Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
X-Originating-IP: [24.0.161.175]
From: "Karl M" <karlm30 AT hotmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Initial patch to implement partial auth with SSH2
Date: Mon, 23 Apr 2001 07:44:13 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F210tPrPrvCWO6hm8Ua0000668c@hotmail.com>
X-OriginalArrivalTime: 23 Apr 2001 14:44:14.0184 (UTC) FILETIME=[DDA3C680:01C0CC03]

Hi All...

I am currently running OpenSSH 2.5.2p2 with multiple (sequential) 
authentication modes in a WinNT/Win2k srvany sshd server environment. That 
is: to login, I first type a passphrase for my ssh2 rsa (or dsa) key, then I 
type the password on the local machine. It is working great and gives the 
security improvement I was looking for.

For now, the recipe is as follows:

1) Download and install the latest CygWin code (including source for both 
openssh and openssl).

2) Download Carson Gaspar's 3-28-01 patch from the OpenSSH Archives.

3) cd /openssh-2.5.2p2

4) ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin

5) edit defines.h, line 439 and uncomment the `#define USE_PIPES 1'

6) apply the Partial Authentication Patch

7) edit auth2.c, comment out the call to check_nt_auth at the end of 
userauth_pubkey

8) make

9) copy sshd.exe to /usr/sbin (stopping the sshd service as needed)

10) edit /etc/sshd_config, change Protocol whatever line to 'Protocol 2', 
change StrictModes from yes to no, and add the following line near the 
bottom of the file 'AuthOrder2 publickey:password'

You can now run the service from LocalSystem and have rsa/dsa authentication 
from multiple users. The login sequence will now look like:

user AT machine ~
$ ssh localhost
Enter passphrase for key '/home/user/.ssh/id_rsa':
Authenticated with partial success.
user AT localhost's password:
Last login: Mon Apr 23 00:07:17 2001 from machine

user AT machine ~
$

I hope this is helpful.

Thanks,

...Karl
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple