Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Thu, 16 Oct 2003 23:15:29 -0400 (EDT)
From: Igor Pechtchanski <pechtcha@cs.nyu.edu>
Reply-To: cygwin@cygwin.com
To: Andrew DeFaria <ADeFaria@Salira.com>
cc: cygwin@cygwin.com
Subject: Re: Passwordless login with ssh
In-Reply-To: <bmn3on$79j$2@sea.gmane.org>
Message-ID: <Pine.GSO.4.56.0310162312550.20462@slinky.cs.nyu.edu>
References: <bmkmdl$82i$1@sea.gmane.org> <20031016081208.GB28997@cygbert.vinschen.de>
 <bmmbha$43f$1@sea.gmane.org> <Pine.GSO.4.56.0310161102500.20462@slinky.cs.nyu.edu>
 <bmn3on$79j$2@sea.gmane.org>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Thu, 16 Oct 2003, Andrew DeFaria wrote:

> Igor Pechtchanski wrote:
>
> >ssh -v (or -vvv) should tell you why the authorized_keys aren't accepted.
> >It's possible the permissions are too lax on them.
>
> This is ending up being the culprit. You see my home directory is on an
> SMB share. Now I had set CYGWIN to "ntsec smbntsec" in the Windows
> System Environment Variables so that services would see it and I thought
> that that would propogate down to the shells. But alas our /etc/profile
> explicitedly set CYGWIN to just "ntsec". With this setting my bash shell
> could chmod 600 <file> all it wanted to but if <file> was on an SMB
> share it would not change the mod bits! Changing /etc/profile to set
> CYGWIN to "ntsec smbntsec" now allows me to chmod on SMB shares. After
> setting the permissions correclty on the files in ~/.ssh ssh'ing works!
>
> Now on to another problem. Perhaps this can't be done. As the user
> adefaria I wish to ssh to another machine as another user (ccadmin) and
> not be prompted with a password. Is this doable without "giving away the
> farm" security-wise? To allow certain users the right to ssh as another
> user without the need for a password?

Sure you can.  I do it all the time.  Simply generate a public/private key
pair for the user on your home machine, and add the public key to the
authorized_keys file for ccadmin.

> Finally, I would like to ssh to my home machine without needing a
> password. At work I'm adefaria, at home I'm Andrew. I wish to
>
> $ hostname
> adefaria
> $ echo $USER
> adefaria
> $ ssh Andrew@<home>.com
>
> and have my home machine set up to allow adefaria@adefaria to come in as
> Andrew.

Same as above: generate a key pair for adefaria at work, and add the
public key to the authorized keys file for Andrew at home.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/