Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Wed, 8 Sep 2004 16:51:06 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: HostBasedAuthentication with OpenSSH Message-ID: <20040908145106.GI17670@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <200409081450 DOT 08176 DOT gary AT whitehead DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200409081450.08176.gary@whitehead.com> User-Agent: Mutt/1.4.2i On Sep 8 14:50, Gary Whitehead wrote: > Hi All, > > I am fighting trying to get outward HostBasedAuthentication working with the > ssh client under Cygwin on WinXP (SP2). Hostbased authentication isn't tested on Cygwin. Since ssh-keysign needs read access to the private local host keys and these keys are not world-readable, ssh-keysign must be set-uid root (read: "system"). But set-uid isn't implemented on Cygwin so that's bound to fail. What you could try if security isn't an issue for you is, use setfacl to add read perms for your account to the ssh host keys like this: setfacl -m u:$USER:r-- /etc/ssh_host_*_key However, consider to switch over to public key authentication with either a private key w/o passphrase or, better, use ssh-agent/ssh-add on your local machine. That's the usual technique and should have the same result for you, including convenience. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/