Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Thu, 7 Nov 2002 07:59:41 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Is RSA authentication on SSH still broken? Message-ID: <20021107075941.F2180@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.22.1i On Wed, Nov 06, 2002 at 07:19:40PM -0500, Harig, Mark A. wrote: > > > > chmod 755 $HOME/.ssh > > chmod 644 $HOME/.ssh/authorized_keys* > > > > I had $HOME set to 700 and authorized_keys* to 600 before and that > > somehow broke RSA authentication - it is odd that stricter permissions > > would cause that. I suppose this is because the SYSTEM or > > sshd user need > > to read the keys and cannot without the appropriate privileges. > > > > Could this be a bug in Cygwin's implementation of openssh? It isn't. It's a problem with the permission model of NTFS. Even though SYSTEM is *the* major player on the machine, it gets an "access denied" if it has no permissions on a file. Don't ask for my opinion on this behaviour. However, since NTFS uses ACLs, you can give SYSTEM explicitely access to the file: [~/.ssh]$ chmod 600 authorized_keys [~/.ssh]$ getfacl authorized_keys # file: authorized_keys # owner: corinna # group: root user::rw- group::--- mask::--- other::--- [~/.ssh]$ setfacl -m g:SYSTEM:r-- authorized_keys [~/.ssh]$ getfacl authorized_keys # file: authorized_keys # owner: corinna # group: root user::rw- group::--- group:SYSTEM:r-- mask::--- other::--- HTH, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/