Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Sat, 10 May 2003 11:17:56 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: =?iso-8859-1?q?richard=20dje?= <djensam AT yahoo DOT com>
cc: cygwin AT cygwin DOT com
Subject: Re: HELP: sshd/multi-user how-to
In-Reply-To: <20030510135534.10318.qmail@web40405.mail.yahoo.com>
Message-ID: <Pine.GSO.4.44.0305101116260.9872-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Sat, 10 May 2003, richard dje wrote:

> Hi,
>
> I'm trying to setup a cvs server on cygwin over ssh.
>
> I have cygwin v1.3.22.1 installed on a win2k box.
> I also installed the latest version of openSSH, and all related packages.
>
> I also learned that one need to create a windows account for each user
> willing to connect to the server.
>
> In order to do some testing i just created 2 accounts on the windows
> machine,say USER1 and USER2.
>
> To enable connections through ssh one need to correctly setup 'sshd'. For that
> USER1 ran 'ssh-host-config', since /etc/ssh_host_* files must be
> read/write-able by only one account. Normally that user should have been
> 'root'. Browsing the web, i saw that it was not that simple
> on cygwin (Please correct me if i am wrong).
>
> Files
> /etc/ssh_host_key,
> /etc/ssh_host_rsa_key,
> /etc/ssh_host_dsa_key
>
> should not be group and world-accessible.
>
> I then launched the following two commands
> $ mkpasswd -l > /etc/passwd
> $ mkgroup -l > /etc/group
>
> Their content looks OK.
>
> I then gathered USER1 and USER2 ssh2-rsa publickeys and put them in
> their respective $HOME/.ssh/authorized_keys2 (on the server machine).
>
> The windows machine was then booted on USER1 account in order to be able
> to start 'sshd' by means of '/etc/rc.d/init.d/sshd start'
>
> Connecting remotely to USER1 account by the following command worked just fine
> $ ssh -v USER1 AT server_ip_address
>
> But trying to do the same for USER2 by using
> $ ssh -v USER2 AT ser_ip_address
> just failed, since i am asked to provide a password.
> The above command output showed me that the ssh2-rsa publickey auth just
> failed.
>
> QUESTION:
> - Is the above configuration feasible ?
>   assuming USER1 is a poweruser,
>   USER2, USER3, ..., USERN are simple user.
>
> - Does cygwin/cvs works fine in server mode using 'ext' protocol (ssh) ?
> - Security-wise is (cygwin/cvs server / ssh) a good choice ?
>
> Thank You In Advance for your feedback and or help. :-)
> regards,
> -Richard

Richard,

FYI, on Cygwin, root = SYSTEM (uid 18).  That is also the account all
services (including sshd) usually run under.  Read
<http://cygwin.com/cygwin-ug-net/ntsec.html> for details.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Knowledge is an unending adventure at the edge of uncertainty.
  -- Leto II


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/