This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible Security Hole in SSHD w/ CYGWIN?

Erik Soderquist writes:
> I would suspect Domain Admin for the Cyg_server account is a
> requirement of David's environment, which neither of us know anything
> about at present.  I know I've had to do things that were not "best
> practice" due to corporate policy on more occasions than I care to
> count.

If that's the case, then security of the sshd is the least of your
worries and I wouldn't install sshd at all.

> Actually the Cygwin doc does include instructions for accessing
> network shares when using ssh public key authentication.

âwhich boil down to the password being stored (obscured) on the machine
running sshd in order for sshd to obtain the necessary authentication
via password-based login.

> Once again, assumptions.  While I can't explicitly vouch for David's
> environment, as I do not have access to check, I can vouch for mine,
> and mine was configured using sshd_host_config, with the only changes
> after sshd_host_config being regarding TCP and X tunneling.

I have to again make an assumption, namely that if cyg_server is a local
account you've checked the C$ share of the same server that sshd is
running on.  That's bad enough, shouldn't happen and needs fixing, but
at least you wouldn't be able to access any network shares from other
servers that weren't otherwise accessible for everybody.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for KORG EX-800 and Poly-800MkII V0.9:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]