Re: question about OpenSSH in cygwin

From: Nathan Jackson (c.cured_at_gmail.com)
Date: 08/12/05

  • Next message: Bill Moran: "Re: Anyone with a technique for accomplishing chroot using sftp" 
    Date: Fri, 12 Aug 2005 10:36:49 +0200
To: Sander Morsink <smorsink@planet.nl>

    Samor,

    A few pointers for you:

    1. Disable your guest account
    2. Every user on your system should have a password!
    3. If you didn't have passwords setup before then the chances are that
    your new passwords are weak. I would suggest setting up public key
    authentication in SSH as the only means of authenticating to your
    machine.

    There's a nicely detailed article on how to set this up at
    http://www.cs.unm.edu/~venkata/ssh.html

    Once you have done this and tested that pubkey auth works, you will
    need to modify your sshd_config to turn off passphrase auth and allow
    only pubkey auth. It should end up looking like the following (note,
    anything commented out in the config file is a default value and
    doesn't need changing):

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    PasswordAuthentication no
    #PermitEmptyPasswords no

    HTH,

    Nathan

    On 8/11/05, Sander Morsink <smorsink@planet.nl> wrote:
    > Hello,
    >
    > I've succesfully installed openssh under cygwin. (according to
    > http://pigtail.net/LRP/printsrv/cygwin-sshd.html)
    >
    > I'd just want to make sure things are set up ok....
    >
    > my own user account, which has a password now, has ssh access. is it
    > right that the administrator and guest account don't have access and
    > that any other account without a password doesn't either? I don't want
    > them to either, just want to make sure that a smart kid somewhere can't
    > get in due to some silly thing I forgot to turn off :)
    >
    > Thanks,
    >
    >
    >
    > Samor
    >
    >
    >
    >

  • Next message: Bill Moran: "Re: Anyone with a technique for accomplishing chroot using sftp"

    Relevant Pages

    • Re: SBS 2003 server sharing a folder to a non authenticated user or device (can it be done?)
      ... Plus exchange and SQL do consume quite a bit of non-paged pool and this has the effect of making the server cough occasionally, you only see this at high IO times. ... What you MUST be aware of the the whapping security hole the guest account will drive into your network. ... Someone must have done an impact analysis for enabling the guest account on a default SBS install.. ... authentication and will use Exchange ...
      (microsoft.public.windows.server.sbs)
    • Re: Wits End with Networking
      ... If you are using Guest authentication, then is the Guest account on each ... If you are using classic authentication, ... on each of the computers? ... "net use" creates a drive letter for a remote sharable folder. ...
      (microsoft.public.windowsxp.network_web)
    • Re: "Identical" accounts on networked computers
      ... You can only access the computer with a valid username and the ... will attempt a second authentication through the Guest account, ... On Windows XP Home or on XP Pro ...
      (microsoft.public.windowsxp.network_web)
    • Re: Connect via workgroup
      ... authentication is done using the ... guest account as simple file sharing is always enabled on XP ... I do not know why it is using Guest instead of the User ID that I specified. ... I also activated the Guest account in XP for both machines. ...
      (microsoft.public.sqlserver.connect)
    • Re: Login failed for ServerGuest
      ... You can enable the guest account but that's a security risk ... For SQL ... although Windows Authentication is more secure than ...
      (microsoft.public.sqlserver.connect)