Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 04 May 2005 20:30:32 -0700
From: David Rothenberger <daveroth AT acm DOT org>
Subject: Re: SSHD key based authentication hangs cscript
In-reply-to: <200505050247.j452leC13427@webmail.pulsemining.com.au>
To: Stuart Westbury <swestbury AT pulsemining DOT com DOT au>
Cc: cygwin AT cygwin DOT com
Message-id: <42799358.1020409@acm.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit
References: <200505050247 DOT j452leC13427 AT webmail DOT pulsemining DOT com DOT au>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com

On 5/4/2005 7:46 PM, Stuart Westbury wrote:
> On a similar note, can anyone who may have had this issue suggest any
> alternative way to run remote commands on a windows box from linux with some
> form of transparent authentication, or am I dreaming? :) 

You can install an sshd service under a user account. Users logging into 
that service as the user running the service will have a complete 
Windows authentication token.

There are some caveats, though. You can only login as the user running 
the service. So, if you need to run commands on the remote Windows 
machine as a number of different users, you'd need to set up a separate 
sshd service for each user. (Note this is not a restriction on the 
number of users on the linux box that can invoke remote commands on the 
Windows machine, only on the number of users those remote commands are 
run as.)

If you do this, each server needs to be on a separate port and each 
server will need its on configuration file and host keys (and you'll 
have to specify the configuration file in the command-line of the 
service when you install it). Also, you'll need to disable privilege 
separation.

BTW, you can still run a server as SYSTEM (on some port) for more 
general-purpose remote access.

-- 
David Rothenberger                spammer? -> spam AT daveroth DOT dyndns DOT org
GPG/PGP: 0x7F67E734, C233 365A 25EF 2C5F C8E1 43DF B44F BA26 7F67 E734

There's a lesson that I need to remember
When everything is falling apart
In life, just like in loving
There's such a thing as trying to hard

You've gotta sing
Like you don't need the money
Love like you'll never get hurt
You've gotta dance
Like nobody's watching
It's gotta come from the heart
If you want it to work.
		-- Kathy Mattea


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/