Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Mon, 23 Feb 2004 14:34:22 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Richard Duran <rduran AT dallasairmotive DOT com>
cc: cygwin AT cygwin DOT com
Subject: Re: ssh issue
In-Reply-To: <1077564064.11778.72.camel@gv-rduran.dalair.com>
Message-ID: <Pine.GSO.4.56.0402231427510.12338@slinky.cs.nyu.edu>
References: <1077564064 DOT 11778 DOT 72 DOT camel AT gv-rduran DOT dalair DOT com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

On Mon, 23 Feb 2004, Richard Duran wrote:

> We are running an "automounter" service as a DomainAdmin (because
> LocalSystem doesn't have access to networked items). When we ssh into
> the box we can see all the network drives under "/cygdrive". However,
> when we set up ssh-passthru to that root AT linuxserver can connect to
> DomainAdminUser AT cygwinserver without need to authenticate. Then upon
> logging in, only the local drives are visible to the user. Removing the
> entry in $HOME/.ssh/authorized_keys fixes the issue, but we need to be
> able to have passthru access. We tried having sshd run as the same
> DomainUser, but then only passthru works. When a password is requested,
> a permission denied error is returned even though the correct password
> is entered.
>
> Any suggestions?
> -richard

Richard,

IIRC, this is an inherent limitation of passwordless authentication on
Windows -- the token created with passwordless authentication will not be
accepted (trusted) on the network server.  There really isn't a good
solution to this, other than, perhaps, running two ssh daemons -- one as
LocalSystem for regular ssh access, and one as DomainAdmin (on a different
port) for passthru.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/