This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin ssh and Windows authentication

Hi Andrey.
So why are they not needed as your comment doesn't really explain that and how exactly did I screwed up my setup if I can actually access the server with a domain user account no problem? Perhaps it's not how it works but it somehow works so again would be good to know why. It's only domain groups that don't work. Even if I set the service account to run under a domain account how would this fix my problem with group access assuming in current setup it works for domain users but not for groups? Again if not the /etc/passwd or /etc/group files then what controls the access?

On 2015-07-20 00:38, Andrey Repin wrote:
Greetings, Jarek!

I'm still quite new to Cygwin. I'm using the most recent version to
install the ssh component on Server 2012R2 member server since it
happened to become a requirement for certain users. The problem I have
is to understand how to allow access for domain groups. I read the new
version doesn't even need the /etc/passwd and /etc/group files any more
but I couldn't see any explanation as to how to allow users or groups
permission to ssh to the cygwin sshd server.
Short version is that you need SSH server running under domain user.
Which needs to be created prior to starting ssh-host-config.

Running ssh-host-config answering yes to all questions except the one for
using other user than the cyg_server I set up the ssh daemon. Not knowing
any other way I created the /etc/passwd file with $mkpasswd -l > /etc/passwd
These files no longer need, but in your specific case, you actually just
screwed your setup.

which dumped all local users into the file. I successfully added a domain user
with $mkpasswd -u [domain_user] -D [domain] >> /etc/passwd.
That's not how it works.

This worked just fine creating the /home/[user] folder I think although
I haven't checked if it didn't get created earlier since I installed
Cygwin under that user account.  No idea though how to get this working
without the use of /etc/passwd file. I then created the /etc/group file
and added my selected domain user group to it. Unfortunately in this
case members of the group cannot connect via ssh. I don't know if there
is a way to list all users including group members with access
permissions. $net user lists only users. I tried $net group but this
seems to be limited to DCs only which I have no access to. Could someone
please explain how can this be set up and what tellls Cygwin who can
connect and who can't?
It was there all the time.

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]