Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <20000808060822.22936.qmail@nwcst316.netaddress.usa.net>
Date:  8 Aug 00 00:08:22 MDT
From: <norbert DOT bladt AT usa DOT net>
To: cygwin <cygwin AT sources DOT redhat DOT com>
Subject: Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]
CC: vinschen AT cygnus DOT com
X-Mailer: USANET web-mailer (34FM0700.1.03)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id CAA04358

Corinna Vinschen <vinschen AT cygnus DOT com> wrote:
> norbert DOT bladt AT usa DOT net wrote:
>> 
[...]
>> I did some debugging and now I know why RhostsAuthentication
>> (and RhostsRSAAuthentication) does not work between two
>> NT systems over here.
>> Regardless of the setting in the configuration file
>> (sshd_config) the server is disabling both authentication methods
>> as soon as the client does not connect from a priviledged port.
>> On UNIX, ssh runs as root via "set userid" and that's why there
>> is no problem from, e.g. Linux or Reliant-UNIX to NT.
>> 
>> However, how to achieve this between NT systems ?
>> Has anybody gotten this to work ?
>> I tried running the ssh client as Administrator but that
>> didn't change anything on the server side.

> A temporary solution, please give some feedback to the list:
> 
> _IF_ you're using ntsec, please try the following:
Yes, we are using it.

>  Change your /etc/passwd file on the client box so that the
>  administrator (or your favorite admins member name) has uid 0.
>  This should allow that admin to use a privileged port when
>  starting ssh.
Works ad advertised, i.e. after changing the uid of the
administrator on the client side to 0 it works.
Because that was the only change in /etc/passwd I did,
the user on the server side is reported as "everyone" because
this user is first in the /etc/passwd on the client side and
has the uid 0 - as created by mkpasswd.

Thanks for this "solution".
I thought about the other "fix" you mentioned in your
previous E-Mail. But this seems to be a better way of doing
it, because we don't have to maintain another derivative of
a derivative of a derivative of the original OpenBSD sources ;-)

Will this work for other users with uid 0, too ?
I don't think so, but you know a lot more about NT
security than me.

Thanks, again.

Norbert.


____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com