Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Info: This message was accepted for relay by smtp03.mrf.mail.rcn.net as the sender used SMTP authentication X-Trace: UmFuZG9tSVYguipPhfav2eKxKmOwBfabNqinfiDCnJXX++gaZFM/hTGLGfRok0SM Message-ID: <3ECD6BA5.7020902@rfk.com> Date: Thu, 22 May 2003 20:30:29 -0400 From: "Larry Hall (RFK Partners, Inc.)" Reply-To: lhall AT rfk DOT com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew DeFaria CC: cygwin AT cygwin DOT com Subject: Re: Question about "rexec" References: <000901c320a7$011f94a0$6400a8c0 AT FoxtrotTech0001> <001b01c320a7$b299d880$6400a8c0 AT FoxtrotTech0001> <007401c320b5$d4f5bdf0$6400a8c0 AT FoxtrotTech0001> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Andrew DeFaria wrote: > Bill C. Riemers wrote: > >> You might also want to check the ownership of your home directory and >> .ssh >> directory, as that is the only thing I can think of that would cause the >> touch error in your previous message. If ownership or permissions are >> wrong, then sshd defaults to require a password rather than trusting that >> nobody else has changed the key files. >> >> > Herein I believe my difficulties lie. That an not understanding Windows > permissions vs Unix permissions and how such things are mapped. Here's > what I do know: > > $ cd ~/.ssh > $ ls -l > total 6 > -rw-r--r-- 1 adefaria Domain U 227 May 22 17:10 authorized_keys > -rw-r--r-- 1 adefaria Domain U 227 May 22 15:25 authorizedkeys > -rw-r--r-- 1 adefaria Domain U 887 May 22 15:22 id_rsa > -rw-r--r-- 1 adefaria Domain U 227 May 22 15:22 id_rsa.pub > -rw-r--r-- 1 adefaria Domain U 1624 May 22 15:19 known_hosts > $ chmod 600 id_rsa* > $ ls -l > total 6 > -rw-r--r-- 1 adefaria Domain U 227 May 22 17:10 authorized_keys > -rw-r--r-- 1 adefaria Domain U 227 May 22 15:25 authorizedkeys > -rw-r--r-- 1 adefaria Domain U 887 May 22 15:22 id_rsa > -rw-r--r-- 1 adefaria Domain U 227 May 22 15:22 id_rsa.pub > -rw-r--r-- 1 adefaria Domain U 1624 May 22 15:19 known_hosts > > Nothing. So I go into Windows Explorer and look at the Security setting > on the Properties dialog. I attempt to remove the users in the Security > section and it tells me that I have to stop inheriting permissions. So I > go to stop inheriting permissions and tell it to remove everything. Now > nobody's listed in the Securities section. Windows warns me that only > the create of the file will be able to access it. I look in Cygwin with > ls -l and the mode bits are the same. I try the chmod again and there is > no change! So I add my user back to having full control. My user is the > only user listed now but the mode bits are still 644. > > When I try to ssh $(hostname) cmd I get: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/us/adefaria/.ssh/id_rsa' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /us/adefaria/.ssh/id_rsa > > Now what?!? > > (It would be nice if somebody who really knew the algorithm could > explain Windows permissions and how they are mapped to Unix mode bits). Or you could just look at the FAQ: Why doesn't chmod work? -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/