Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sun, 18 Sep 2005 12:11:09 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: SSH Client Odditie with shosts on 2K/2K3/XP??
Message-ID: <20050918101109.GC5555@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <s32ce8ad DOT 075 AT gwiaweb DOT it DOT luc DOT edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <s32ce8ad.075@gwiaweb.it.luc.edu>
User-Agent: Mutt/1.4.2i

On Sep 18 04:09, Bill Martin wrote:
> I am utterly confused . . . 
> 
> Win2K3 Server latest patches, latest install of Cygwin (DLL version: 1.5.18)
> and OpenSSH (openssh 4.2p1-1). No trouble getting SSHD to behave properly
> once configured; I can authenticate to this box via shosts from remote Linux
> and UNIX systems.  I cannot use the Cygwin SSH client to do host based
> authentication to another server that I typically can SSH to via host base
> (-o PreferredAuthentications hostbased) or even to the localhost.
> [...]
> I even went to far as to setuid on the ssh.exe, so what AM I missing?

setuid has no meaning in the Windows environment and it's so far not
doing anything useful on Cygwin.  And this is basically already your
problem.  ssh doesn't access the private hostkeys by itself, since
it knows that it can't access them usually.  It starts ssh-keysign
which would have to be setuid root (well, SYSTEM, or sshd_server on Cygwin)
to be able to access the private hostkeys.

So, bottom line, hostbased authentication is not supported on Cygwin
so far.  As a workaround, you could try this:  Use setfacl to add the
user which wants to use hostbased authentication to the ACL of the
private host keys in /etc.  Maybe this works.  But of course this is
NOT AT ALL recommended due to security concerns.  Use user based
pubkey authentication instead.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/