Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stored credentionals (e.g. cmdkey) with password authentication doesn't work #2273

Open
3 tasks done
JohnstonJ opened this issue Sep 14, 2024 · 1 comment
Open
3 tasks done

stored credentionals (e.g. cmdkey) with password authentication doesn't work #2273

JohnstonJ opened this issue Sep 14, 2024 · 1 comment
Labels
Waiting on Author Need more information to diagnose

Comments

@JohnstonJ
Copy link

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest version
  • Search the existing issues.

Steps to reproduce

This issue is very similar to #1950, #452, #996, except that password authentication also does not seem to work (any more?). I understand the limitations of accessing the Windows credential manager when using public/private key authentication with OpenSSH. However, there are numerous comments that suggest password authentication should still work, since the password is available to decrypt the DPAPI store.

But, the problem is that cmdkey and other tools still seem to be unable to use stored credentials when using password authentication. In my case, I am trying to use SMB shares that were set up by Vagrant inside of a Windows guest, which is also running sshd. Vagrant uses cmdkey to store credentials for the SMB shares, and this works fine when logging in interactively into the guest, but does not work when logging in over ssh, even when using password authentication.

sshd_config, inside the Vagrant virtual machine:

Port 22
Subsystem	sftp	sftp-server.exe

ssh_config:

Host default
  HostName 172.21.202.90
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no

Trying to use cmdkey, note that I used password authentication and I still can't access the credential store:

C:\Users\JohnstonJ\Documents\Projects>ssh default "cmdkey /add:blah /user:blah /pass:blah"
Warning: Permanently added '172.21.202.90' (ECDSA) to the list of known hosts.
[email protected]'s password: <type "vagrant" for password>

CMDKEY: Credentials cannot be saved from this logon session.

Expected behavior

I should be able to access DPAPI / Credential Manager over SSH when using password authentication.

Actual behavior

I cannot use commands based on Credential Manager, such as CMDKEY, when using password authentication.

Error details

See steps to reproduce, above.

Environment data

From the sshd server:


PS C:\Users\vagrant> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.5
PSEdition                      Core
GitCommitId                    7.4.5
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0


### Version

OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2 (downloaded from "releases" of this GitHub project)

### Visuals

_No response_
@JohnstonJ JohnstonJ mentioned this issue Sep 25, 2024
Open
@maertendMSFT
Copy link
Collaborator

Have you tried any other versions of Win32-OpenSSH? Is this a regression or a still open issue/feature request?

@maertendMSFT maertendMSFT added the Waiting on Author Need more information to diagnose label Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Waiting on Author Need more information to diagnose
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JohnstonJ @maertendMSFT