Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <4.3.1.2.20020516133550.0260af00@pop.ma.ultranet.com>
X-Sender: lhall AT pop DOT ma DOT ultranet DOT com
Date: Thu, 16 May 2002 13:43:09 -0400
To: "Gerrit P. Haase" <freeweb AT nyckelpiga DOT de>, cygwin AT cygwin DOT com
From: "Larry Hall (RFK Partners, Inc)" <lhall AT rfk DOT com>
Subject: Re: SSHD under SYSTEM account (was: Re: cygwin & opensshd on
  .net enterprise server)
In-Reply-To: <23540989351.20020516191126@familiehaase.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 01:11 PM 5/16/2002, Gerrit P. Haase wrote:
>Inc) schrieb:
>
> >>I did copy him on the original note so he would be aware of the issue,
> >>but at this point I have completely removed his version (including
> >>deleting registry keys) and installed the cygwin environment. It appears
> >>that all of cygwin works when run in a system owned command window, but
> >>nothing works from an administrator account.
>
> > Can you please acknowledge whether or not you read openssh*.README so that
> > we know whether you've missed the obvious user rights settings necessary for
> > the administrator account?
>
>I read it and still have similar problems and there is this:


I'm glad you read it Gerrit and would've expected as much from you.  I was
enquiring this specifically of Tony, since it's not clear what he's tried 
and how much he has researched the issue.


>   "The system account does of course own that user rights by default."
>
>That means SYSTEM is ok and it is the default if I let the
>ssh-host-config do the service setup.  So I expect no problems here.
>More:
>
>   Unfortunately, if you choose that way, you can only logon with
>   NT password authentification and you should change
>   /etc/sshd_config to contain the following:
>
>     PasswordAuthentication yes
>     RhostsAuthentication no
>     RhostsRSAAuthentication no
>     RSAAuthentication no
>
>
>Wow this is like a hammer.  That means I cannot use PublicKey
>Authentication?  If I cannot use public key authentication, the whole
>benefit (besides transfering passwords encrypted) is futsch...
>
>If I let them try to guess my password several days there will be at
>least one intruder every month...
>
>Is this true that PublicKey auth isn't working? (I cannot believe it).


I think you missed the next statement in the file:

   However you can login to the user which has started sshd with
   RSA authentication anyway. If you want that, change the RSA
   authentication setting back to "yes":

     RSAAuthentication yes

But if that user is SYSTEM, then this is little consolation.  I can't speak
to any specifics but I can say that I agree with your interpretation of the 
prose, minus the one caveat above.  Perhaps you'll want to try playing with
this and debugging it to see if there's a solution for it that meets your 
needs.




Larry Hall                              lhall AT rfk DOT com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/