Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <00fd01c32157$49817c80$78d96f83@pomello>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: <cygwin AT cygwin DOT com>
References: <OF7733B313 DOT 5DACF56D-ON88256D2D DOT 0074D1D5 AT ds-us DOT com> <Pine DOT GSO DOT 4 DOT 44 DOT 0305211929530 DOT 26639-100000 AT slinky DOT cs DOT nyu DOT edu> <bajdmg$mm5$1 AT main DOT gmane DOT org> <000901c320a7$011f94a0$6400a8c0 AT FoxtrotTech0001> <001b01c320a7$b299d880$6400a8c0 AT FoxtrotTech0001> <bajj1g$qdk$1 AT main DOT gmane DOT org> <007401c320b5$d4f5bdf0$6400a8c0 AT FoxtrotTech0001> <bajpin$lt3$1 AT main DOT gmane DOT org> <3ECD6BA5 DOT 7020902 AT rfk DOT com> <balmed$u7f$1 AT main DOT gmane DOT org>
Subject: Re: Question about "rexec"
Date: Fri, 23 May 2003 19:15:27 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Cam-ScannerAdmin: mail-scanner-support AT ucs DOT cam DOT ac DOT uk
X-Cam-AntiVirus: Not scanned
X-Cam-SpamDetails: 

Andrew DeFaria wrote:
> Larry Hall (RFK Partners, Inc.) wrote:
> 
>> Andrew DeFaria wrote:
>> 
>>> Bill C. Riemers wrote:
>>> 
>>>> You might also want to check the ownership of your home directory
>>>> and .ssh directory, as that is the only thing I can think of that
>>>> would cause the touch error in your previous message.  If ownership
>>>> or permissions are wrong, then sshd defaults to require a password
>>>> rather than trusting that nobody else has changed the key files.
>>> 
>>> Herein I believe my difficulties lie. That an not understanding
>>> Windows permissions vs Unix permissions and how such things are
>>> mapped. Here's what I do know:
>>> 
>>> $ cd ~/.ssh
>>> $ ls -l
>>> total 6
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
>>> -rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
>>> -rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts
>>> $ chmod 600 id_rsa*
>>> $ ls -l
>>> total 6
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
>>> -rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
>>> -rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
>>> -rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts
>>> 
>>> Nothing. So I go into Windows Explorer and look at the Security
>>> setting on the Properties dialog. I attempt to remove the users in
>>> the Security section and it tells me that I have to stop inheriting
>>> permissions. So I go to stop inheriting permissions and tell it to
>>> remove everything. Now nobody's listed in the Securities section.
>>> Windows warns me that only the create of the file will be able to
>>> access it. I look in Cygwin with ls -l and the mode bits are the
>>> same. I try the chmod again and there is no change! So I add my user
>>> back to having full control. My user is the only user listed now but
>>> the mode bits are still 644.
>>> 
>>> When I try to ssh $(hostname) cmd I get:
>>> 
>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> Permissions 0644 for '/us/adefaria/.ssh/id_rsa' are too open.
>>> It is recommended that your private key files are NOT accessible by
>>> others.
>>> This private key will be ignored.
>>> bad permissions: ignore key: /us/adefaria/.ssh/id_rsa
>>> 
>>> Now what?!?
>>> 
>>> (It would be nice if somebody who really knew the algorithm could
>>> explain Windows permissions and how they are mapped to Unix mode bits).
>> 
>> Or you could just look at the FAQ:
>> 
>> Why doesn't chmod work?
>> <http://cygwin.com/faq/faq_toc.html#TOC45>
> 
> All that this says is to insure that you have ntsec set. I have it set.
> chmod still doesn't work! BTW I'm on Windows XP and use NTFS. My home
> directory is on the server (/us is a mount of //<server>/<share>).

Aha! Then have a look at smbntsec.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/