This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

SSH, Samba, smbnetsec and chmod


Ultimately I am trying to get Cygwin's SSH on Windows 2k to connect
using public key authentication to a BSD box so CVS won't ask for a
password everytime.  I have encountered a few hang ups and have spent a
lot of time narrowing the problem down.  For the most part it boils down
to how my home directory ~ looks to cygwin.  My home is set in my
/etc/passwd file to /cygdrive/h and I have mapped H: to a Samba drive.

Case 1:  With smbntsec option ON:

H:\.ssh>ls -l
total 5
-rw-------    1 ???????? ????????      602 May 30  2002 authorized_keys2
-rw-------    1 ???????? ????????      668 May 30  2002 id_dsa
-r--------    1 ???????? ????????      602 May 30  2002 id_dsa.pub
-rwx------    1 ???????? ????????        0 Apr 23 16:16 known_hosts
-r--------    1 ???????? ????????      608 May 30  2002 known_hosts2
-rw-------    1 ???????? ????????     1024 Apr 23 10:19 prng_seed

id_dsa (my private key) is readable only to owner, which is required by
SSH.  However, the user and group of all the files is unknown (id =
65536).  This prevents ssh from adding to the known_hosts file:

c:\>ssh somehost.com
The authenticity of host somehost.com (xx.xx.xx.xx)' can't be
established.
RSA key fingerprint is ca:0f:d3:58:b6:d5:a5:7e:e3:ef:f9:f0:b8:b3:79:b6.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/cygdrive/h/.ssh/known_hosts).

Case 2:  With smbntsec option OFF:

H:\.ssh>ls -l
total 5
-rw-r--r--    1 sherbert None          602 May 30  2002 authorized_keys2
-rw-r--r--    1 sherbert None          668 May 30  2002 id_dsa
-r--r--r--    1 sherbert None          602 May 30  2002 id_dsa.pub
-rw-r--r--    1 sherbert None            0 Apr 23 16:16 known_hosts
-r--r--r--    1 sherbert None          608 May 30  2002 known_hosts2
-rw-r--r--    1 sherbert None         1024 Apr 23 10:19 prng_seed

Now of course my user and groups are set up nicely and ssh will indeed
create and/or add to my known_hosts file.  However, id_dsa is readable
to the world and ssh will complain:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/cygdrive/h/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/h/.ssh/id_dsa
Enter passphrase for key '/cygdrive/h/.ssh/id_dsa':

So I try chmod to fix the permissions:

H:\.ssh>chmod 600 id_dsa

H:\.ssh>ls -l
total 5
-rw-r--r--    1 sherbert None          602 May 30  2002 authorized_keys2
-rw-r--r--    1 sherbert None          668 May 30  2002 id_dsa
-r--r--r--    1 sherbert None          602 May 30  2002 id_dsa.pub
-rw-r--r--    1 sherbert None            0 Apr 23 16:16 known_hosts
-r--r--r--    1 sherbert None          608 May 30  2002 known_hosts2
-rw-r--r--    1 sherbert None         1024 Apr 23 10:19 prng_seed

---

I just wish there was a way to have a Samba mapped drive show up
correctly in cygwin.  Both of my cases show a different problem, but I
think case 1 is the lesser of the 2.  So I will stick with smbntsec set
to ON.  I can manually build my known_hosts file as well.

Perhaps someone will have a suggestion I have not thought of.

Thanks

S. Sherbert


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]