X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
From: "Peter Klavins" <klavins AT netspace DOT net DOT au>
To: <cygwin AT cygwin DOT com>
References: <47B8B282 DOT 1050609 AT cygwin DOT com>
In-Reply-To: <47B8B282.1050609@cygwin.com>
Subject: RE: Success in accessing network shares on windows through sshd
Date: Sun, 24 Feb 2008 19:02:16 +0100
Message-ID: <004101c8770f$64e9ae30$2ebd0a90$@net.au>
MIME-Version: 1.0
Content-Type: text/plain; 	charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Content-Language: en-au
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Larry Hall wrote:
> Currently, the way to get what you want is to ssh in with password
> authentication.  That way, Windows knows who you are and that you are
> allowed access to network shares.  When you ssh in with pubkey
> authentication, you are not authenticated through Windows but
> rather the user running the sshd service.  So you don't have access
> to your mapped network drives (automatically) since Windows doesn't
> recognize you as you.  The fact that you can have a screen session that
> was started locally (as you) on that remote machine and then reconnect to
> that session when you log in with pubkey ssh in no way means that ssh now
> understands you as you.  It just means you've connected up to a local
> instance of screen started by a fully authenticated session.  This is doing
> nothing more than ssh with password authentication but with added user
> hassle, since they need to be co-located with the remote machine so that
> they can start up an authenticated screen session to leverage from their
> ssh (pubkey or not) session.  I don't see that as a better option than just
> sshing in with password authentication and skipping all the extra effort of
> creating a local session of screen first.

Just a thought:  Has there been any work done in the past to create a Windows
Security Service Provider that implements SSH2?  My first impression is that
a custom sshd SSP integrated into Windows itself would be a way to enable
sshd running as a service to impersonate a real Windows user.

http://msdn2.microsoft.com/en-us/library/aa374785(VS.85).aspx

Peter K.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/