wincred icon indicating copy to clipboard operation
wincred copied to clipboard

Published 20 hours ago verified publisher icon danieljoos

Over SSH connections, getting an error "A specified logon session doesn't exist, It may already have terminated."

Open challarao opened this issue 7 years ago • 4 comments

I know it may probably have something to do with either the settings of the Windows, or it's just the way it works over remote connections.

The problem occurs if the user who logged in via SSH is not the same user on which the SSHD service is running (read Log On tab).

I'm guessing there is more graceful way to handle this as cmdkey does? When we invoke cmdkey /add over remote sessions. It stores the keys with "Saved for this logon only".

Generally is it safe to assume that cmdkey in all windows systems? (vs WinCred). But password cannot be read from cmdkey I guess.

Thank you

challarao avatar Nov 24 '17 10:11 challarao

Which SSH server are you using? Is it run by the default NETWORK_SERVICE user?

I didn't know about the cmdkey utility. Doing a quick research it looks like that tool is out there at least since Vista and you can only store passwords with it - not read them.

danieljoos avatar Nov 24 '17 11:11 danieljoos

I'm using Cygwin (with Open SSH). When we run ssh-host-config with Cygwin, it creates an account called cyg_server with administrator privileges. The service is run by the same user. But however we can change the user in Log On tab of the sshd service.

Here is a little catch. Whatever may be the user with which the sshd service is running. if we login via ssh with the same credentials, the WinCred works fine. But if we login via other users of the system, this will give the error in the title. I verified it by changing the service user of sshd.

Also, we don't even need SSH server to reproduce this. We can use Enter-PSSession in powershell to remotely login to the same system and run an example wincred program. (read --> WinRM --> Remote Management)

But if we use, Remote Desktop instead, we won't see any issues.

I'm still doing some experiments, I will update once done.

Thank you.

challarao avatar Nov 24 '17 12:11 challarao

Just had another look at the Windows credentials management API - the CredRead function in particular: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374804(v=vs.85).aspx

There it states the following:

Network logon sessions do not have an associated credential set.

So it looks like you cannot use wincred for this.

danieljoos avatar Nov 24 '17 15:11 danieljoos

Hi Daniel,

I saw that too. But the catch is it works if service user is same. However, I found a way for wincred to mimic cmdkey behavior. The key is to use PersistSession Type for persistence instead of other types in this specific case. This is the same thing done by cmdkey in case the session is remote I believe. I'm saying this because when keys are saved in a remote session, cmdkey says "Saved for this logon only".

I would try to research more and do a pull request if possible, if you would like.

Thank you

challarao avatar Nov 26 '17 10:11 challarao