This is the mail archive of the
mailing list for the Cygwin project.
Re: 1.7 Public Key Authentication problem
- From: shane fenton <fenton dot shane at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 4 Feb 2010 19:30:33 +1000
- Subject: Re: 1.7 Public Key Authentication problem
Thanks for the info - I wasn't aware of passwd -R - just tried it and
it works which is a good relief.
It's a dev lab - anyone with access to the keys is allowed full rights
to the machines - so security not a major concern.
BTW - I had installed cyglsa-config and rebooted and gave the users
the "Act as part of OS" right - but it doesn't work for me. I must be
missing something .....
Thanks again - you've saved me considerable problems!
On 2010/02/03 10:07 PM, shane fenton wrote:
> First time poster - so hopefully will get it right :)
> Cygwin 1.7 installed on approx 10 machines - XP /2008
> domain cyg_server user created
> Added above user to Quotas/create token/replace token & log on as
> service & local admins on pc's
> added cyg_server to passwd file
> ssh-host-config (found above user and used it and did the right perms
> on /var/empty & /var/log/sshd.log )
> added domain user accounts to passwd & domain users group > group
You didn't mention whether you set up the LSA authentication package
(with /usr/bin/cyglsa-config), or used 'passwd -R' for each user. Did
you try either of those?
The Cygwin User Guide goes into great detail about the methods of
changing user context, in this chapter:
The gist of that chapter is this: If you want to be able to login via
ssh as a user that is not running the sshd daemon, you have basically
(1) Provide a valid Windows password to the sshd daemon, either
interactively (which you obviously don't want to do, since you're
attempting public key auth), or stored statically in the registry via
(2) Use the LSA authentication package. Bear in mind that if you use
this option to avoid giving sshd your password entirely, I believe that
certain privileges are withheld from the logged in user. [I don't
remember exactly what privs are missing in this case... access to
network resources maybe?]
Hope this helps,
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple