X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :reply-to:mime-version:content-type:content-transfer-encoding :in-reply-to; q=dns; s=default; b=MiPUWWAW81jQPrwIjVx9sicTZjClZ+ elwBKATj6BzAIuuaxgm7DmhtFnOIVFhQZ5vKy7Q8bPk+Wkk0J0KIyJiakhUkVR8s JQDc/qnIeMD8QwwJZ9vGFFMjazoXnNPe2Opw7SOvHzd6A+y2YXuFzOv+bVBXduE/ EQFiQx0zuniaQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :reply-to:mime-version:content-type:content-transfer-encoding :in-reply-to; s=default; bh=xH47RiaTGKxkaflympD5ml3DPjk=; b=WyzH OgeaRTe3PDelKENgRQUBZ3uU017V74AMJCa9U3KW0qr0V9lLrAN1Mrd4SSg1CAVL 0SthB+47UF6zbP8QkhVYLMfOhbhoEsdItKgGycMr8ZMOAt0rv0u8HFG2dCtb90aH ZvKpzy28LYE6CsuM/oEWAYEdpDtbv3Ere3DyLFk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: plane.gmane.org To: cygwin AT cygwin DOT com From: "Roger Vicker, CCP" Subject: Re: CYGWIN - As admin setup other users SSH for them? Date: Tue, 10 Jun 2014 15:56:09 -0500 Lines: 44 Message-ID: References: <5390204E DOT 2050300 AT etr-usa DOT com> Reply-To: rvicker AT vicker DOT com Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666 In-Reply-To: <5390204E.2050300@etr-usa.com> X-IsSubscribed: yes On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that: > On 6/4/2014 16:05, Roger Vicker, CCP wrote: >> 3) deliver the private key to the user along with the rest of the >> instructions on how to use it in the provided apps. > How were you planning on delivering these sensitive private keys? Via > insecure email, perhaps? These particular users are barely computer literate so I would be copying the private keys directly to their Android devices and setting up the apps that need to use SSH as a tunnel to connect to their server side apps. > Use ssh as it was designed: have the users generate their own local > keypairs, and have them email the public key to you. The words we use > here mean something. The *public* key goes out over the public link, > and the *private* key stays at home. > I know security. That is why we are implementing SSH with keys to further secure a remote protocol. VPN is not as practical given the level of the users, the specific remote devices and app. > It's not like the commands are difficult. They set up a local Cygwin, > add the openssh package, then say: > > $ ssh-keygen > ...press Enter a bunch of times... > $ cat ~/.ssh/id_rsa.pub > /dev/clipboard > ...compose email to rvicker, paste > >> With out their passwords I can't login to establish their $home >> directory structure, > Take a look at /etc/profile, starting at line 75. See the stuff about > /etc/skel? That's how the user's home directory gets set up. Nothing > magic here. You could cut those couple-dozen lines into a new script > and tweak it for your purposes. > > The only trick is that if you do all this as administrator, you'll > have to say something like > > # chown -R otheruser.otheruser ~otheruser > > after you get done setting up the user's home directory. > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple