This is the mail archive of the
mailing list for the Cygwin project.
RE: Possible Security Hole in SSHD w/ CYGWIN?
- From: "David Willis" <david_willis at comcast dot net>
- To: <cygwin at cygwin dot com>
- Date: Sat, 13 Feb 2016 17:29:25 -0800
- Subject: RE: Possible Security Hole in SSHD w/ CYGWIN?
- Authentication-results: sourceware.org; auth=none
- References: <019c01d163bc$fe2fc500$fa8f4f00$ at comcast dot net> <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ at mail dot gmail dot com> <019e01d163c2$d678c7e0$836a57a0$ at comcast dot net> <023901d165e4$925507d0$b6ff1770$ at comcast dot net> <87d1s1c8ld dot fsf at Rainer dot invalid> <024901d166a3$a6930390$f3b90ab0$ at comcast dot net> <CACoZoo14+ko0TZS1NtAh8R6DknAF_aoWAb1r+Nx3H+AWr_1o+w at mail dot gmail dot com>
- Reply-to: <cygwin at cygwin dot com>
Hmm, storing the password in the registry would probably not be optimal... I
would probably rather deal with lack of network share access from SSH
sessions than store a plaintext password (haven't tested it so I can't say
for sure, but since I see no mention of encrypting or hashing the password
I'm guessing it is stored in plaintext)...
For authenticated access within a session, I would think it would be better
if the user was prompted to enter their password when attempting to access a
share, similar to what happens when attempting to access a share via Windows
Explorer (if you don't already have access with your currently logged on
credentials). I think based on everything I've found out this would be the
best solution to this scenario for SSH users that log in using key
And to your second point, that is also what I would expect, is that if
anything there would be NO network access, rather than access based on the
account that the sshd process is running as, regardless of its access.
However what I gathered from Achim's message is that the access level of
cyg_server is precisely the reason the user would have network share access
with that account's privileges.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of
Sent: Saturday, February 13, 2016 4:34 PM
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
On Sat, Feb 13, 2016 at 4:15 PM, David Willis wrote:
> So you're telling me any user that logs in using key authentication
> cannot access the network as the same user (i.e. this is the intended
> behavior)? If that's the case wouldn't it be better not to allow
> network access at ALL, rather than allowing it as the service account that
sshd is running as?
Responding to only this one piece at present
-R, --reg-store-pwd enter password to store it in the registry for
later usage by services to be able to switch
to this user context with network credentials.
Don't use this feature if you don't need network access within a remote
session. You can delete your stored password by using `passwd -R' and
specifying an empty password.
Since there are explicit instructions on how to store your Windows password
in a way that Cygwin sshd (and other Cygwin services) can use the password
for network authentication and that it says not to store the credentials if
you do not need network access when authenticating via public key, I would
make the logical assumptions that
#1: authenticated network access is supposed to be possible inside a public
key authenticated ssh session
#2: without storing the password as described, I should have no network
access at all, not the cyg_server account's network access (regardless of
how much or little access the cyg_server account has).
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple