This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: Is RSA authentication on SSH still broken?

From: "Harig, Mark A." <maharig at idirect dot net>
To: "Antonio Bemfica" <antonio at axolotl dot ic dot gc dot ca>,<cygwin at cygwin dot com>
Date: Tue, 5 Nov 2002 18:55:02 -0500
Subject: RE: Is RSA authentication on SSH still broken?

I am able to use SSH with public/private-key files.
ssh is working on Cygwin, both as a client and
as a server, at least on Win2K.

# Cygwin version:
$ uname -r
1.3.14(0.62/3/2)

# Windows version:
$ uname -s
CYGWIN_NT-5.0

# ssh version
$ ssh -V
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

My guess is that your problem is related to file/directory
permissions.  One permission problem I found is that
'ssh-keygen' creates a ~/.ssh directory (if you don't
have one already) with permissions set to 700.  I found
that I had to change these to 755.

Here are the file permissions you should check:

1. $HOME - Your home directory should be set to 700.
   Only you need access to your home directory.

2. $HOME/.ssh - Try setting this to 755.

3. $HOME/.ssh/authorized_keys* - Turn off write
   permission for anyone other than you, turn on
   read permission for everyone.  One possible
   setting for this is:

     $ chmod 644 $HOME/.ssh/authorized_keys*

   Of course, only 'identity.pub' keys should be
   in 'authorized_keys' and only 'id_rsa.pub'/id_dsa.pub'
   should be in 'authorized_keys2', depending upon
   the type(s) of encryption you chose.

4. $HOME/.ssh/<private keys> -
   Of course, only you should have any permissions
   for your private key files 'identity', 'id_rsa',
   or 'id_dsa' (you need at least one of these).

      $ chmod 600 identity (or id_rsa or id_dsa, etc.)


> -----Original Message-----
> From: Antonio Bemfica [mailto:antonio@axolotl.ic.gc.ca]
> Sent: Tuesday, November 05, 2002 5:32 PM
> To: cygwin@cygwin.com
> Subject: Is RSA authentication on SSH still broken?
> 
> 
> Hello
> 
> Could someone clarify whether RSA authentication is still not possible
> when running SSH as the SYSTEM user? I have Cygwin 1.3.14-1 
> and OpenSSH
> 3.4p1-5 and can only login via password authentication (I am familiar
> with the process to effect RSA authentication under Unix). I have also
> tightened permissions on the key files, home directory, etc.
> 
> The /usr/doc/Cygwin/openssh-3.4p1-5.README file mentions that "The
> following restrictions only apply to Cygwin versions up to 1.3.1" - is
> it safe to assume that I should be able to get it running, since I am
> using 1.3.14-1? I will stop trying otherwise!
> 
> Thanks a lot for the help.
> 
> A.
> 
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- RE: Is RSA authentication on SSH still broken?
  - From: Antonio Bemfica

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]