This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSHD under SYSTEM account (was: Re: cygwin & opensshd on .netenterprise server)


Ok, I have used both I am sure, on the host key side.  I have not tried
via the users.  If I get a chance in the next few, I will tinker around
with it and let you know what I find.


On Thu, 16 May 2002, Gerrit P. Haase wrote:

> Prentis schrieb:
> 
> >  I think these docs are out of date.  this is fixed now, since I am
> > doing it.
> 
> Ok. PublicKey is working, I figured out to set it up with PublicKey Auth
> only and using my DSA key and only allowed protocol was SSH2.  I know
> that and that is the reason why I'm still trying to figure out how to
> use both (RSA & DSA over pubkey auth).
> 
> As I added 'RSAAuthentication yes' to the config it stops working and
> I don't understand why.  My collegue has just some RSA keys and was
> angry if I asked him to get some DSA keys too, so I tried to use both,
> SSH1 & SSH2 and RSA & DSA with no passwords, only pubkey.
> 
> It seems to be tricky...
> 
> Well we have options, I could make some RSA keys and we would both use
> RSA or he makes some DSA keys.  But now I have tasted blood (we say
> in Germany: Blut geleckt...), I want to use both with our existing keys
> just like we do at a Linux box we are both accessing where it works
> well.
> 
> 
> > On Thu, 16 May 2002, Gerrit P. Haase wrote:
> 
> >> Inc) schrieb:
> >> 
> >> >>I did copy him on the original note so he would be aware of the issue,
> >> >>but at this point I have completely removed his version (including
> >> >>deleting registry keys) and installed the cygwin environment. It appears
> >> >>that all of cygwin works when run in a system owned command window, but
> >> >>nothing works from an administrator account.
> >> 
> >> > Can you please acknowledge whether or not you read openssh*.README so that
> >> > we know whether you've missed the obvious user rights settings necessary for
> >> > the administrator account?
> >> 
> >> I read it and still have similar problems and there is this:
> >> 
> >>   "The system account does of course own that user rights by default."
> >> 
> >> That means SYSTEM is ok and it is the default if I let the
> >> ssh-host-config do the service setup.  So I expect no problems here.
> >> More:
> >> 
> >>   Unfortunately, if you choose that way, you can only logon with
> >>   NT password authentification and you should change
> >>   /etc/sshd_config to contain the following:
> >> 
> >>     PasswordAuthentication yes
> >>     RhostsAuthentication no
> >>     RhostsRSAAuthentication no
> >>     RSAAuthentication no
> >> 
> >> 
> >> Wow this is like a hammer.  That means I cannot use PublicKey
> >> Authentication?  If I cannot use public key authentication, the whole
> >> benefit (besides transfering passwords encrypted) is futsch...
> >> 
> >> If I let them try to guess my password several days there will be at
> >> least one intruder every month...
> >> 
> >> Is this true that PublicKey auth isn't working? (I cannot believe it).
> >> 
> >> 
> >> Gerrit
> >> 
> 
> 
> 
> 

-- 
Prentis Brooks	| prentis@aol.net | 703-265-0914 | AIM: PrentisBrooks
Senior System Administrator - Web Infrastructure & Security

       A knight is sworn to valor.  His heart knows only virtue.  His blade
       defends the helpless.  His word speaks only truth.  His wrath undoes
       the wicked. - the old code of Bowen, last of the dragonslayers


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]