This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
openssh AuthorizedKeysFile
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 06 Apr 2018 22:37:10 +0200
- Subject: openssh AuthorizedKeysFile
I've got a new server for Cygwin @work and wanted to get the sshd to run
with StrictMode on (it's been off on the old server). Long story short,
some accounts used for administrative tasks are contrained so that I
need to store the authorized_keys file directly on the server, so I
added /etc/ssh/%u/authorized_keys in front of the default
.ssh/authorized_keys. Unfortunately that only works if the same
administrative account has been used to install Cygwin itself, lest sshd
declares the directory /etc/ssh unsafe (or use StrictMode=no). I found
this patch that seems to address exactly the same situation:
https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
The code has since been refactored and a similar change would need to be
applied elsewhere. Interestingly enough there is some special handling
to _not_ check all the leading path components for the home directory
(otherwise it wouldn't work at all). In my reading of the refactored
code it seems that the same effect could be achieved by defining
PLATFORM_SYS_DIR_UID appropriately (although I would prefer if that was
configurable somewhere in a file). But it seems that for Cygwin that
symbol doesn't get defined at all?
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables