| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-Injected-Via-Gmane: | http://gmane.org/ |
| To: | cygwin AT cygwin DOT com |
| From: | Andrew DeFaria <ADeFaria AT Salira DOT com> |
| Subject: | Passwordless login with ssh |
| Date: | Wed, 15 Oct 2003 16:51:58 -0700 |
| Lines: | 65 |
| Message-ID: | <bmkmdl$82i$1@sea.gmane.org> |
| Mime-Version: | 1.0 |
| X-Complaints-To: | usenet AT sea DOT gmane DOT org |
| User-Agent: | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) |
| X-Accept-Language: | en-us, en |
Sorry, I searched the list and did not get a definitive answer. What I'm
trying to do is to secure things up a little bit around here. I would
like to use ssh. But I also want to allow valid users to ssh <remove>
<command> without being prompted for a password. I'm not sure this is
doable.
Reading from openssh-3.7.1p2-1.README I see
Authentication to sshd is possible in one of two ways. You'll have
to decide before starting sshd!
- If you want to authenticate via RSA and you want to login to that
machine to exactly one user account you can do so by running sshd
under that user account. You must change /etc/sshd_config to contain
the following:
RSAAuthentication yes
Moreover it's possible to use rhosts and/or rhosts with RSA
authentication by setting the following in sshd_config:
RhostsAuthentication yes
RhostsRSAAuthentication yes
Seems to me that the above says I can only use RSA Authentication IFF
I'm only want to allow one username to be able to login. Or
- If you want to be able to login to different user accounts you'll
have to start sshd under system account or any other account that is
able to switch user context. Note that administrators are _not_
able to do that by default! You'll have to give the following
special user rights to the user:
"Act as part of the operating system"
"Replace process level token"
"Increase quotas"
and if used via service manager
"Logon as a service".
The system account does of course own that user rights by default.
Unfortunately, if you choose that way, you can only logon with NT
password authentification and you should change /etc/sshd_config to
contain the following:
PasswordAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
However you can login to the user which has started sshd with RSA
authentication anyway. If you want that, change the RSA
authentication setting back to "yes":
RSAAuthentication yes
Seems to say that I can allow multiple users to login with ssh but I
can't allow RSA authentication, hence I can't have passwordless logins.
Is there any way to allow passwordless logins through ssh for a group of
people?
--
A flying saucer results when a nudist spills his coffee.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |