Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Injected-Via-Gmane: http://gmane.org/
To: cygwin AT cygwin DOT com
From: Andrew DeFaria <ADeFaria AT Salira DOT com>
Subject: Passwordless login with ssh
Date: Wed, 15 Oct 2003 16:51:58 -0700
Lines: 65
Message-ID: <bmkmdl$82i$1@sea.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet AT sea DOT gmane DOT org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en

Sorry, I searched the list and did not get a definitive answer. What I'm 
trying to do is to secure things up a little bit around here. I would 
like to use ssh. But I also want to allow valid users to ssh <remove> 
<command> without being prompted for a password. I'm not sure this is 
doable.

Reading from openssh-3.7.1p2-1.README I see

    Authentication to sshd is possible in one of two ways. You'll have
    to decide before starting sshd!

    - If you want to authenticate via RSA and you want to login to that
    machine to exactly one user account you can do so by running sshd
    under that user account. You must change /etc/sshd_config to contain
    the following:

    RSAAuthentication yes

    Moreover it's possible to use rhosts and/or rhosts with RSA
    authentication by setting the following in sshd_config:

    RhostsAuthentication yes
    RhostsRSAAuthentication yes

Seems to me that the above says I can only use RSA Authentication IFF 
I'm only want to allow one username to be able to login. Or

    - If you want to be able to login to different user accounts you'll
    have to start sshd under system account or any other account that is
    able to switch user context. Note that administrators are _not_ 
    able to do that by default! You'll have to give the following
    special user rights to the user:

    "Act as part of the operating system"
    "Replace process level token"
    "Increase quotas"

    and if used via service manager

    "Logon as a service".

    The system account does of course own that user rights by default.

    Unfortunately, if you choose that way, you can only logon with NT
    password authentification and you should change /etc/sshd_config to
    contain the following:

    PasswordAuthentication yes
    RhostsAuthentication no
    RhostsRSAAuthentication no
    RSAAuthentication no

    However you can login to the user which has started sshd with RSA
    authentication anyway. If you want that, change the RSA
    authentication setting back to "yes":

    RSAAuthentication yes

Seems to say that I can allow multiple users to login with ssh but I 
can't allow RSA authentication, hence I can't have passwordless logins. 
Is there any way to allow passwordless logins through ssh for a group of 
people?
-- 
A flying saucer results when a nudist spills his coffee.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/