3

Once openSSH/Cygwin is installed and working on Windows 7, it seems like any user you use to ssh into the Windows 7 box takes on plain user privileges. That is, the user cannot execute privileged commands even if the user is an Administrator.

Is there a way for a Cygwin SSH user to acquire elevated user privileges? (e.g. "sudo") Or is that a limitation of Cygwin as it stands right now? (e.g. like Cygwin's ping)

Relevant technical info:

  • Windows 7 (64-bit) Home Premium
  • Cygwin 1.7.x
EEAA
  • 109,363
  • 18
  • 175
  • 245
Matthew Lam
  • 33
  • 1
  • 5

3 Answers3

3

If you log in to sshd with password authentication, then you authenticate simultaneously to Windows and should be granted your account's administrative rights. If you log in with public key authentication, then sshd makes an end run around Windows authentication, and you'll only ever have standard user rights.

For more information, see Corinna's answer to this question from 2004. See also the recent thread on the Cygwin mailing list about admin rights over ssh.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
1

This post is old, but I still will give an answer since recently I was having this issue and arrived to this post, this may be useful to someone.

As Andrew Schulman has answered, you would need to login with user/password to be granted the full Windows account privileges (For example: Admin rights if the user has those). However, if you still want to use public key auth for security reasons (better security than standalone password auth) the following can be a solution:

Since ssh supports using more than one authentication method chained one after another (https://security.stackexchange.com/questions/17931/possible-to-use-both-private-key-and-password-authentication-for-ssh-login) you could enable both public key auth and password auth:

  • The purpose of public key auth would be to have stronger security.

  • The purpose of password auth would be to 'force' sshd service to create a Windows session with your full privileges by supplying it with the user/pass.

To enable this you would need to configure the following setting on your sshd_config file on the server with cygwin installed:

AuthenticationMethods "publickey,password"

Please note that you also need the following enabled:

PasswordAuthentication yes
PubkeyAuthentication yes

After the configuration file change and sshd service restart you will need both the private key and to enter the user password to login with ssh from client. You will be given the full Windows privileges of the specified account.

The small inconvenient is that in addition to the private key you will need to specify the user password every time you want to login with ssh, but I think this is still good for the sake of having better security and being able to have the full privileges of your Windows account.

DanielC
  • 121
  • 2
  • That is interesting. I no longer have that problem (or the computer in question) so I can't check, but yeah there was a chance that I was using an SSH key to login and that's why I had problems with being an administer. On my Windows 10 Cygwin boxes, I login with username and password so that might be why I haven't seen that problem. This is a good answer. – Matthew Lam Jun 17 '21 at 06:52
0

Chech freeSSHd, I think it will allow you an Administrator access.
But you will not be logging in through Cygwin here

nik
  • 7,100
  • 2
  • 25
  • 30