This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible Security Hole in SSHD w/ CYGWIN?

David Willis <david_willis <at>> writes:
> To reproduce, connect via SSH (from either a Linux or CYGWIN/Windows client)
> to a CYGWIN-based SSHD server using a normal privileged user account (an
> account preferably that is not an admin either on the client or server
> machine). Once connected to the Windows SSHD server, CD to a UNC path of a
> network share. Once CD'd to that path, check Computer Management on that
> server, and go to Shares->Open Sessions, and you will see that the user
> connected is the privileged SSHD server account (and it will obviously show
> as being connected from the machine you are SSH'd into).

Did you read, configured sshd
and the user accounts correctly and are logging in with a password using
either of the methods described?

FWIW, I'm seeing the connected user as the one that I logged into via ssh. 
In fact the sshd user account doesn't have any network access rights anyway,
so I couldn't connect to any network share if that acount would be used.


Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]