Mail Archives: cygwin/2014/06/10/16:57:14

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/06/10/16:57:14

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:reply-to:mime-version:content-type:content-transfer-encoding

:in-reply-to; q=dns; s=default; b=MiPUWWAW81jQPrwIjVx9sicTZjClZ+

elwBKATj6BzAIuuaxgm7DmhtFnOIVFhQZ5vKy7Q8bPk+Wkk0J0KIyJiakhUkVR8s

JQDc/qnIeMD8QwwJZ9vGFFMjazoXnNPe2Opw7SOvHzd6A+y2YXuFzOv+bVBXduE/

EQFiQx0zuniaQ=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:reply-to:mime-version:content-type:content-transfer-encoding

:in-reply-to; s=default; bh=xH47RiaTGKxkaflympD5ml3DPjk=; b=WyzH

OgeaRTe3PDelKENgRQUBZ3uU017V74AMJCa9U3KW0qr0V9lLrAN1Mrd4SSg1CAVL

0SthB+47UF6zbP8QkhVYLMfOhbhoEsdItKgGycMr8ZMOAt0rv0u8HFG2dCtb90aH

ZvKpzy28LYE6CsuM/oEWAYEdpDtbv3Ere3DyLFk=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: "Roger Vicker, CCP" <rvicker AT vicker DOT com>

Subject: Re: CYGWIN - As admin setup other users SSH for them?

Date: Tue, 10 Jun 2014 15:56:09 -0500

Lines: 44

Message-ID: <ln7rdb$t9t$1@ger.gmane.org>

References: <lmo56t$us6$1 AT ger DOT gmane DOT org> <5390204E DOT 2050300 AT etr-usa DOT com>

Reply-To: rvicker AT vicker DOT com

Mime-Version: 1.0

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666

In-Reply-To: <5390204E.2050300@etr-usa.com>

X-IsSubscribed: yes

On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that:

> On 6/4/2014 16:05, Roger Vicker, CCP wrote:
>> 3) deliver the private key to the user along with the rest of the
>> instructions on how to use it in the provided apps.
> How were you planning on delivering these sensitive private keys?  Via
> insecure email, perhaps?

These particular users are barely computer literate so I would be
copying the private keys directly to their Android devices and setting
up the apps that need to use SSH as a tunnel to connect to their server
side apps.

> Use ssh as it was designed: have the users generate their own local
> keypairs, and have them email the public key to you.  The words we use
> here mean something.  The *public* key goes out over the public link,
> and the *private* key stays at home.
>
I know security. That is why we are implementing SSH with keys to
further secure a remote protocol. VPN is not as practical given the
level of the users, the specific remote devices and app.

> It's not like the commands are difficult.  They set up a local Cygwin,
> add the openssh package, then say:
>
>     $ ssh-keygen
>     ...press Enter a bunch of times...
>     $ cat ~/.ssh/id_rsa.pub > /dev/clipboard
>     ...compose email to rvicker, paste
>
>> With out their passwords I can't login to establish their $home
>> directory structure,
> Take a look at /etc/profile, starting at line 75.  See the stuff about
> /etc/skel?  That's how the user's home directory gets set up.  Nothing
> magic here.  You could cut those couple-dozen lines into a new script
> and tweak it for your purposes.
>
> The only trick is that if you do all this as administrator, you'll
> have to say something like
>
>     # chown -R otheruser.otheruser ~otheruser
>
> after you get done setting up the user's home directory.
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:reply-to:mime-version:content-type:content-transfer-encoding
	:in-reply-to; q=dns; s=default; b=MiPUWWAW81jQPrwIjVx9sicTZjClZ+
	elwBKATj6BzAIuuaxgm7DmhtFnOIVFhQZ5vKy7Q8bPk+Wkk0J0KIyJiakhUkVR8s
	JQDc/qnIeMD8QwwJZ9vGFFMjazoXnNPe2Opw7SOvHzd6A+y2YXuFzOv+bVBXduE/
	EQFiQx0zuniaQ=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:reply-to:mime-version:content-type:content-transfer-encoding
	:in-reply-to; s=default; bh=xH47RiaTGKxkaflympD5ml3DPjk=; b=WyzH
	OgeaRTe3PDelKENgRQUBZ3uU017V74AMJCa9U3KW0qr0V9lLrAN1Mrd4SSg1CAVL
	0SthB+47UF6zbP8QkhVYLMfOhbhoEsdItKgGycMr8ZMOAt0rv0u8HFG2dCtb90aH
	ZvKpzy28LYE6CsuM/oEWAYEdpDtbv3Ere3DyLFk=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-0.7 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	"Roger Vicker, CCP" <rvicker AT vicker DOT com>
Subject:	Re: CYGWIN - As admin setup other users SSH for them?
Date:	Tue, 10 Jun 2014 15:56:09 -0500
Lines:	44
Message-ID:	<ln7rdb$t9t$1@ger.gmane.org>
References:	<lmo56t$us6$1 AT ger DOT gmane DOT org> <5390204E DOT 2050300 AT etr-usa DOT com>
Reply-To:	rvicker AT vicker DOT com
Mime-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
In-Reply-To:	<5390204E.2050300@etr-usa.com>
X-IsSubscribed:	yes