Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID: <392DA179.9DBB53B7@vinschen.de>
Date: Thu, 25 May 2000 23:56:09 +0200
From: Corinna Vinschen <corinna AT vinschen DOT de>
Reply-To: cygwin <cygwin AT sourceware DOT cygnus DOT com>
X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14 i686)
X-Accept-Language: de, en
MIME-Version: 1.0
To: Prentis Brooks <prentis AT aol DOT net>
CC: cygwin <cygwin AT sourceware DOT cygnus DOT com>
Subject: Re: FW: Can not config sshd
References: <NEBBLEPLMLJEEFHAGMDMIECECAAA DOT prentis AT aol DOT net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Prentis Brooks wrote:
> Now, in my case, I am not able to get the OpenSSH to accept rhost
> authentication or RSA...
> 
> Here is what I have.  sshd is running out of inetd, and is working fine as
> far as that goes, works great for password authentication.
> 
> I have put .shosts in the users directory and I have added the client's
> ssh_host_key to the /etc/ssh_known_hosts file, with appropriate FQDN
> preceeding the actually key.  I have gone over the permissions and can't
> find any holes.  Setup duplicates existing Unix ssh configuration and
> "should" work.  I am using Corinna's binaries, do I need to re-compile?

I mentioned that in the README which comes with the
binary package:

This is for NT:
You can use RSA and/or rhosts authentification ONLY if
sshd is already running under that users account. This is
due to the NT authentification method. If you want to use
sshd from LocalSystem account (or another account which has
the appropriate rights) and you want to be able to logon
to different accounts, you ONLY can use password authentification.
You can't mix that methods. Recompiling will not help
here.

Personally I'm the only user on my system, so I'm starting
sshd as stand-alone service under my own user account. This
enables me to use RSA authentication.

BTW: Starting sshd from inetd is not common pratice. This
is because sshd needs to generate the server key before it
can respond to the first users authentication request.
This may take much time! If you start sshd as daemon,
it has the chance to generate the server key prior to
the first user intervention.

Perhaps another problem is that I have patched openSSH so
that identity files are always opened in binary open mode.
If you use an identity file of another ssh which was
created on a text mode mounted directory, it's probably
unusable if not converted.
I have choosen binary for identity files to allow usage
of copied identity.pub files on foreign boxes without
need to convert.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com