This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSHD under SYSTEM account (was: Re: cygwin & opensshd on .net enterprise server)


Larry,

>> > Can you please acknowledge whether or not you read openssh*.README so that
>> > we know whether you've missed the obvious user rights settings necessary for
>> > the administrator account?
>>
>>I read it and still have similar problems and there is this:


> I'm glad you read it Gerrit and would've expected as much from you.  I was
> enquiring this specifically of Tony, since it's not clear what he's tried 
> and how much he has researched the issue.


>>   "The system account does of course own that user rights by default."
>>
>>That means SYSTEM is ok and it is the default if I let the
>>ssh-host-config do the service setup.  So I expect no problems here.
>>More:
>>
>>   Unfortunately, if you choose that way, you can only logon with
>>   NT password authentification and you should change
>>   /etc/sshd_config to contain the following:
>>
>>     PasswordAuthentication yes
>>     RhostsAuthentication no
>>     RhostsRSAAuthentication no
>>     RSAAuthentication no
>>
>>
>>Wow this is like a hammer.  That means I cannot use PublicKey
>>Authentication?  If I cannot use public key authentication, the whole
>>benefit (besides transfering passwords encrypted) is futsch...
>>
>>If I let them try to guess my password several days there will be at
>>least one intruder every month...
>>
>>Is this true that PublicKey auth isn't working? (I cannot believe it).


> I think you missed the next statement in the file:

>    However you can login to the user which has started sshd with
>    RSA authentication anyway. If you want that, change the RSA
>    authentication setting back to "yes":

>      RSAAuthentication yes

> But if that user is SYSTEM, then this is little consolation.  I can't speak
> to any specifics but I can say that I agree with your interpretation of the 
> prose, minus the one caveat above.  Perhaps you'll want to try playing with
> this and debugging it to see if there's a solution for it that meets your 
> needs.

I am debugging this about two weeks now, every day an hour or so.  I
want to use DSA & SSH2 and it works.  But when I changed back the
sshd_config to 'RSAAuthentication yes' because a collegue wants to use
RSA (he just has RSA keys the poor man), it stops working.

Strange is that I can login at our Linux box and even with the same
config settings at the Linux and my NT server (where it is working if I
disable RSA) I cannot login using PublicKey Auth.

I will try to find a solution some more days and if there is a way to
use PublicKey Auth with RSA SSH1 and DSA SSH2 enabled and
    PasswordAuthentication no
I will find it;)


Gerrit
-- 
=^..^=


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]