This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: FW: Can not config sshd


I am running it as the user I want to RSA as.  I also have all my system
mounts set to binary.  Could the files still be in text mode?  What I am
trying to do is a bit odd, I am sure as I need both worlds.  I have created
two entries in my services file for sshd... or rather sshd and sshbak (sshd
at 22 sshbak at 26) Then created two entries in inetd each with a different
config file.  One config allows RSA and the other allows password only.  As
I understood, this should be all I need to do, beyond the basics for rhosts
and RSA.  If this is starting to sound real complicated and you have time to
go into detail with me, I will send you details of my config directly.

Thanks for your help

-----Original Message-----
From: corinna@snoopy.vinschen.de [mailto:corinna@snoopy.vinschen.de]On
Behalf Of Corinna Vinschen
Sent: Thursday, May 25, 2000 5:56 PM
To: Prentis Brooks
Cc: cygwin
Subject: Re: FW: Can not config sshd


Prentis Brooks wrote:
> Now, in my case, I am not able to get the OpenSSH to accept rhost
> authentication or RSA...
>
> Here is what I have.  sshd is running out of inetd, and is working fine as
> far as that goes, works great for password authentication.
>
> I have put .shosts in the users directory and I have added the client's
> ssh_host_key to the /etc/ssh_known_hosts file, with appropriate FQDN
> preceeding the actually key.  I have gone over the permissions and can't
> find any holes.  Setup duplicates existing Unix ssh configuration and
> "should" work.  I am using Corinna's binaries, do I need to re-compile?

I mentioned that in the README which comes with the
binary package:

This is for NT:
You can use RSA and/or rhosts authentification ONLY if
sshd is already running under that users account. This is
due to the NT authentification method. If you want to use
sshd from LocalSystem account (or another account which has
the appropriate rights) and you want to be able to logon
to different accounts, you ONLY can use password authentification.
You can't mix that methods. Recompiling will not help
here.

Personally I'm the only user on my system, so I'm starting
sshd as stand-alone service under my own user account. This
enables me to use RSA authentication.

BTW: Starting sshd from inetd is not common pratice. This
is because sshd needs to generate the server key before it
can respond to the first users authentication request.
This may take much time! If you start sshd as daemon,
it has the chance to generate the server key prior to
the first user intervention.

Perhaps another problem is that I have patched openSSH so
that identity files are always opened in binary open mode.
If you use an identity file of another ssh which was
created on a text mode mounted directory, it's probably
unusable if not converted.
I have choosen binary for identity files to allow usage
of copied identity.pub files on foreign boxes without
need to convert.

Corinna

--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]