Mail Archives: cygwin/2001/04/01/12:29:31

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2001/04/01/12:29:31

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin AT sources DOT redhat DOT com

X-Originating-IP: [63.236.151.131]

From: "Karl M" <karlm30 AT hotmail DOT com>

To: cygwin AT cygwin DOT com

Subject: ssh Authentication--RSA/Password

Date: Sun, 01 Apr 2001 09:29:10 -0700

Mime-Version: 1.0

Message-ID: <F224PGmYCESUQoPqajB0001264c@hotmail.com>

X-OriginalArrivalTime: 01 Apr 2001 16:29:10.0637 (UTC) FILETIME=[E187C1D0:01C0BAC8]

Hi Corinna and All...

I need to allow multiple users to log on to a win2k system with ssh, but I 
am concerned about the security of allowing password authentication. I 
understand that curently you need to get the password to the sshd host so 
that the setuid can work and that this is why you use password 
authentication. You mentioned that some other software would be required to 
eliminate this need.

How big a job is this and how would it work?

Are you considering writing it in the future?

Is there annother way we could get the password to the sshd host?

I would be willing to type a passphrase and a password to log in. The 
passphrase would allow RSA authentication; the password would allow the 
setuid to work. Then I would disable password authentication in the 
sshd_config file. I would then have a secure authentication without worrying 
(as much) about users selecting weak passwords. I don't see any security 
holes introduced by this, as the tunnel is open when we bring the password 
through.

What are your thoughts?

Thanks,

...Karl
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
X-Originating-IP:	[63.236.151.131]
From:	"Karl M" <karlm30 AT hotmail DOT com>
To:	cygwin AT cygwin DOT com
Subject:	ssh Authentication--RSA/Password
Date:	Sun, 01 Apr 2001 09:29:10 -0700
Mime-Version:	1.0
Message-ID:	<F224PGmYCESUQoPqajB0001264c@hotmail.com>
X-OriginalArrivalTime:	01 Apr 2001 16:29:10.0637 (UTC) FILETIME=[E187C1D0:01C0BAC8]