This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
SSH, Samba, smbnetsec and chmod
- From: "Stephen Sherbert" <sherbert at RigakuMSC dot com>
- To: <cygwin at cygwin dot com>
- Date: Wed, 23 Apr 2003 17:21:51 -0500
- Subject: SSH, Samba, smbnetsec and chmod
Ultimately I am trying to get Cygwin's SSH on Windows 2k to connect
using public key authentication to a BSD box so CVS won't ask for a
password everytime. I have encountered a few hang ups and have spent a
lot of time narrowing the problem down. For the most part it boils down
to how my home directory ~ looks to cygwin. My home is set in my
/etc/passwd file to /cygdrive/h and I have mapped H: to a Samba drive.
Case 1: With smbntsec option ON:
H:\.ssh>ls -l
total 5
-rw------- 1 ???????? ???????? 602 May 30 2002 authorized_keys2
-rw------- 1 ???????? ???????? 668 May 30 2002 id_dsa
-r-------- 1 ???????? ???????? 602 May 30 2002 id_dsa.pub
-rwx------ 1 ???????? ???????? 0 Apr 23 16:16 known_hosts
-r-------- 1 ???????? ???????? 608 May 30 2002 known_hosts2
-rw------- 1 ???????? ???????? 1024 Apr 23 10:19 prng_seed
id_dsa (my private key) is readable only to owner, which is required by
SSH. However, the user and group of all the files is unknown (id =
65536). This prevents ssh from adding to the known_hosts file:
c:\>ssh somehost.com
The authenticity of host somehost.com (xx.xx.xx.xx)' can't be
established.
RSA key fingerprint is ca:0f:d3:58:b6:d5:a5:7e:e3:ef:f9:f0:b8:b3:79:b6.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/cygdrive/h/.ssh/known_hosts).
Case 2: With smbntsec option OFF:
H:\.ssh>ls -l
total 5
-rw-r--r-- 1 sherbert None 602 May 30 2002 authorized_keys2
-rw-r--r-- 1 sherbert None 668 May 30 2002 id_dsa
-r--r--r-- 1 sherbert None 602 May 30 2002 id_dsa.pub
-rw-r--r-- 1 sherbert None 0 Apr 23 16:16 known_hosts
-r--r--r-- 1 sherbert None 608 May 30 2002 known_hosts2
-rw-r--r-- 1 sherbert None 1024 Apr 23 10:19 prng_seed
Now of course my user and groups are set up nicely and ssh will indeed
create and/or add to my known_hosts file. However, id_dsa is readable
to the world and ssh will complain:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/cygdrive/h/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/h/.ssh/id_dsa
Enter passphrase for key '/cygdrive/h/.ssh/id_dsa':
So I try chmod to fix the permissions:
H:\.ssh>chmod 600 id_dsa
H:\.ssh>ls -l
total 5
-rw-r--r-- 1 sherbert None 602 May 30 2002 authorized_keys2
-rw-r--r-- 1 sherbert None 668 May 30 2002 id_dsa
-r--r--r-- 1 sherbert None 602 May 30 2002 id_dsa.pub
-rw-r--r-- 1 sherbert None 0 Apr 23 16:16 known_hosts
-r--r--r-- 1 sherbert None 608 May 30 2002 known_hosts2
-rw-r--r-- 1 sherbert None 1024 Apr 23 10:19 prng_seed
---
I just wish there was a way to have a Samba mapped drive show up
correctly in cygwin. Both of my cases show a different problem, but I
think case 1 is the lesser of the 2. So I will stick with smbntsec set
to ON. I can manually build my known_hosts file as well.
Perhaps someone will have a suggestion I have not thought of.
Thanks
S. Sherbert
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/