Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Fri, 7 Mar 2003 15:40:43 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Christopher Hammack <chammack AT cse DOT unl DOT edu>
cc: cygwin AT cygwin DOT com
Subject: Re: sshd authorized_keys fails from network directory
In-Reply-To: <20030307143228.A146777@cse.unl.edu>
Message-ID: <Pine.GSO.4.44.0303071538020.2654-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Christopher,

Your theory is apparently correct.

One workaround you might try is allowing the sshd service to interact with
the desktop (by checking the appropriate box) and mounting the share as
the logged-on user.  What others reported as a "security problem" (that a
user can access other users' shares through Cygwin) could be a solution
for you.
	Igor

On Fri, 7 Mar 2003, Christopher Hammack wrote:

> (Please cc: me if you would on any replies)
>
> I would appreciate some insight on this problem, as it would
> be great to be able to do what we're attempting:
>
> If I create a domain user and add it to the sshd password file,
> and it's home directory is on a file server \\my_server\my_user,
> and set up an authorized_keys file, it will not work (I can log in,
> but I am prompted for a password).
>
> However, if I move the home directory to /cygdrive/c/test and set up
> the authorized_keys file, it works fine.
>
> Similarly, I can map Z: to \\my_server\my_user as the current logged in
> user (on the console--a Windows 2000 machine), and then set Z:\ as my home
> directory and this will not work either.
>
> Note that I can both ssh and scp in and use this directory normally if
> I actually provide a password.  However, it is absolutely necessary to
> use rsa authentication for this application.
>
> My theory is that the sshd server is running as a system process uid (my
> terminology may not be exactly right--more familiar with unix) at the time
> it is looking for authorized_keys, and windows doesn't usually let you look
> at network directories you don't mount as that user (?).
>
> If it makes a difference, I'm running samba as the file server, and I have
> strict checking turned off (and I've tried it with it on as well).
>
> Thanks for any help.
> -cnh

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
  -- /usr/games/fortune


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/