This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: OPENSSH passwordless login getting "system error 59" on "net use" cmd with samba


 You should still be able to login as yourself and gain access to
your network shares.

I am able to login as myself without passwordless login and get access to my network shares. However, I am not able to login as myself using PASSWORDLESS login via public keys and have access to the network shares. I need to execute ssh login in a batch script so I need passwordless login to work and I need to have access to the network shares when I login. Is there some other way to get access to network shares via passwordless login without changing the user who runs the sshd service and opening the security hole?


Thanks for your input,
Terry

----- Original Message ----- From: "Larry Hall (Cygwin)" <reply-to-list-only-lh@cygwin.com>
To: <cygwin@cygwin.com>
Sent: Friday, February 01, 2008 1:33 PM
Subject: Re: OPENSSH passwordless login getting "system error 59" on "net use" cmd with samba



Terry Orechia wrote:
Hi,

I was able to resolve this issue by switching the user who runs the sshd service. If anyone else is having this problem you can find detailed documentation on how to do get around this issue this at http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html.


Some words of caution here:


The procedure outlined with the domain user as the user the service will
run as gives the domain user advanced privileges which encompass those
of SYSTEM (on <W2K3 machines) and sshd_server.  This opens a wider
security hole than just using SYSTEM (on <W2K3 machine) or sshd_server
as the service user.

If you don't need the ability to let others login via 'ssh' to the system
in question, you are better off to not alter your user's permissions at
all. You should still be able to login as yourself and gain access to
your network shares. By doing this, you won't be opening up the security
hole but others trying to log in will run in your user context in your case.
See <http://cygwin.com/faq/faq-nochunks.html#faq.using.shares> for more
details.


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/





-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]