Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Thu, 16 May 2002 15:16:13 -0400 (EDT) From: Prentis Brooks To: "Gerrit P. Haase" cc: cygwin AT cygwin DOT com Subject: Re: SSHD under SYSTEM account (was: Re: cygwin & opensshd on .net enterprise server) In-Reply-To: <81546376517.20020516204114@familiehaase.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Ok, I have used both I am sure, on the host key side. I have not tried via the users. If I get a chance in the next few, I will tinker around with it and let you know what I find. On Thu, 16 May 2002, Gerrit P. Haase wrote: > Prentis schrieb: > > > I think these docs are out of date. this is fixed now, since I am > > doing it. > > Ok. PublicKey is working, I figured out to set it up with PublicKey Auth > only and using my DSA key and only allowed protocol was SSH2. I know > that and that is the reason why I'm still trying to figure out how to > use both (RSA & DSA over pubkey auth). > > As I added 'RSAAuthentication yes' to the config it stops working and > I don't understand why. My collegue has just some RSA keys and was > angry if I asked him to get some DSA keys too, so I tried to use both, > SSH1 & SSH2 and RSA & DSA with no passwords, only pubkey. > > It seems to be tricky... > > Well we have options, I could make some RSA keys and we would both use > RSA or he makes some DSA keys. But now I have tasted blood (we say > in Germany: Blut geleckt...), I want to use both with our existing keys > just like we do at a Linux box we are both accessing where it works > well. > > > > On Thu, 16 May 2002, Gerrit P. Haase wrote: > > >> Inc) schrieb: > >> > >> >>I did copy him on the original note so he would be aware of the issue, > >> >>but at this point I have completely removed his version (including > >> >>deleting registry keys) and installed the cygwin environment. It appears > >> >>that all of cygwin works when run in a system owned command window, but > >> >>nothing works from an administrator account. > >> > >> > Can you please acknowledge whether or not you read openssh*.README so that > >> > we know whether you've missed the obvious user rights settings necessary for > >> > the administrator account? > >> > >> I read it and still have similar problems and there is this: > >> > >> "The system account does of course own that user rights by default." > >> > >> That means SYSTEM is ok and it is the default if I let the > >> ssh-host-config do the service setup. So I expect no problems here. > >> More: > >> > >> Unfortunately, if you choose that way, you can only logon with > >> NT password authentification and you should change > >> /etc/sshd_config to contain the following: > >> > >> PasswordAuthentication yes > >> RhostsAuthentication no > >> RhostsRSAAuthentication no > >> RSAAuthentication no > >> > >> > >> Wow this is like a hammer. That means I cannot use PublicKey > >> Authentication? If I cannot use public key authentication, the whole > >> benefit (besides transfering passwords encrypted) is futsch... > >> > >> If I let them try to guess my password several days there will be at > >> least one intruder every month... > >> > >> Is this true that PublicKey auth isn't working? (I cannot believe it). > >> > >> > >> Gerrit > >> > > > > -- Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure & Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/