Mailing-List: contact cygwin-help@sourceware.cygnus.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@sources.redhat.com>
List-Help: <mailto:cygwin-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@sources.redhat.com
Delivered-To: mailing list cygwin@sources.redhat.com
Message-ID: <007901c0baf5$4401dae0$0200a8c0@lifelesswks>
From: "Robert Collins" <robert.collins@itdomain.com.au>
To: "Corinna Vinschen" <cygwin@cygwin.com>
References: <F224PGmYCESUQoPqajB0001264c@hotmail.com> <20010401192625.D17860@cygbert.vinschen.de>
Subject: Re: ssh Authentication--RSA/Password
Date: Mon, 2 Apr 2001 07:46:44 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-OriginalArrivalTime: 01 Apr 2001 21:41:13.0331 (UTC) FILETIME=[79202430:01C0BAF4]


----- Original Message -----
From: "Corinna Vinschen" <cygwin@cygwin.com>
>
> It's a lot of work.
>
> It had to use a NT low level authentication library called LSA
> (Local Security Authority). It requires writing a special DLL called
> LSA authentication module which has to be installed in the system
> together with a change in the registry. Then sshd would have to be
> splited into two parts, the sshd service itself which controls the
> communication and calls the LSA module and the LSA module which would
> have to check the RSA/DSA keys and to allow the log in.
>
> Note that that means that OpenSSH would need a lot of restructuring
> just to be able to allow RSA/DSA on one system (WinNT) while it works
> wonderful on all other systems (OpenBSD, Linux, Solaris, Win9x, ...).
>
> > Are you considering writing it in the future?
>
> We already considered to write it but since it's a very time consuming
> effort neither I nor anybody else at Red Hat would be able to do it
> without a paying customer. The result would then be OSS again as long
> as the customer doesn't demand getting a proprietary solution (which
> I don't hope).

What about a community sponsored effort - ie via one of the "open source
markets". I'm just thinking there are enough folk here who are
interested in this, may be we could collectively fund it?

> BTW, using that method for logon introduces another problem. Since the
> user never typed her password the created user token has no
credentials
> to open network connections. This requires the user to call
> `net use ...' for each network resource and each call requires a
> password!

Could they use ssh to authenticate to other NT machines with the ssh LSA
extension installed?

Rob


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple