Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "Stephen Sherbert" To: Subject: SSH, Samba, smbnetsec and chmod Date: Wed, 23 Apr 2003 17:21:51 -0500 Message-ID: <000001c309e6$bcc41140$b226f6c0@sherbert> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang) Ultimately I am trying to get Cygwin's SSH on Windows 2k to connect using public key authentication to a BSD box so CVS won't ask for a password everytime. I have encountered a few hang ups and have spent a lot of time narrowing the problem down. For the most part it boils down to how my home directory ~ looks to cygwin. My home is set in my /etc/passwd file to /cygdrive/h and I have mapped H: to a Samba drive. Case 1: With smbntsec option ON: H:\.ssh>ls -l total 5 -rw------- 1 ???????? ???????? 602 May 30 2002 authorized_keys2 -rw------- 1 ???????? ???????? 668 May 30 2002 id_dsa -r-------- 1 ???????? ???????? 602 May 30 2002 id_dsa.pub -rwx------ 1 ???????? ???????? 0 Apr 23 16:16 known_hosts -r-------- 1 ???????? ???????? 608 May 30 2002 known_hosts2 -rw------- 1 ???????? ???????? 1024 Apr 23 10:19 prng_seed id_dsa (my private key) is readable only to owner, which is required by SSH. However, the user and group of all the files is unknown (id = 65536). This prevents ssh from adding to the known_hosts file: c:\>ssh somehost.com The authenticity of host somehost.com (xx.xx.xx.xx)' can't be established. RSA key fingerprint is ca:0f:d3:58:b6:d5:a5:7e:e3:ef:f9:f0:b8:b3:79:b6. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/cygdrive/h/.ssh/known_hosts). Case 2: With smbntsec option OFF: H:\.ssh>ls -l total 5 -rw-r--r-- 1 sherbert None 602 May 30 2002 authorized_keys2 -rw-r--r-- 1 sherbert None 668 May 30 2002 id_dsa -r--r--r-- 1 sherbert None 602 May 30 2002 id_dsa.pub -rw-r--r-- 1 sherbert None 0 Apr 23 16:16 known_hosts -r--r--r-- 1 sherbert None 608 May 30 2002 known_hosts2 -rw-r--r-- 1 sherbert None 1024 Apr 23 10:19 prng_seed Now of course my user and groups are set up nicely and ssh will indeed create and/or add to my known_hosts file. However, id_dsa is readable to the world and ssh will complain: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/cygdrive/h/.ssh/id_dsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /cygdrive/h/.ssh/id_dsa Enter passphrase for key '/cygdrive/h/.ssh/id_dsa': So I try chmod to fix the permissions: H:\.ssh>chmod 600 id_dsa H:\.ssh>ls -l total 5 -rw-r--r-- 1 sherbert None 602 May 30 2002 authorized_keys2 -rw-r--r-- 1 sherbert None 668 May 30 2002 id_dsa -r--r--r-- 1 sherbert None 602 May 30 2002 id_dsa.pub -rw-r--r-- 1 sherbert None 0 Apr 23 16:16 known_hosts -r--r--r-- 1 sherbert None 608 May 30 2002 known_hosts2 -rw-r--r-- 1 sherbert None 1024 Apr 23 10:19 prng_seed --- I just wish there was a way to have a Samba mapped drive show up correctly in cygwin. Both of my cases show a different problem, but I think case 1 is the lesser of the 2. So I will stick with smbntsec set to ON. I can manually build my known_hosts file as well. Perhaps someone will have a suggestion I have not thought of. Thanks S. Sherbert -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/