delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/08/10/05:09:15

X-Spam-Check-By: sourceware.org
Date: Thu, 10 Aug 2006 11:07:34 +0200
From: cygwin-060809 AT cxxl DOT de
Message-ID: <6510463452.20060810110734@cxxl.de>
To: Corinna Vinschen <cygwin AT cygwin DOT com>
Subject: Re[2]: uid having logged in with ssh
In-Reply-To: <20060810075831.GF20467@calimero.vinschen.de>
References: <001c01c6bbee$47443220$35c94e98 AT CASSANDRA5> <44DA42F7 DOT 8030102 AT cygwin DOT com> <1039663999 DOT 20060810090353 AT cxxl DOT de> <20060810075831 DOT GF20467 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

hi,

Thursday, August 10, 2006, 9:58:31 AM, "Corinna Vinschen" wrote:

>> >> I am running sshd having set up the sshd service using ssh-host-config with
>> >> privilege separation and with sshd running as a server owned by the local
>> >> sshd_server user.
>> >> All is working fine and I can log in using my keys without the need for
>> >> passwords or without keys and using passwords.
>> >> My problem is that if I then try and run some processes after logging in
>> >> (specifically MPI ones) the system thinks I am the local sshd_server user
>> >> and not the person I wish to be.
>> 
>> >> Any ideas how I can get sshd working such that after log in I am really the
>> >> user I wish to be would be much appreciated.
>> 
>> > Patience. ;-)
>> 
>> i just want to add one more detail: i have the same setup with sshd.
>> plus, i use EFS (encrypting file system) on the sshd box.  now EFS
>> encrypts files ONLY for the user that writes them (and for so called
>> recovery agents, but they are set up globally and all EFS files are
>> decryptable for them), but not for all other users that may have
>> access to the files (based on the their file privileges).
>> 
>> so when i'm user X and log in through sshd, write some file and then
>> log on locally though a console, i can't read my own file, because the
>> file was encrypted for SvcCOPSSHD (the sshd user in my case).
>> 
>> i, too, would much appreciate a solution :)

> There's a working workaround:  Use password login.

that's what i want to avoid for practical reasons.

> Otherwise only the subauthentication stuff mentioned in
> http://cygwin.com/ml/cygwin-developers/2006-07/msg00013.html as Larry
> already pointed out will allow what you want.  There's really no gain in
> repeating scenarios in which the current technique doesn't work.  The
> drawbacks are known for years, really.

ok.  did i understand correctly that subauth is not yet part of the
regular cygwin distribution?  or is it and has to be installed and
enabled somehow? 

-- 
/chris/



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019