Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Question about cygwin sshd and StrictModes
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
Date: Wed, 10 Dec 2003 09:17:23 -0800
Message-ID: <C75BC7A96CFE2C44B38C639E4362739E018A29A1@postman.ms.polyserve.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
From: "Matt Berney" <mberney AT polyserve DOT com>
To: "Cygwin List" <cygwin AT cygwin DOT com>
Cc: <cygwin-lh AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id hBAHI9YG028800

Thanks for the no-help.  I have already read all relevant documentation that I could find.  That is the reason for posting a message to the group.  In the future, if you wish to be helpful, please offer more than RTFM.



-----Original Message-----
From: Larry Hall [mailto:cygwin-lh AT cygwin DOT com]
Sent: Tuesday, December 09, 2003 7:40 PM
To: Matt Berney; cygwin AT cygwin DOT com
Subject: Re: Question about cygwin sshd and StrictModes


At 07:22 PM 12/9/2003, Matt Berney you wrote:
>I have a question about the /etc/sshd_config file under cygwin.  I have cygwin v1.5.5 and openssh 
>
>Cygwin Package Information
>Package                 Version
>cygwin                  1.5.5-1
>cygwin-doc              1.3-6
>
>openssh                 3.7.1p2-1
>openssl                 0.9.7c-1
>openssl-devel           0.9.7c-1
>openssl096              0.9.6j-1
>
>What is the recommended technique to allow for ssh without passwords?  


Read /usr/share/doc/Cygwin/openssh.README


>Here is my procedure:
>  1)  on the server, ssh-host-config
>  2)  on the server, ssh-keygen -d (no passkey e.g. blank)
>  3)  on the server, net start sshd
>
>  4)  on the client, ssh-keygen -d (no passkey e.g. blank)
>  5)  on the client, scp ~/.ssh/id_dsa.pub qar50s1:
>
>  6)  on the server, cat id_dsa.pub >> .ssh/authorized_keys2
>
>All of this works just fine until I change the /etc/sshd_config file to set StrictModes to yes
>
>[sshd_config]
>StrictModes yes
>
>
>What do I have to do to make this work?  Here is the debug output:
>
>OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
>debug1: Reading configuration data /etc/ssh_config
>debug1: Connecting to qar50s1 [10.11.50.1] port 22.
>debug1: Connection established.
>debug1: identity file /home/mberney/.ssh/identity type -1
>debug1: identity file /home/mberney/.ssh/id_rsa type -1
>debug1: identity file /home/mberney/.ssh/id_dsa type 2
>debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
>debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>debug1: Host 'qar50s1' is known and matches the RSA host key.
>debug1: Found key in /home/mberney/.ssh/known_hosts:85
>debug1: ssh_rsa_verify: signature correct
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>debug1: SSH2_MSG_NEWKEYS received
>debug1: SSH2_MSG_SERVICE_REQUEST sent
>debug1: SSH2_MSG_SERVICE_ACCEPT received
>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>debug1: Next authentication method: publickey
>debug1: Trying private key: /home/mberney/.ssh/identity
>debug1: Trying private key: /home/mberney/.ssh/id_rsa
>debug1: Offering public key: /home/mberney/.ssh/id_dsa
>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>debug1: Next authentication method: keyboard-interactive
>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>debug1: Next authentication method: password
>root AT qar50s1's password:
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/