X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-2.3 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD
X-Spam-Check-By:	sourceware.org
Message-ID:	<4ED56819.6050707@etr-usa.com>
Date:	Tue, 29 Nov 2011 16:17:45 -0700
From:	Warren Young <warren AT etr-usa DOT com>
User-Agent:	Mozilla/5.0 (Windows NT 6.0; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version:	1.0
To:	Cygwin-L <cygwin AT cygwin DOT com>
Subject:	Re: Passwordless sftp with ssh 5.9 still asks for password
References:	<9E9DD545D034B84B935BB50A739B078B0551DD6893 AT sha-exch12 DOT shared DOT ifeltd DOT com>
In-Reply-To:	<9E9DD545D034B84B935BB50A739B078B0551DD6893@sha-exch12.shared.ifeltd.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On 11/29/2011 2:49 PM, Andrew Erskine wrote:
>
> ssh-keygen -t dsa

"-t [keytype]" is a default flag these days, and it defaults to RSA, not 
DSA.  Unless you know for a fact you need DSA keys for some odd reason, 
leave this flag off and accept the default.

(ssh itself doesn't care what kind of key you use, as long as both ends 
have support for the key type you want to use.  Since every ssh 
implementation I've used since *forever* supports both RSA and DSA, the 
only way I can see why you'd want to use DSA is if you had some weird 
third-party tool that only understood DSA keys.)

> Accept the default
> key location, C:\Documents and Settings\nhuser\.ssh\id_dsa,

Why would that be the default location, if you are using Cygwin tools? 
Shouldn't it be something like c:\cygwin\home\nhuser\.ssh\...?  You can 
change your HOME to anything you like, but that's not the default with 
Cygwin.

> 2.  Copy the public key, id_dsa.pub, to all remote poller systems

More superannuated information.  Use the ssh-copy-id script instead of 
this manual process they're running you through.  It Does The Right 
Thing (TM) and it's included with recent versions of the openssh package 
in the default Cygwin package repo.

If you aren't using official Cygwin packages or you are insisting on 
using old stuff, you get what you deserve. :)

> 4.  Copy the public key into the authorized_keys2
> file, using the following command: copy /b id_dsa.pub
> authorized_keys2

That overwrites authorized_keys2, rather than appending to it as 
claimed.  Plus, you should be talking about authorized_keys, no numeral.

If I'm wrong and sshd *will* look for a '2' file, the problem is likely 
to be permissions.  It won't use the file if it isn't locked down, since 
that means you have only the illusion of security, and it won't play 
into a fantasy.

But if you use ssh-copy-id, you don't have to worry about any of this. 
Updating this file correctly is one of the things it does for you.

> Restart the cygwin Windows service

Not needed.  sshd re-reads authorized_keys on each login attempt.

> D:\cygwin\bin>...

You'll get a lot less friction with Cygwin tools if you use the Cygwin 
Bash shell instead of CMD.

ssh-copy-id is a shell script, so you'll have to jump through some hoops 
to even run it from a CMD shell, whereas it behaves just like any other 
command when you're running *any* Cygwin shell, not just Bash.

> Regards Andy Sent from my iPhone

<eyebrows type="through-the-roof">You typed all that on a screen 
keyboard?</eyebrows>  That's dedication.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -