Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <007901c0baf5$4401dae0$0200a8c0@lifelesswks>
From: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
To: "Corinna Vinschen" <cygwin AT cygwin DOT com>
References: <F224PGmYCESUQoPqajB0001264c AT hotmail DOT com> <20010401192625 DOT D17860 AT cygbert DOT vinschen DOT de>
Subject: Re: ssh Authentication--RSA/Password
Date: Mon, 2 Apr 2001 07:46:44 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-OriginalArrivalTime: 01 Apr 2001 21:41:13.0331 (UTC) FILETIME=[79202430:01C0BAF4]


----- Original Message -----
From: "Corinna Vinschen" <cygwin AT cygwin DOT com>
>
> It's a lot of work.
>
> It had to use a NT low level authentication library called LSA
> (Local Security Authority). It requires writing a special DLL called
> LSA authentication module which has to be installed in the system
> together with a change in the registry. Then sshd would have to be
> splited into two parts, the sshd service itself which controls the
> communication and calls the LSA module and the LSA module which would
> have to check the RSA/DSA keys and to allow the log in.
>
> Note that that means that OpenSSH would need a lot of restructuring
> just to be able to allow RSA/DSA on one system (WinNT) while it works
> wonderful on all other systems (OpenBSD, Linux, Solaris, Win9x, ...).
>
> > Are you considering writing it in the future?
>
> We already considered to write it but since it's a very time consuming
> effort neither I nor anybody else at Red Hat would be able to do it
> without a paying customer. The result would then be OSS again as long
> as the customer doesn't demand getting a proprietary solution (which
> I don't hope).

What about a community sponsored effort - ie via one of the "open source
markets". I'm just thinking there are enough folk here who are
interested in this, may be we could collectively fund it?

> BTW, using that method for logon introduces another problem. Since the
> user never typed her password the created user token has no
credentials
> to open network connections. This requires the user to call
> `net use ...' for each network resource and each call requires a
> password!

Could they use ssh to authenticate to other NT machines with the ssh LSA
extension installed?

Rob


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple