| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; q=dns; s=default; b=G/md2Zc | |
| WZf9wGwEGUJBKpF7M4kC9F6lduxQ/CL8z0RnssL0IxRolPTfNeaR72//e2ldTfFX | |
| tQ3gk3L6u3aFnydSo8qyxsiqH2kDO/Xsy3g/XtN3iqHHqcFxEMQ7hju6ekowBSb9 | |
| Bvf2/mSQMtHSN/54rs7bXE98ljzJstuCIIdQ= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; s=default; bh=C4/E9QHassDQR | |
| oBefJhDcd4Vd4U=; b=LXS6hpDpgFY1NT41WumwVmFVr0oDyqOQcYS/e4ORe3skG | |
| XzOh4Dh3Z46TmLn4y+rm48iXMTxiepA/BMQoV3KPYlDreKWaVcN7g1dfFU7R8a4L | |
| giN0AXiOuH8GYdvdz+AkxwW/GizIg/v4WkTocgOsXmTShT7oIp/+OWoTvKVZ9s= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=connections, permissible, risk |
| X-HELO: | mout.gmx.com |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1550160293; bh=F4fWWxUww48c6JU+UjIcZAw7uSA0/HXVEK0tU+OZJLE=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=LlIzE2pW8z6taTBrFI2O7sw+SMc/1IoGo7yzy18Es+dMNX2nzYvTjXgm4Ei+u78Bx sXT/NSmNxLruj5dZ6Xa2w3gqHjrgVDOaJew9QRPxx55/huXs4tGIR4rw8X3FR/fk3r fr8ja60UcapN+Mf2doJ/VNTRi9ceJ2gegPz2KQy8= |
| X-UI-Sender-Class: | 214d933f-fd2f-45c7-a636-f5d79ae31a79 |
| MIME-Version: | 1.0 |
| References: | <20190213122509 DOT GL3718 AT calimero DOT vinschen DOT de> <CANV9t=TW6Kwxo9pN=3Hp8Yzi5A4i2qQpiLoGyEqxR5rq7vu5pA AT mail DOT gmail DOT com> <20190213161029 DOT GY3718 AT calimero DOT vinschen DOT de> <CANV9t=RiBTNsGUwEf6BS9A6b=fMcHeiGD_RDOueKHJ5c9Zwe_g AT mail DOT gmail DOT com> <20190213162614 DOT GA3718 AT calimero DOT vinschen DOT de> <CANV9t=RmEik5VN-Zebc5h+9JUqYZL0QO5RP0UH5F--=zX8NkYg AT mail DOT gmail DOT com> <20190213175541 DOT GE3718 AT calimero DOT vinschen DOT de> <CANV9t=S6zO_qXBrUALxTCKPCPkXfgc-6FFchV_prbkMyD7GpRA AT mail DOT gmail DOT com> <20190213202537 DOT GF3718 AT calimero DOT vinschen DOT de> <CANV9t=Q49YOZ26AEKu0nx4UW2hGvaXt+0wf3nKtRq3_AguYz6A AT mail DOT gmail DOT com> <20190214131345 DOT GB30859 AT calimero DOT vinschen DOT de> <CANV9t=QE9n6kej+1CYYV7OMktLpv05ZhYpSdPe=LzpbnwiH9Hw AT mail DOT gmail DOT com> |
| In-Reply-To: | <CANV9t=QE9n6kej+1CYYV7OMktLpv05ZhYpSdPe=LzpbnwiH9Hw@mail.gmail.com> |
| From: | Bill Stewart <bstewart AT iname DOT com> |
| Date: | Thu, 14 Feb 2019 09:04:39 -0700 |
| Message-ID: | <CANV9t=Qktg01XdE5Z7tEhwHUVL-JzKhFaKPadYvujZwzAfGvsw@mail.gmail.com> |
| Subject: | Re: sshd: computer name's case must match? |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
On Thu, Feb 14, 2019 at 6:43 AM Bill Stewart wrote: > I think this is the difficulty: When a computer name is not uppercase, > how do we find out the correct case when we specify an authority name > (before the +)? Upon reflection, here's what comes to mind from a purely Cygwin perspective: (a) When Cygwin returns a name containing an authority (name to the left of the + character), convert it to uppercase (or lowercase). Advantages: Easier to use. End-user doesn't have burden of determining the correct case for the authority name. Disadvantages: A remote machine might actually use a + character in a username (even though this shouldn't be permissible from a POSIX point of view) and we risk a name collision, opening a small potential security hole because we matched the wrong name. This risk only applies to remote non-Windows servers, since + is an illegal character in a local Windows user account name and domain sAMAccountName attribute. End user still has to match case of username. (b) Do nothing - authority and username case must match exactly. Advantages: No further code changes. Potential security risk is mitigated. Disadvantages: Not intuitive and confusing from a Windows perspective. End-user has burden of determining correct case for both authority name and username. (This can be mitigated somewhat by addressing this in the FAQ, but we all know how often people read the FAQ.) [FWIW, I wrote a short PowerShell script that (probably) does the right thing in returning the correct case, but for the case of a local computer authority it only works against the local computer. (It seems to work fine for the current computer's domain and any trusted domains.)] From an OpenSSH perspective, IMO, it would seem that the most straightforward solution would be, if possible, for sshd to ignore username case for incoming connections when it's running on Windows. Thanks! Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |