Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: Gary Whitehead To: cygwin AT cygwin DOT com Subject: HostBasedAuthentication with OpenSSH Date: Wed, 8 Sep 2004 14:50:08 +0200 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200409081450.08176.gary@whitehead.com> X-ID: VTwPI-ZrZeq7uuw4gGxkWRLYY8O7VcWUhJJPDvBVl8lcnKPeyLrVcD AT t-dialin DOT net X-TOI-MSGID: aa860fdd-d0b1-451c-8889-2c6af42963e1 X-IsSubscribed: yes Hi All, I am fighting trying to get outward HostBasedAuthentication working with the ssh client under Cygwin on WinXP (SP2). As a quick background I am using OpenSSH for logging in to machines remotely on my small (and heavily firewalled) home network. My main reason for using this method is convenience, since inside this network security is secondary (i.e. nfs is running...). What I wish to achieve is to be able to use "ssh hostname -n command" to launch X clients from my server using X11 forwarding, and to set these up as windows launch icons. (What I really want is to able to easily launch kmail on my windows desktop..) In a nutshell, when I try to connect using the Cygwin ssh client I get the following response on the windows machine: ----------------------- bash-2.05b$ ssh atlantis could not open any host key ssh_keysign: no reply key_failed gary AT atlantis's password: ------------------------ Suffice to say this works from other unix/linux machines on my LAN, and I get a session without having to enter a password. My understanding of this is that the message "could not open any host key" is generated by keysign, and I guess is a permissions problem (the key files are owned by SYSTEM:None and have appropriate looking permissions for ssh key files (in particular rw only for SYSTEM for the private keys)). I have tried enalbing and disabling EnableSSHKeysign in ssh_config without any success (when disabled it complains that keysign is not enabled). CYGWIN is set to "server ntea ntsec binmode". I will be honest, I understand unix permissions pretty well, but am somewhat confused by the (necessary) mixture of windows and unix permissions in Cygwin, not helped by being a reluctant windows user. Anyone have any pointers to help me here....? I have appended my ssh_config file. Cheers, Gary. # $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * ForwardAgent yes ForwardX11 yes RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes HostbasedAuthentication yes EnableSSHKeysign no # BatchMode no CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask #IdentityFile ~/.ssh/identity #IdentityFile ~/.ssh/id_rsa #IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/