X-Spam-Check-By: sourceware.org
Message-ID: <461FD25D.8020608@cygwin.com>
Date: Fri, 13 Apr 2007 14:56:29 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070308 Fedora/1.5.0.10-2.fc4.remi Thunderbird/1.5.0.10 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: public key authentication headache issue/solution documentation
References: <461FBCFE DOT 1090008 AT berndtgroup DOT net>
In-Reply-To: <461FBCFE.1090008@berndtgroup.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Florian Mosleh wrote:
> Hello,
> 
> I've just resolved an issue I had with public key authentication for ssh
> in cygwyn. I needed to automate an rsync pull from a box running cygwyn.
> The client is an antiquated redhat system. I was unable to successfully
> execute remote commands after authenticating with a keypair. I was
> finally able to resolve the issue by running the sshd service as the
> user used for authenticating the ssh session and chowning various ssh
> related files to the user (notably /var/log/sshd.log). I'd like to
> recommend more documentation on this issue. It had a relatively simple
> fix which, nonetheless, eluded me for several days.

This is part of the FAQ, though all the nitty-gritty isn't there for
"recovering" from running it as a privileged user (SYSTEM, sshd_server,
etc).  It is in the email archives though (exact pointer left as an
exercise for the reader ;-) ).:

<http://cygwin.com/faq/faq-nochunks.html#faq.using.shares>



> If you have an alternate recommendation that better conforms to best
> practices, please let me know. The ssh-host-config script spews various
> useful bits of knowledge. Something along the lines of "For possible
> issues with public key authentication please see <file>" might be nice.


For the upcoming Cygwin 1.7, there is an authentication module that will
make the above gyrations unnecessary.  If you're interested in
investigating this, grab a snapshot <http://cygwin.com/snapshots/> and
read the thread:
  <http://www.cygwin.com/ml/cygwin-developers/2006-07/msg00013.html>


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/