X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=roqNG28EtG/dX0FK gGEss9VzJzkdb/8TTkISwh8t0EtUp6E6JK3y3YdXoMIJNe+mNNok7E4vPq2tB7zY CknFAbPZ7Ms8zv/kz4g9HqvwqWIcdHIO+tnCS9o/SxsXMQhdKG2vIP5xfYLDVkVB oesRj5WLmYlkCU8EI59rU4e3bwQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=TW88c3J/STYwBRWmEq00qy LnfCg=; b=tr09fE0aHF1swmIBSEujIBCUVnHda+TgBn3N4qKB2Tk29OG0DBI2zt YgJGliQRgt84jrNyC42KIjVhJLQ1vY54y6n/NGDqyCHYkvRvtG34CGC7gZOXGd6b pZlc6oArkRtpZOH7SN559ipcSGTTQOLajOkLJ91V73bSYFdwmkA9E= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: vms173009pub.verizon.net Message-id: <528D3F0F.4070405@cygwin.com> Date: Wed, 20 Nov 2013 18:00:31 -0500 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: Sshd and key based authentication References: <5289C8BD.1010109@netfence.it> <1679047089.20131118122233@mtu-net.ru> <5289DB39.7030408@netfence.it> <528CF357.3020000@netfence.it> In-reply-to: <528CF357.3020000@netfence.it> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 11/20/2013 12:37 PM, Andrea Venturoli wrote: > On 11/18/13 10:17, Andrea Venturoli wrote: >> On 11/18/13 09:22, Andrey Repin wrote: >> >>> Did you installed Cygwin LSA module? >>> http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 >> >> I don't think so, but I can't check right now... >> >> Should I? > > Hello. > > Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted: > still no luck. > > I raised the loglevel to DEBUG3 and verified sshd was *always* looking for > /home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in. > > So, if I do "ln -s /home/user /home/cyg_server", then ssh user@server works > without password prompt!!! > Of course I know the security implications of this... Hm, thinking about this a little more, if you're still trying to log in with domain users, your best bet is probably option 3 in the Users Guide. Since option 2 is using the Local Security Authority (LSA), it's not going to get better at authenticating domain users than the default mode unless the user you run the service as can authenticate domain users. So in this respect, it's the same thing as the default option (the first option in the Users Guide). Option 3 authenticates with the password though so it should be much more like normal ssh password authentication. Give it a try and let us know if my thought experiment works in the real world. :-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple