ID assignment.
>
> I believe the issue here is the disclaimer from the GetUserName function,
> i.e.
>
> Remarks
> If the current thread is impersonating another client, the GetUserName
> function returns the user name of the client that the thread is
> impersonating.
>
> However why only on W2K Server?
>
> As stated earlier, when sshd was being invoked via cygrunsrv this was
> understandable given the all services are 'owned' by SYSTEM, but when I
> ran sshd from a user account, I would have expected the user account id
> (i.e. the -l argument to ssh), but the result (SYSTEM) was unchanged.
> Bottom line: I would like to ssh to another Windows host and have the
> identity on the client side to indicate the account which I am logging
> into.
>
> Any help appreciated.
> --
> Mens nobilis regnum possidet.
> 508.695.2950
>
>
>
> << File: ATT00085.txt >>

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/options/ssh-l#subscribers
and enter your email address at the bottom.
If you don't know your password, have it emailed to you. Then unsubscribe.