====== SSH to a Windows host with Cygwin, public key auth fails but password works ======

When trying to SSH into a fresh install of Cygwin SSHD on a box I found that setting up public-key auth wasn't working for this host. I used the same install script that I do for all of my Cygwin SSHD hosts, so something was awry.

<code>[jrdalrymple@localhost ~]$ ssh -v jrdalrymple@REMOTEHOST
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config

<... snip ...>

debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jrdalrymple/.ssh/id_rsa
Connection closed by REMOTEHOST
[jrdalrymple@localhost ~]$ ssh -o PubkeyAuthentication=no jrdalrymple@REMOTEHOST
jrdalrymple@REMOTEHOST's password:
Last login: Sat Jun  6 19:28:20 2015 from localhost

jrdalrymple@REMOTEHOST ~</code>

The big difference here is that this host is a Windows Domain Controller, so it can't have local users. I suspect that's what has me hosed, although I never truly confirmed that.

After enough googling around this ended up being the solution.

<code>jrdalrymple@REMOTEHOST ~
$ cyglsa-config

Warning: Registering the Cygwin LSA authentication package requires
administrator privileges!  You also have to reboot the machine to
activate the change.

Are you sure you want to continue? (yes/no) yes

Cygwin LSA authentication package registered.

Activating Cygwin's LSA authentication package requires to reboot.
</code>

Reboot and it was immediately fixed.

Incidentally I did add the local SYSTEM to "Acta s part of the operating system" and "Replace a process level token" in gpedit.msc, but I don't think that actually mattered. I'm not sure if sshd running as localhost\SYSTEM is an issue or not, but it's what ssh-host-config chose.