| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=4.5 required=5.0 tests=AWL,BAYES_50,BOTNET,RCVD_IN_DNSWL_NONE |
| X-Spam-Check-By: | sourceware.org |
| Message-id: | <4BF1B2F6.6060608@cygwin.com> |
| Date: | Mon, 17 May 2010 17:19:50 -0400 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-to: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21) Gecko/20090320 Remi/2.0.0.21-1.fc8.remi Lightning/0.9 Thunderbird/2.0.0.21 Mnenhy/0.7.5.0 |
| MIME-version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: 1.7 sshd - Alternative for cyg_server account? |
| References: | <AANLkTimNEa0kj73JlAlWxvMvwrybXRK8W7CFZSX1A4lN AT mail DOT gmail DOT com> |
| In-reply-to: | <AANLkTimNEa0kj73JlAlWxvMvwrybXRK8W7CFZSX1A4lN@mail.gmail.com> |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On 5/17/2010 12:21 PM, Greg Fury wrote: > Excuse me for my lack of Windows security knowledge. > > I'm getting some pushback from our Windows admins while trying to > implement sshd (1.7) on Windows server 2003. > > They are concerned about the cyg_server account being a local > administrator. Saying it's another account that could be compromised, > and they would like to avoid it. > > Is this a valid concern? > Are there alternatives to creating this account? > Could we run directly under Administrator? The "Administrator" account is not sufficient. 'sshd' requires the ability to switch users, which the "Administrator" account, by default, doesn't allow. One could supplement "Administrator" to have the required permissions and then use it, though I don't personally see that as being more secure. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |