| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=ZaNE3Y/fM/Ogjeg2 | |
| Y4lTpvY1gV3SRglzIvw74LUy/LxtjUPvpW1wzooLx5qvP4MvoB0tIsfs9cnd4gVA | |
| hvPg3XKd9mNete2YHIyXHK5c05pFZETxkCcNY0uWyeA222LW+tDZiw+tffn3rcbl | |
| EghxtN65b8dJgzGTFEDwsoC4eSU= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=H6klG5o55J+lOj4pIE7Gab | |
| 3bdUo=; b=s0lQ0c5HUhikmbX1mNTOyo1ikzUwn8T6zWyB0v0IihWH+E7jGmiCtE | |
| QG/igIHmDLLWgICdHYaTZdNYrYQ01nXcdUVnbvs060pUv3/QVfHRaR8hW0i0cu3x | |
| /uqRRFKK4TBefzCnRS10RM+Qz2puSoG6PaQ2so4+orcTUKP6ndqSQ= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.5 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 |
| X-HELO: | vms173003pub.verizon.net |
| Message-id: | <528A581F.2060607@cygwin.com> |
| Date: | Mon, 18 Nov 2013 13:10:39 -0500 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-to: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
| MIME-version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Sshd and key based authentication |
| References: | <5289C8BD DOT 1010109 AT netfence DOT it> |
| In-reply-to: | <5289C8BD.1010109@netfence.it> |
On 11/18/2013 2:58 AM, Andrea Venturoli wrote: > Hello. > > I'm trying to set up sshd on a Windows 2003 domain controller. > Everything works with password authentication; however I need this for a > script, so, in order to get non-interactive login, I must use keys. > Tried as hard as I could, but I could not achieve this: I'm always asked for > a password. <snip> > Is this supposed to work? Several posts say so, but no one mentions a domain > controller... Does it bring in anything special? If you want/have to use domain user logins, then you need to create a domain equivalent of 'cyg_server'. You can use the scripts that 'ssh-host-config' uses as a guide to do this but the actual process must be done by hand and you need access and permission on your domain controller to set this up. 'ssh-host-config' will not handle this case for you. > Are the above users correct? Any problem with it? For local users, no, no problem. > What are correct ownership and permissions of /home, /home/myuser, > /home/myuser/.ssh and /home/myuser/.ssh/authorized_keys? 'ssh-host-config' will set these up for you. I suggest you use it. > According to some how-tos, ssh-host-confing should have prompted with > "CYGWIN=" and I should have replied "tty ntsec", but this did not happen. > Other how-tos suggest putting this variable in the environment. > Is this information current or obsolete? I tried and it didn't seem to > matter... <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview> Yes, this information is obsolete. This is the main reason we recommend not using various How-To guides that you'll find littered around the Internet. > Any other hint? If a domain service account isn't an option, look at the other options listed in the User's Guide: <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview> Method 2 or 3 might be sufficient for your need. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |