X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=ZaNE3Y/fM/Ogjeg2 Y4lTpvY1gV3SRglzIvw74LUy/LxtjUPvpW1wzooLx5qvP4MvoB0tIsfs9cnd4gVA hvPg3XKd9mNete2YHIyXHK5c05pFZETxkCcNY0uWyeA222LW+tDZiw+tffn3rcbl EghxtN65b8dJgzGTFEDwsoC4eSU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=H6klG5o55J+lOj4pIE7Gab 3bdUo=; b=s0lQ0c5HUhikmbX1mNTOyo1ikzUwn8T6zWyB0v0IihWH+E7jGmiCtE QG/igIHmDLLWgICdHYaTZdNYrYQ01nXcdUVnbvs060pUv3/QVfHRaR8hW0i0cu3x /uqRRFKK4TBefzCnRS10RM+Qz2puSoG6PaQ2so4+orcTUKP6ndqSQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: vms173003pub.verizon.net Message-id: <528A581F.2060607@cygwin.com> Date: Mon, 18 Nov 2013 13:10:39 -0500 From: "Larry Hall (Cygwin)" Reply-to: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Sshd and key based authentication References: <5289C8BD DOT 1010109 AT netfence DOT it> In-reply-to: <5289C8BD.1010109@netfence.it> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 11/18/2013 2:58 AM, Andrea Venturoli wrote: > Hello. > > I'm trying to set up sshd on a Windows 2003 domain controller. > Everything works with password authentication; however I need this for a > script, so, in order to get non-interactive login, I must use keys. > Tried as hard as I could, but I could not achieve this: I'm always asked for > a password. > Is this supposed to work? Several posts say so, but no one mentions a domain > controller... Does it bring in anything special? If you want/have to use domain user logins, then you need to create a domain equivalent of 'cyg_server'. You can use the scripts that 'ssh-host-config' uses as a guide to do this but the actual process must be done by hand and you need access and permission on your domain controller to set this up. 'ssh-host-config' will not handle this case for you. > Are the above users correct? Any problem with it? For local users, no, no problem. > What are correct ownership and permissions of /home, /home/myuser, > /home/myuser/.ssh and /home/myuser/.ssh/authorized_keys? 'ssh-host-config' will set these up for you. I suggest you use it. > According to some how-tos, ssh-host-confing should have prompted with > "CYGWIN=" and I should have replied "tty ntsec", but this did not happen. > Other how-tos suggest putting this variable in the environment. > Is this information current or obsolete? I tried and it didn't seem to > matter... Yes, this information is obsolete. This is the main reason we recommend not using various How-To guides that you'll find littered around the Internet. > Any other hint? If a domain service account isn't an option, look at the other options listed in the User's Guide: Method 2 or 3 might be sufficient for your need. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple