Mail Archives: cygwin/2003/04/23/18:19:18

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/04/23/18:19:18

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

From: "Stephen Sherbert" <sherbert AT RigakuMSC DOT com>

To: <cygwin AT cygwin DOT com>

Subject: SSH, Samba, smbnetsec and chmod

Date: Wed, 23 Apr 2003 17:21:51 -0500

Message-ID: <000001c309e6$bcc41140$b226f6c0@sherbert>

MIME-Version: 1.0

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

Importance: Normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang)

Ultimately I am trying to get Cygwin's SSH on Windows 2k to connect
using public key authentication to a BSD box so CVS won't ask for a
password everytime.  I have encountered a few hang ups and have spent a
lot of time narrowing the problem down.  For the most part it boils down
to how my home directory ~ looks to cygwin.  My home is set in my
/etc/passwd file to /cygdrive/h and I have mapped H: to a Samba drive.

Case 1:  With smbntsec option ON:

H:\.ssh>ls -l
total 5
-rw-------    1 ???????? ????????      602 May 30  2002 authorized_keys2
-rw-------    1 ???????? ????????      668 May 30  2002 id_dsa
-r--------    1 ???????? ????????      602 May 30  2002 id_dsa.pub
-rwx------    1 ???????? ????????        0 Apr 23 16:16 known_hosts
-r--------    1 ???????? ????????      608 May 30  2002 known_hosts2
-rw-------    1 ???????? ????????     1024 Apr 23 10:19 prng_seed

id_dsa (my private key) is readable only to owner, which is required by
SSH.  However, the user and group of all the files is unknown (id =
65536).  This prevents ssh from adding to the known_hosts file:

c:\>ssh somehost.com
The authenticity of host somehost.com (xx.xx.xx.xx)' can't be
established.
RSA key fingerprint is ca:0f:d3:58:b6:d5:a5:7e:e3:ef:f9:f0:b8:b3:79:b6.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/cygdrive/h/.ssh/known_hosts).

Case 2:  With smbntsec option OFF:

H:\.ssh>ls -l
total 5
-rw-r--r--    1 sherbert None          602 May 30  2002 authorized_keys2
-rw-r--r--    1 sherbert None          668 May 30  2002 id_dsa
-r--r--r--    1 sherbert None          602 May 30  2002 id_dsa.pub
-rw-r--r--    1 sherbert None            0 Apr 23 16:16 known_hosts
-r--r--r--    1 sherbert None          608 May 30  2002 known_hosts2
-rw-r--r--    1 sherbert None         1024 Apr 23 10:19 prng_seed

Now of course my user and groups are set up nicely and ssh will indeed
create and/or add to my known_hosts file.  However, id_dsa is readable
to the world and ssh will complain:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/cygdrive/h/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/h/.ssh/id_dsa
Enter passphrase for key '/cygdrive/h/.ssh/id_dsa':

So I try chmod to fix the permissions:

H:\.ssh>chmod 600 id_dsa

H:\.ssh>ls -l
total 5
-rw-r--r--    1 sherbert None          602 May 30  2002 authorized_keys2
-rw-r--r--    1 sherbert None          668 May 30  2002 id_dsa
-r--r--r--    1 sherbert None          602 May 30  2002 id_dsa.pub
-rw-r--r--    1 sherbert None            0 Apr 23 16:16 known_hosts
-r--r--r--    1 sherbert None          608 May 30  2002 known_hosts2
-rw-r--r--    1 sherbert None         1024 Apr 23 10:19 prng_seed

---

I just wish there was a way to have a Samba mapped drive show up
correctly in cygwin.  Both of my cases show a different problem, but I
think case 1 is the lesser of the 2.  So I will stick with smbntsec set
to ON.  I can manually build my known_hosts file as well.

Perhaps someone will have a suggestion I have not thought of.

Thanks

S. Sherbert


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
From:	"Stephen Sherbert" <sherbert AT RigakuMSC DOT com>
To:	<cygwin AT cygwin DOT com>
Subject:	SSH, Samba, smbnetsec and chmod
Date:	Wed, 23 Apr 2003 17:21:51 -0500
Message-ID:	<000001c309e6$bcc41140$b226f6c0@sherbert>
MIME-Version:	1.0
X-Priority:	3 (Normal)
X-MSMail-Priority:	Normal
Importance:	Normal
X-MimeOLE:	Produced By Microsoft MimeOLE V6.00.2600.0000
X-Scanned-By:	MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang)