Re: openssh / cygwin : public key authentication
From: Emmanuel Guyot (emmguyot@wanadoo.fr)Date: 05/20/02
- Next message: alba61: "take a look for a very good link"
- Previous message: Sreelatha: "OpenSSH and SSH Agent."
- In reply to: Nico Kadel-Garcia: "Re: openssh / cygwin : public key authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Emmanuel Guyot" <emmguyot@wanadoo.fr> Date: Mon, 20 May 2002 14:39:34 +0200
First I encountered the problem with th following setup :
- I use W2000, Cygwin (last release) and openssh 3.1p1
- The sshd is launch by user "a" which exist in W2000 and the association is
made in the passwd file.
- When I use public key authentication from a remote host to this one as
user "a", it works fine.
- When I use public key authentication from a remote host to this one as
user "b", it doesn't work. When I activate full debug trace, I see that
authentication works fine but the process seem to fail to start resulting in
a non connection.
- When I use password authentication with user "b" it works fine.
I've read the openssh-3.1p1-1.README which include the following :
*** BEGIN QUOTE ***
- If you want to be able to login to different user accounts you'll
have to start sshd under system account or any other account that
is able to switch user context. Note that administrators are _not_
able to do that by default! You'll have to give the following
special user rights to the user:
"Act as part of the operating system"
"Replace process level token"
"Increase quotas"
and if used via service manager
"Logon as a service".
The system account does of course own that user rights by default.
Unfortunately, if you choose that way, you can only logon with
NT password authentification and you should change
/etc/sshd_config to contain the following:
PasswordAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
However you can login to the user which has started sshd with
RSA authentication anyway. If you want that, change the RSA
authentication setting back to "yes":
RSAAuthentication yes
*** END QUOTE ***
So it seems to me that it is a known problem.
Though if there is a workaround, please tell me.
Emmanuel Guyot
8 Rue des Montées
45100 Orléans
France
http://www.increg.com
"Nico Kadel-Garcia" <nkadel@bellatlantic.net> a écrit dans le message de
news: dbtF8.18135$8M5.10881@nwrddc01.gnilink.net...
>
> ??? Why ever not? I'm aware of at least one company with several thousand
> Windows boxes that I believe does exactly this.
>
> Now mind you: OpenSSH and Cygwin are not exactly using the same concept of
a
> "user" as DOS or NT. (Remember Win3.xx and Win9.x and WinME are all
graphic
> window systems sitting on top of a DOS kernel, NT is a graphical interface
> sitting on top of David Cutler's kernel stolen from DEC and is basically
an
> upgraded VMS.)
>
> What exactly is the difficulty you refer to?
>
>
- Next message: alba61: "take a look for a very good link"
- Previous message: Sreelatha: "OpenSSH and SSH Agent."
- In reply to: Nico Kadel-Garcia: "Re: openssh / cygwin : public key authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
