X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding; q=dns; s=default; b=kkVl0ErrMF17GLblbFLhiKzfclnWMWW+JdEEneA4xfG Zp5pIRpIPdZ7Opb0h1fm59K6PNL+Vxk3Jm/7340l3ZVvFIJPqbtfXAt45RV2zh+o TFHU6mLAkMQLpyVHBKiahngF3y0HTnPhfIyJOQMs0LgH79EvjYFUHEj0RxWUcL3U = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding; s=default; bh=4bom+NcbhQUiLJSphTa+klD9M38=; b=YLbv+as9NhWgTCoaQ byBKPo0X1o0TV7n6sgpaONxX8GCw9/vHil+3qt6Q0yiqgBGubTLUU+Geet2KJvEF KdzQANLHsxpj4Cc72AjTYnFKA0TwH/ktyiNaYy/FP4Ea/7m7pOWrA6JIQMa7S8AO 2OF58CvnWz4QkYz2+kj0kKyNmQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=2.0 required=5.0 tests=AWL,BAYES_80,KAM_ASCII_DIVIDERS,KAM_INFOUSMEBIZ,KAM_LAZY_DOMAIN_SECURITY,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 X-HELO: mail.pdinc.us From: "Jason Pyeron" To: References: In-Reply-To: Subject: RE: [cygwin] sshd and smart card support Date: Sun, 27 Sep 2015 14:18:03 -0400 Message-ID: <34B38F182E57409AA0C31A520B919160@black7> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-IsSubscribed: yes > -----Original Message----- > From: Jarek C. > Sent: Sunday, September 27, 2015 4:45 AM > > After a lot of struggling with trying to get sshd work with > regular domain accounts I found an alternative bit of > software I then installed for a test. After a failed test, > looking thrugh the logs of that ssh server I found an > interesting piece of information possibly explaining why it > wouldn't work with my initial setup. It turned up that all > the domain accounts I used for testing have a requirement > associated with the account AD object to use smart cards for > logon pourposes. I never seen this mentioned in cygwin sshd > logs as a reason for failed connection but only a statement > that the logon name or password was incorrect. I don't > suppose there is a workaround but maybe something worth > implementing in sshd logs to cover this sort of scenerios as > likely no one was expecting this to be causing access problems. 1. Getting ssh to work with smartcards would be the first step. This requires working with the smartcard middleware / applets. There are many people out there who would be interested in this. 2. Getting sshd to interact as if a smart card was presented... This is a lot less likely to succeed. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple