This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Initial patch to implement partial auth with SSH2

Hi All...

I am currently running OpenSSH 2.5.2p2 with multiple (sequential) 
authentication modes in a WinNT/Win2k srvany sshd server environment. That 
is: to login, I first type a passphrase for my ssh2 rsa (or dsa) key, then I 
type the password on the local machine. It is working great and gives the 
security improvement I was looking for.

For now, the recipe is as follows:

1) Download and install the latest CygWin code (including source for both 
openssh and openssl).

2) Download Carson Gaspar's 3-28-01 patch from the OpenSSH Archives.

3) cd /openssh-2.5.2p2

4) ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin

5) edit defines.h, line 439 and uncomment the `#define USE_PIPES 1'

6) apply the Partial Authentication Patch

7) edit auth2.c, comment out the call to check_nt_auth at the end of 

8) make

9) copy sshd.exe to /usr/sbin (stopping the sshd service as needed)

10) edit /etc/sshd_config, change Protocol whatever line to 'Protocol 2', 
change StrictModes from yes to no, and add the following line near the 
bottom of the file 'AuthOrder2 publickey:password'

You can now run the service from LocalSystem and have rsa/dsa authentication 
from multiple users. The login sequence will now look like:

user@machine ~
$ ssh localhost
Enter passphrase for key '/home/user/.ssh/id_rsa':
Authenticated with partial success.
user@localhost's password:
Last login: Mon Apr 23 00:07:17 2001 from machine

user@machine ~

I hope this is helpful.


Get your FREE download of MSN Explorer at

Want to unsubscribe from this list?
Check out:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]