X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: =?ISO-8859-1?Q?Ren=E9_Berber?= <r.berber@computer.org>
Subject:  Re: SSH Authentication / Impersonation Question
Date:  Fri, 15 Jun 2007 18:03:39 -0500
Lines: 32
Message-ID: <f4v5sb$1eg$1@sea.gmane.org>
References:  <a04104190706130931k31623258p4d23400b72a84f1f@mail.gmail.com> 	 <f4pr0f$16u$1@sea.gmane.org> <19aed9aa0706150354u69d07d3duc2dc9da2e911f9e0@mail.gmail.com>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1
Content-Transfer-Encoding:  quoted-printable
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
In-Reply-To: <19aed9aa0706150354u69d07d3duc2dc9da2e911f9e0@mail.gmail.com>
OpenPGP: url=hkp://wwwkeys.pgp.net
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Andrew Hodgson wrote:

>> Try `ssh administrator@localhost` after you login to the server as a
>> (PowerUser)
>> user.  You should be able to do almost anything as Administrator.
>=20
> The user we are impersonating (via pubkey auth) is an admin user. Are
> you suggesting that once logged in via pubkey, we ssh to localhost
> again?

Yes, `ssh administrator@localhost` is equivalent to `su administrator`, I am
guessing that your "admin" user does not have all the privileges needed.

It could be used only to test the hypothesis that something changed and "ad=
min"
doesn't work.  I have no experience/knowledge of what may have changed and =
what
needs to be done to fix it.

>> Another option would be to tunnel a Remote Desktop Connection.
>=20
> Sorry, I'm not sure what's meant by this. The script that executes the
> "net stop w3svc" command is a web deployment script, so using the GUI
> isn't necessary, I hope!

This was related to the GUI control that IIS has, you could use it if you w=
ant
manual control.  Of course it's not usable with a script, so better scratch=
 my idea.
--=20
Ren=E9 Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/