Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Wed, 28 Feb 2001 11:08:26 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: RSA authentication
Message-ID: <20010228110826.F8464@cygbert.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20010227121904 DOT G27406 AT cygbert DOT vinschen DOT de> <NDBBIMEOKDGHHCOJEGCMCEJKCMAA DOT m DOT faffelberger AT crp DOT at> <20010227184359 DOT B5328 AT cygbert DOT vinschen DOT de> <200102280915 DOT LAA21727 AT linux.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102280915.LAA21727@linux.>; from ehud@unix.simonwiesel.co.il on Wed, Feb 28, 2001 at 11:15:35AM +0200

On Wed, Feb 28, 2001 at 11:15:35AM +0200, Ehud Karni wrote:
> On Tue, 27 Feb 2001 18:43:59 +0100, Corinna Vinschen <cygwin AT cygwin DOT com> wrote:
> > 
> > You can log in using RSA only to the user account which has started
> > sshd. So if you need to logon as admin, start sshd as service under
> > admin account. Any other user has to use password authentication
> > or has to get it's own sshd running on another port than 22.
> 
> On Linux I use RSA authentication for all users, in fact I disabled
> password authentication (too vulnerable). I run sshd as inetd service.
> 
> Can it be done on NT this way too ?

On NT you can do this only for one user per sshd running.

If you want to do this for all users you need to run one sshd
for each of them. Each sshd has to run under the corresponding
user account and it has to use it's own port! You need to
start the sshds with their own sshd_config. Example:

User foo	/etc/sshd_config.foo	containing a line "Port 22001"
User bar	/etc/sshd_config.bar	containing a line "Port 22002"

Assuming you're running the services with SRVANY, install two services
"sshd_foo" running under account foo and "sshd_bar" running under account
bar.

In the service registry key "...\services\sshd_foo" add the string
"Application" with the value
"<YourCygwinRoot>\usr\sbin\sshd.exe -f /etc/sshd_config.foo"

and in the service registry key "...\services\sshd_bar" add "Application"
with value "<YourCygwinRoot>\usr\sbin\sshd.exe -f /etc/sshd_config.bar"

Assuming the name of the NT box is "ntbox" the users have to add
the following to their ~/.ssh/config:

User foo:

	Host ntbox
	  Port 22001

User bar:

	Host ntbox
	  Port 22002

Hope, that helps,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple