X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.3 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Message-ID: <4ED56819.6050707@etr-usa.com> Date: Tue, 29 Nov 2011 16:17:45 -0700 From: Warren Young User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: Cygwin-L Subject: Re: Passwordless sftp with ssh 5.9 still asks for password References: <9E9DD545D034B84B935BB50A739B078B0551DD6893 AT sha-exch12 DOT shared DOT ifeltd DOT com> In-Reply-To: <9E9DD545D034B84B935BB50A739B078B0551DD6893@sha-exch12.shared.ifeltd.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 11/29/2011 2:49 PM, Andrew Erskine wrote: > > ssh-keygen -t dsa "-t [keytype]" is a default flag these days, and it defaults to RSA, not DSA. Unless you know for a fact you need DSA keys for some odd reason, leave this flag off and accept the default. (ssh itself doesn't care what kind of key you use, as long as both ends have support for the key type you want to use. Since every ssh implementation I've used since *forever* supports both RSA and DSA, the only way I can see why you'd want to use DSA is if you had some weird third-party tool that only understood DSA keys.) > Accept the default > key location, C:\Documents and Settings\nhuser\.ssh\id_dsa, Why would that be the default location, if you are using Cygwin tools? Shouldn't it be something like c:\cygwin\home\nhuser\.ssh\...? You can change your HOME to anything you like, but that's not the default with Cygwin. > 2. Copy the public key, id_dsa.pub, to all remote poller systems More superannuated information. Use the ssh-copy-id script instead of this manual process they're running you through. It Does The Right Thing (TM) and it's included with recent versions of the openssh package in the default Cygwin package repo. If you aren't using official Cygwin packages or you are insisting on using old stuff, you get what you deserve. :) > 4. Copy the public key into the authorized_keys2 > file, using the following command: copy /b id_dsa.pub > authorized_keys2 That overwrites authorized_keys2, rather than appending to it as claimed. Plus, you should be talking about authorized_keys, no numeral. If I'm wrong and sshd *will* look for a '2' file, the problem is likely to be permissions. It won't use the file if it isn't locked down, since that means you have only the illusion of security, and it won't play into a fantasy. But if you use ssh-copy-id, you don't have to worry about any of this. Updating this file correctly is one of the things it does for you. > Restart the cygwin Windows service Not needed. sshd re-reads authorized_keys on each login attempt. > D:\cygwin\bin>... You'll get a lot less friction with Cygwin tools if you use the Cygwin Bash shell instead of CMD. ssh-copy-id is a shell script, so you'll have to jump through some hoops to even run it from a CMD shell, whereas it behaves just like any other command when you're running *any* Cygwin shell, not just Bash. > Regards Andy Sent from my iPhone You typed all that on a screen keyboard? That's dedication. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple