Mail Archives: cygwin/2003/10/15/22:30:31
Andrew,
You are reading too much into the README. The point of the note is that the
account that runs ssh must be capable of switching user accounts without a
password. This requires the Windows permissions of
"Act as part of the operating system"
"Replace process level token" and
"Increase quotas"
The simplest way to accomplish this is to run the /bin/ssh-host-config
script which will install ssh as a service running with the System account.
You can log in to as many accounts as you want as long as you configure each
account correctly. The simplest way to configure an account correctly is to
log into that account, run a Cygwin shell and execute the
/bin/ssh-user-confog script.
Good luck,
Mark
>
----- Original Message -----
From: "Andrew DeFaria" <ADeFaria AT Salira DOT com>
To: <cygwin AT cygwin DOT com>
Sent: Wednesday, October 15, 2003 7:51 PM
Subject: Passwordless login with ssh
> Sorry, I searched the list and did not get a definitive answer. What I'm
> trying to do is to secure things up a little bit around here. I would
> like to use ssh. But I also want to allow valid users to ssh <remove>
> <command> without being prompted for a password. I'm not sure this is
> doable.
>
> Reading from openssh-3.7.1p2-1.README I see
>
> Authentication to sshd is possible in one of two ways. You'll have
> to decide before starting sshd!
>
> - If you want to authenticate via RSA and you want to login to that
> machine to exactly one user account you can do so by running sshd
> under that user account. You must change /etc/sshd_config to contain
> the following:
>
> RSAAuthentication yes
>
> Moreover it's possible to use rhosts and/or rhosts with RSA
> authentication by setting the following in sshd_config:
>
> RhostsAuthentication yes
> RhostsRSAAuthentication yes
>
> Seems to me that the above says I can only use RSA Authentication IFF
> I'm only want to allow one username to be able to login. Or
>
> - If you want to be able to login to different user accounts you'll
> have to start sshd under system account or any other account that is
> able to switch user context. Note that administrators are _not_
> able to do that by default! You'll have to give the following
> special user rights to the user:
>
> "Act as part of the operating system"
> "Replace process level token"
> "Increase quotas"
>
> and if used via service manager
>
> "Logon as a service".
>
> The system account does of course own that user rights by default.
>
> Unfortunately, if you choose that way, you can only logon with NT
> password authentification and you should change /etc/sshd_config to
> contain the following:
>
> PasswordAuthentication yes
> RhostsAuthentication no
> RhostsRSAAuthentication no
> RSAAuthentication no
>
> However you can login to the user which has started sshd with RSA
> authentication anyway. If you want that, change the RSA
> authentication setting back to "yes":
>
> RSAAuthentication yes
>
> Seems to say that I can allow multiple users to login with ssh but I
> can't allow RSA authentication, hence I can't have passwordless logins.
> Is there any way to allow passwordless logins through ssh for a group of
> people?
> --
> A flying saucer results when a nudist spills his coffee.
>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -