X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=rcM0SI+2rztpGmx1
	HELQaaUW6Gor4jQxSQ50c8lceBvAEqiwIluLAB/yNjVJMId0ei+csOlcup4cYfFR
	PgOa0cbuJi10R69aPcp6wQW4xpmAgzR8mnN69fAqk3mFIFMlW7CpjmMM83lcg2h3
	xK4eY4eaSwbqOmysWIikuAWdotM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=EVZ11Q0j9dMzVjH/0XhGFN
	0vmNQ=; b=FmVlzrdmit58VSW/FKLGwo74UxScy0IOtrAzhERhwZSFzTjSVkKCFW
	9K9jZlLZd6Q55laYHpnSdKkoTkYCAXalGGJnYyt7/Ip98il3ez+78YYnTXATHwMW
	F69qzSwztYAk6zbBbXnYbTzWsJHWxFFG5qj6wCJgl+BdZJa5ttCt4=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
X-Spam-SWARE-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_20,BOTNET,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RCVD_IN_HOSTKARMA_YE autolearn=no version=3.3.1
Message-id: <519846F8.6000606@cygwin.com>
Date: Sat, 18 May 2013 23:28:56 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh@cygwin.com>
Reply-to: cygwin@cygwin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-version: 1.0
To: cygwin@cygwin.com
Subject: Re: Public key authentication not working when I do "ssh localhost"
References: <CAO6Meo_rcDOdU_41k0BQOq5J2Tk0RWpvvSiLMi5bSWWHnB9X0Q@mail.gmail.com>
In-reply-to: <CAO6Meo_rcDOdU_41k0BQOq5J2Tk0RWpvvSiLMi5bSWWHnB9X0Q@mail.gmail.com>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit

On 5/18/2013 10:59 PM, Naveen Narayanan wrote:
<snip>
> There are a couple of issues as well: - The group is displayed as
> mkgroup. - The user "navenara" does not exist in the localhost, I
> guess. It was not displayed in "net user sshd". "navenara" is a Domain
> account. Could this be causing the public key authentication issue?
<snip>

Yes.  Public key authentication requires switching the user context,
which requires the user running 'sshd', 'cyg_server' in this case, to have
certain Windows privileges to do this.  But this user, created by
ssh-host-config, is a local user, not a domain.  So it can't switch
to the domain user context.  Your choices are create a local account
and use that, create a domain account with privileges to run 'sshd',
or don't use public key authentication.  If you're interested in learning
more about how the Windows security model is used in Cygwin, see this
section in the Users Guide:

<http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview>

If you'd like to remove 'mkgroup' as your group, run
'mkgroup -l -d >/etc/group'.  That should grab your domain groups
so that you see the proper one for your user.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple