This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.7 Public Key Authentication problem


Thanks for the info - I wasn't aware of passwd -R - just tried it and
it works which is a good relief.
It's a dev lab - anyone with access to the keys is allowed full rights
to the machines - so security not a major concern.

BTW - I had installed cyglsa-config and rebooted and gave the users
the "Act as part of OS" right - but it doesn't work for me. I must be
missing something .....

Thanks again - you've saved me considerable problems!

On 2010/02/03 10:07 PM, shane fenton wrote:
> Hi,
> First time poster - so hopefully will get it right :)
> Cygwin 1.7 installed on approx 10 machines - XP /2008
> domain cyg_server user created
> Added above user to Quotas/create token/replace token & log on as
> service & local admins on pc's
> added cyg_server to passwd file
> ssh-host-config (found above user and used it and did the right perms
> on /var/empty & /var/log/sshd.log )
> added domain user accounts to passwd  & domain users group  > group

You didn't mention whether you set up the LSA authentication package
(with /usr/bin/cyglsa-config), or used 'passwd -R' for each user. Did
you try either of those?

The Cygwin User Guide goes into great detail about the methods of
changing user context, in this chapter:
http://cygwin.com/cygwin-ug-net/ntsec.html

The gist of that chapter is this: If you want to be able to login via
ssh as a user that is not running the sshd daemon, you have basically
two options:

(1) Provide a valid Windows password to the sshd daemon, either
interactively (which you obviously don't want to do, since you're
attempting public key auth), or stored statically in the registry via
'passwd -R'.

(2) Use the LSA authentication package. Bear in mind that if you use
this option to avoid giving sshd your password entirely, I believe that
certain privileges are withheld from the logged in user. [I don't
remember exactly what privs are missing in this case... access to
network resources maybe?]

Hope this helps,
-SM

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]