X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; q=dns; s=default; b=jNT
	z0SDxXp/41lxi+o+kjlpLd/bNrewFf6DERE9yHl24vcbA8HkIxQZq8a3yMbh0u0D
	3P5/05cc0fVn9k3UzrqSs7w8VZ2F2jEIojzvPGJrN86tsSos7qV1FRn1M3lodtHS
	oGUkLK1FHuUEgX2Wffor0Kd4lpad6/Xi1p52UGd4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; s=default; bh=474SXKtE6
	uMe5RJL9q6pfYULyyM=; b=qSkFpsPIoY59zS3Z/KFVTtCzI5JVymG6D6TofW7si
	fytDllRDu5NhL828/7RkFVBNePc/yxRTVv/mBtv+M2hjdtDTS55z5rQOj5+fqfyw
	Yzybpy298KavZrZqdzuAnJBdKAMYpV42cI1z5xx4a4cfuIU/Fap24KKDpjcBj75J
	mo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.6 required=5.0 tests=AWL,BAYES_50,RDNS_NONE autolearn=no version=3.3.2
X-HELO: cp-out8.libero.it
X-CTCH-Spam: Unknown
X-CTCH-RefID: str=0001.0A0C0208.5289C8BD.01B3,ss=1,re=0.000,fgs=0
X-libjamoibt: 1555
Message-ID: <5289C8BD.1010109@netfence.it>
Date: Mon, 18 Nov 2013 08:58:53 +0100
From: Andrea Venturoli <ml AT netfence DOT it>
User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Cygwin Mailing List <cygwin AT cygwin DOT com>
Subject: Sshd and key based authentication
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Hello.

I'm trying to set up sshd on a Windows 2003 domain controller.
Everything works with password authentication; however I need this for a 
script, so, in order to get non-interactive login, I must use keys.
Tried as hard as I could, but I could not achieve this: I'm always asked 
for a password.



I read several posts which say I need to use local accounts, not domain 
accounts; however, the machine being a DC, I don't have Local security 
policy or Local users in Control panel or Administrative tool.

So, this is the fragment from my /etc/passwd:
> sshd:unused:2259:513:sshd privsep,U-MYDOMAIN\sshd,S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX:/var/empty:/bin/false
> cyg_server:unused:2265:513:cyg_server,U-MYDOMAIN\cyg_server,S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXXX-XXXX:/home/cyg_server:/bin/bash

"ssh -vvv" suggest the key is presented to the server, but key 
authentication does not succeed anyway. Nothing special is logged 
server-side and ssh moves on to password authentiation.



On with the questions...

Is this supposed to work? Several posts say so, but no one mentions a 
domain controller... Does it bring in anything special?

Are the above users correct? Any problem with it?

What are correct ownership and permissions of /home, /home/myuser, 
/home/myuser/.ssh and /home/myuser/.ssh/authorized_keys?

According to some how-tos, ssh-host-confing should have prompted with 
"CYGWIN=" and I should have replied "tty ntsec", but this did not 
happen. Other how-tos suggest putting this variable in the environment.
Is this information current or obsolete? I tried and it didn't seem to 
matter...



Any other hint?

  bye & Thanks
	av.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple