Mail Archives: cygwin/2008/11/13/05:33:44
On Nov 12 16:57, Herb Maeder wrote:
> On 10 Nov 2008 15:48:15 +0100, Corinna Vinschen wrote:
> [...]
> Am I correct in assuming that you would need to have access to an account
> with Domain Administrator privileges in order to allow multiple domain
> users to ssh into a 1.7 vista machine?
I'm not quite sure about this. I don't claim to understand all the does
and dont's of Windows domains either.
However, I have a working result by creating a domain account with the
required permissions called cyg_server, then create a cyg_server entry
in passwd using mkpasswd, then start ssh-host-coonfig.
> And if you don't have access to such an account, the best you can do is
> fire up sshd as yourself (or perhaps one sshd per user on different ports)?
> I'm guessing that will allow you and local users to ssh in (assuming your
> domain account has local administrator access).
>
> Looking ahead, I suspect that this combo (sshd + 1.7 + vista + domain user)
> will be pretty common. Is there a plan for steering users in the right
> direction during the setup of sshd, or maybe giving a more descriptive
> error message?
The ssh-host-config script only covers the simpler approaches for home
users. Right now, a professional administrator for a Windows domain
will have to know a bit, or ask here.
Ideally, somebody would take a heart and
- Add more code to ssh-host-config to allow more smooth operations
in a domain environment.
- Add to the documentation to explain the problems.
But right now that won't be me.
> > 1. Yes, ssh-host-config has to be run elevated, as with all applications
> > requiring actual admin privileges. There's no way to elevate a child
> > process running in the same console window. Microsoft tweaked the
> > ShellExecute() call in shell32.dll heavily to allow the UAC stuff,
> > but neglected to allow applications using the CreateProcess() call to
> > do the same. ShellExecute is not an option to use in Cygwin processes.
>
> Bum deal. But thanks for the explanation. That clarifies what I was
> seeing.
Actually there is a way to elevate a console application which is the
manifest file. Unfortunately this only works for executables, not for
scripts.
I didn't try it myself, but maybe something like this works:
$ cd /bin
$ cp bash.exe bash-elevated.exe
$ sed 's/nstall\.exe/bash-elevated.exe/g' < install.exe > bash-elevated.exe.manifest
$ sed '1s/bash/bash-elevated/' < ssh-host-config > ssh-host-config-elevated
$ ssh-host-config-elevated
Sometimes adding a manifest file to an executable doesn't work immediately
due to some cashing in Windows but basically this should work.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -