X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=IvJwcsEYmVlTlGIb V3/FeSMc3yCQnb3U8lJyb93LDZozP1NrbAC7Q0bSoAcEBiyIeQW0IYuLXBwQRiQK OlSWrHqn9r8wotX2wgSdosfZ6kuRYXhr1QC9jxeyYbwfrFb3yowfKqXyP2WSnqox Gto/G4jRHxTjioGewrD3+FAIyu0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=gyMyXpR8E+f9+x17vZsR8F whpac=; b=C6sCvI98c6PKh/aJhZBxStZmNTesCtxkIlZme0MFbU52Io/aWtOBIn qB9xA/Xu9LFWTUwtszGb4KRlpOd+AH/PErwIFsTTzGI16lciGv2coPhAEIzDJTLP ZBCApM9cwyj05cy/9CqdnvPwVJ4KCChDFGE7nL5e6LyWEn46EC9bA= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=4.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Date: Mon, 20 Jul 2015 01:38:59 +0300 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <1301881165.20150720013859@yandex.ru> To: Jarek , cygwin AT cygwin DOT com Subject: Re: Cygwin ssh and Windows authentication In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Jarek! > I'm still quite new to Cygwin. I'm using the most recent version to > install the ssh component on Server 2012R2 member server since it > happened to become a requirement for certain users. The problem I have > is to understand how to allow access for domain groups. I read the new > version doesn't even need the /etc/passwd and /etc/group files any more > but I couldn't see any explanation as to how to allow users or groups > permission to ssh to the cygwin sshd server. Short version is that you need SSH server running under domain user. Which needs to be created prior to starting ssh-host-config. > Running ssh-host-config answering yes to all questions except the one for > using other user than the cyg_server I set up the ssh daemon. Not knowing > any other way I created the /etc/passwd file with $mkpasswd -l > /etc/passwd These files no longer need, but in your specific case, you actually just screwed your setup. > which dumped all local users into the file. I successfully added a domain user > with $mkpasswd -u [domain_user] -D [domain] >> /etc/passwd. That's not how it works. > This worked just fine creating the /home/[user] folder I think although > I haven't checked if it didn't get created earlier since I installed > Cygwin under that user account. No idea though how to get this working > without the use of /etc/passwd file. I then created the /etc/group file > and added my selected domain user group to it. Unfortunately in this > case members of the group cannot connect via ssh. I don't know if there > is a way to list all users including group members with access > permissions. $net user lists only users. I tried $net group but this > seems to be limited to DCs only which I have no access to. Could someone > please explain how can this be set up and what tellls Cygwin who can > connect and who can't? http://cygwin.com/faq/faq.html#faq.using.sshd-in-domain It was there all the time. -- With best regards, Andrey Repin Monday, July 20, 2015 01:35:00 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple