This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HELP: sshd/multi-user how-to


On Sat, 10 May 2003, richard dje wrote:

> I'm trying to setup a cvs server on cygwin over ssh.

See below...

> I have cygwin v1.3.22.1 installed on a win2k box.
> I also installed the latest version of openSSH, and all related packages.
> 
> I also learned that one need to create a windows account for each user
> willing to connect to the server.
> 
> In order to do some testing i just created 2 accounts on the windows
> machine,say USER1 and USER2.
> 
> To enable connections through ssh one need to correctly setup 'sshd'. For that
> USER1 ran 'ssh-host-config', since /etc/ssh_host_* files must be
> read/write-able by only one account. Normally that user should have been
> 'root'. Browsing the web, i saw that it was not that simple
> on cygwin (Please correct me if i am wrong).
> 
> Files
> /etc/ssh_host_key,
> /etc/ssh_host_rsa_key,
> /etc/ssh_host_dsa_key
> 
> should not be group and world-accessible.
> 
> I then launched the following two commands
> $ mkpasswd -l > /etc/passwd
> $ mkgroup -l > /etc/group
> 
> Their content looks OK.
> 
> I then gathered USER1 and USER2 ssh2-rsa publickeys and put them in
> their respective $HOME/.ssh/authorized_keys2 (on the server machine).
> 
> The windows machine was then booted on USER1 account in order to be able
> to start 'sshd' by means of '/etc/rc.d/init.d/sshd start'
> 
> Connecting remotely to USER1 account by the following command worked just fine
> $ ssh -v USER1@server_ip_address
> 
> But trying to do the same for USER2 by using
> $ ssh -v USER2@ser_ip_address
> just failed, since i am asked to provide a password.
> The above command output showed me that the ssh2-rsa publickey auth just
> failed.
> 
> 
> QUESTION:
> - Is the above configuration feasible ?
>   assuming USER1 is a poweruser,
>   USER2, USER3, ..., USERN are simple user.

If what you are doing is running sshd as user1 while wanting to allow 
user{2,3,4} to also login you will need to give user1 extended privileges 
(info at <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID>) so 
that it can switch user context (setuid).

> - Does cygwin/cvs works fine in server mode using 'ext' protocol (ssh) ?

A few people, including myself, have had a running cvs server but not for 
a record length of time. I was able to keep a server going for two days, 
and then it started giving me assert'ions.

> - Security-wise is (cygwin/cvs server / ssh) a good choice ?

IMO, Yes. But there are concerns about shared memory and such. A search of 
the archives might(tm) give you more information.

-- 
Elfyn McBratney
Systems Administrator
ABCtales.com



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]