| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.1 required=5.0 tests=AWL,BAYES_00 |
| X-Spam-Check-By: | sourceware.org |
| X-Cloudmark-SP-Filtered: | true |
| X-Cloudmark-SP-Result: | v=1.0 c=1 a=9arJFeZAiZsA:10 a=kCKDY91tEBMc+hi4YtGk8Q==:17 a=w_pzkKWiAAAA:8 a=qqePFTBOsbGuURynPnAA:9 a=y-5vgSKMtiJCklNI36IA:7 a=f0FdpXzOQ4cuFC7QJt7h92H6wCAA:4 a=OO2XiV6ZNdAA:10 |
| Message-ID: | <4B6A6FB5.10804@monai.ca> |
| Date: | Wed, 03 Feb 2010 22:56:53 -0800 |
| From: | Steven Monai <steve+cygwin AT monai DOT ca> |
| User-Agent: | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: 1.7 Public Key Authentication problem |
| References: | <fbea4b0a1002032207y5ee53669o97966eeb6e2138c2 AT mail DOT gmail DOT com> |
| In-Reply-To: | <fbea4b0a1002032207y5ee53669o97966eeb6e2138c2@mail.gmail.com> |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On 2010/02/03 10:07 PM, shane fenton wrote: > Hi, > First time poster - so hopefully will get it right :) > Cygwin 1.7 installed on approx 10 machines - XP /2008 > domain cyg_server user created > Added above user to Quotas/create token/replace token & log on as > service & local admins on pc's > added cyg_server to passwd file > ssh-host-config (found above user and used it and did the right perms > on /var/empty & /var/log/sshd.log ) > added domain user accounts to passwd & domain users group > group You didn't mention whether you set up the LSA authentication package (with /usr/bin/cyglsa-config), or used 'passwd -R' for each user. Did you try either of those? The Cygwin User Guide goes into great detail about the methods of changing user context, in this chapter: http://cygwin.com/cygwin-ug-net/ntsec.html The gist of that chapter is this: If you want to be able to login via ssh as a user that is not running the sshd daemon, you have basically two options: (1) Provide a valid Windows password to the sshd daemon, either interactively (which you obviously don't want to do, since you're attempting public key auth), or stored statically in the registry via 'passwd -R'. (2) Use the LSA authentication package. Bear in mind that if you use this option to avoid giving sshd your password entirely, I believe that certain privileges are withheld from the logged in user. [I don't remember exactly what privs are missing in this case... access to network resources maybe?] Hope this helps, -SM -- -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |