X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=roqNG28EtG/dX0FK gGEss9VzJzkdb/8TTkISwh8t0EtUp6E6JK3y3YdXoMIJNe+mNNok7E4vPq2tB7zY CknFAbPZ7Ms8zv/kz4g9HqvwqWIcdHIO+tnCS9o/SxsXMQhdKG2vIP5xfYLDVkVB oesRj5WLmYlkCU8EI59rU4e3bwQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=TW88c3J/STYwBRWmEq00qy LnfCg=; b=tr09fE0aHF1swmIBSEujIBCUVnHda+TgBn3N4qKB2Tk29OG0DBI2zt YgJGliQRgt84jrNyC42KIjVhJLQ1vY54y6n/NGDqyCHYkvRvtG34CGC7gZOXGd6b pZlc6oArkRtpZOH7SN559ipcSGTTQOLajOkLJ91V73bSYFdwmkA9E= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: vms173009pub.verizon.net Message-id: <528D3F0F.4070405@cygwin.com> Date: Wed, 20 Nov 2013 18:00:31 -0500 From: "Larry Hall (Cygwin)" Reply-to: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Sshd and key based authentication References: <5289C8BD DOT 1010109 AT netfence DOT it> <1679047089 DOT 20131118122233 AT mtu-net DOT ru> <5289DB39 DOT 7030408 AT netfence DOT it> <528CF357 DOT 3020000 AT netfence DOT it> In-reply-to: <528CF357.3020000@netfence.it> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 11/20/2013 12:37 PM, Andrea Venturoli wrote: > On 11/18/13 10:17, Andrea Venturoli wrote: >> On 11/18/13 09:22, Andrey Repin wrote: >> >>> Did you installed Cygwin LSA module? >>> http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 >> >> I don't think so, but I can't check right now... >> >> Should I? > > Hello. > > Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted: > still no luck. > > I raised the loglevel to DEBUG3 and verified sshd was *always* looking for > /home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in. > > So, if I do "ln -s /home/user /home/cyg_server", then ssh user AT server works > without password prompt!!! > Of course I know the security implications of this... Hm, thinking about this a little more, if you're still trying to log in with domain users, your best bet is probably option 3 in the Users Guide. Since option 2 is using the Local Security Authority (LSA), it's not going to get better at authenticating domain users than the default mode unless the user you run the service as can authenticate domain users. So in this respect, it's the same thing as the default option (the first option in the Users Guide). Option 3 authenticates with the password though so it should be much more like normal ssh password authentication. Give it a try and let us know if my thought experiment works in the real world. :-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple