Mail Archives: cygwin/2001/04/23/11:44:13
Hi All...
I am currently running OpenSSH 2.5.2p2 with multiple (sequential)
authentication modes in a WinNT/Win2k srvany sshd server environment. That
is: to login, I first type a passphrase for my ssh2 rsa (or dsa) key, then I
type the password on the local machine. It is working great and gives the
security improvement I was looking for.
For now, the recipe is as follows:
1) Download and install the latest CygWin code (including source for both
openssh and openssl).
2) Download Carson Gaspar's 3-28-01 patch from the OpenSSH Archives.
3) cd /openssh-2.5.2p2
4) ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin
5) edit defines.h, line 439 and uncomment the `#define USE_PIPES 1'
6) apply the Partial Authentication Patch
7) edit auth2.c, comment out the call to check_nt_auth at the end of
userauth_pubkey
8) make
9) copy sshd.exe to /usr/sbin (stopping the sshd service as needed)
10) edit /etc/sshd_config, change Protocol whatever line to 'Protocol 2',
change StrictModes from yes to no, and add the following line near the
bottom of the file 'AuthOrder2 publickey:password'
You can now run the service from LocalSystem and have rsa/dsa authentication
from multiple users. The login sequence will now look like:
user AT machine ~
$ ssh localhost
Enter passphrase for key '/home/user/.ssh/id_rsa':
Authenticated with partial success.
user AT localhost's password:
Last login: Mon Apr 23 00:07:17 2001 from machine
user AT machine ~
$
I hope this is helpful.
Thanks,
...Karl
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -