| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=roqNG28EtG/dX0FK | |
| gGEss9VzJzkdb/8TTkISwh8t0EtUp6E6JK3y3YdXoMIJNe+mNNok7E4vPq2tB7zY | |
| CknFAbPZ7Ms8zv/kz4g9HqvwqWIcdHIO+tnCS9o/SxsXMQhdKG2vIP5xfYLDVkVB | |
| oesRj5WLmYlkCU8EI59rU4e3bwQ= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=TW88c3J/STYwBRWmEq00qy | |
| LnfCg=; b=tr09fE0aHF1swmIBSEujIBCUVnHda+TgBn3N4qKB2Tk29OG0DBI2zt | |
| YgJGliQRgt84jrNyC42KIjVhJLQ1vY54y6n/NGDqyCHYkvRvtG34CGC7gZOXGd6b | |
| pZlc6oArkRtpZOH7SN559ipcSGTTQOLajOkLJ91V73bSYFdwmkA9E= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.6 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 |
| X-HELO: | vms173009pub.verizon.net |
| Message-id: | <528D3F0F.4070405@cygwin.com> |
| Date: | Wed, 20 Nov 2013 18:00:31 -0500 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-to: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
| MIME-version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Sshd and key based authentication |
| References: | <5289C8BD DOT 1010109 AT netfence DOT it> <1679047089 DOT 20131118122233 AT mtu-net DOT ru> <5289DB39 DOT 7030408 AT netfence DOT it> <528CF357 DOT 3020000 AT netfence DOT it> |
| In-reply-to: | <528CF357.3020000@netfence.it> |
On 11/20/2013 12:37 PM, Andrea Venturoli wrote: > On 11/18/13 10:17, Andrea Venturoli wrote: >> On 11/18/13 09:22, Andrey Repin wrote: >> >>> Did you installed Cygwin LSA module? >>> http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 >> >> I don't think so, but I can't check right now... >> >> Should I? > > Hello. > > Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted: > still no luck. > > I raised the loglevel to DEBUG3 and verified sshd was *always* looking for > /home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in. > > So, if I do "ln -s /home/user /home/cyg_server", then ssh user AT server works > without password prompt!!! > Of course I know the security implications of this... Hm, thinking about this a little more, if you're still trying to log in with domain users, your best bet is probably option 3 in the Users Guide. Since option 2 is using the Local Security Authority (LSA), it's not going to get better at authenticating domain users than the default mode unless the user you run the service as can authenticate domain users. So in this respect, it's the same thing as the default option (the first option in the Users Guide). Option 3 authenticates with the password though so it should be much more like normal ssh password authentication. Give it a try and let us know if my thought experiment works in the real world. :-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |