Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Date: Wed, 8 Sep 2004 16:51:06 +0200 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: HostBasedAuthentication with OpenSSH Message-ID: <20040908145106.GI17670@cygbert.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <200409081450.08176.gary@whitehead.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200409081450.08176.gary@whitehead.com> User-Agent: Mutt/1.4.2i On Sep 8 14:50, Gary Whitehead wrote: > Hi All, > > I am fighting trying to get outward HostBasedAuthentication working with the > ssh client under Cygwin on WinXP (SP2). Hostbased authentication isn't tested on Cygwin. Since ssh-keysign needs read access to the private local host keys and these keys are not world-readable, ssh-keysign must be set-uid root (read: "system"). But set-uid isn't implemented on Cygwin so that's bound to fail. What you could try if security isn't an issue for you is, use setfacl to add read perms for your account to the ssh host keys like this: setfacl -m u:$USER:r-- /etc/ssh_host_*_key However, consider to switch over to public key authentication with either a private key w/o passphrase or, better, use ssh-agent/ssh-add on your local machine. That's the usual technique and should have the same result for you, including convenience. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:cygwin@cygwin.com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/