Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Thu, 7 Nov 2002 07:59:41 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Is RSA authentication on SSH still broken?
Message-ID: <20021107075941.F2180@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <BADF3C947A1BD54FBA75C70C241B0B9E90B9C8 AT ex02 DOT idirect DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BADF3C947A1BD54FBA75C70C241B0B9E90B9C8@ex02.idirect.net>
User-Agent: Mutt/1.3.22.1i

On Wed, Nov 06, 2002 at 07:19:40PM -0500, Harig, Mark A. wrote:
> > 
> > chmod 755 $HOME/.ssh
> > chmod 644 $HOME/.ssh/authorized_keys*
> > 
> > I had $HOME set to 700 and authorized_keys* to 600 before and that
> > somehow broke RSA authentication - it is odd that stricter permissions
> > would cause that. I suppose this is because the SYSTEM or 
> > sshd user need
> > to read the keys and cannot without the appropriate privileges.
> > 
> 
> Could this be a bug in Cygwin's implementation of openssh?

It isn't.  It's a problem with the permission model of NTFS.  Even
though SYSTEM is *the* major player on the machine, it gets an
"access denied" if it has no permissions on a file.  Don't ask for
my opinion on this behaviour.

However, since NTFS uses ACLs, you can give SYSTEM explicitely access
to the file:

[~/.ssh]$ chmod 600 authorized_keys
[~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: corinna
# group: root
user::rw-
group::---
mask::---
other::---
[~/.ssh]$ setfacl -m g:SYSTEM:r-- authorized_keys
[~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: corinna
# group: root
user::rw-
group::---
group:SYSTEM:r--
mask::---
other::---

HTH,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/