This is the mail archive of the
mailing list for the Cygwin project.
Re: Initial patch to implement partial auth with SSH2
- To: cygwin at cygwin dot com
- Subject: Re: Initial patch to implement partial auth with SSH2
- From: "Karl M" <karlm30 at hotmail dot com>
- Date: Mon, 23 Apr 2001 07:44:13 -0700
I am currently running OpenSSH 2.5.2p2 with multiple (sequential)
authentication modes in a WinNT/Win2k srvany sshd server environment. That
is: to login, I first type a passphrase for my ssh2 rsa (or dsa) key, then I
type the password on the local machine. It is working great and gives the
security improvement I was looking for.
For now, the recipe is as follows:
1) Download and install the latest CygWin code (including source for both
openssh and openssl).
2) Download Carson Gaspar's 3-28-01 patch from the OpenSSH Archives.
3) cd /openssh-2.5.2p2
4) ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin
5) edit defines.h, line 439 and uncomment the `#define USE_PIPES 1'
6) apply the Partial Authentication Patch
7) edit auth2.c, comment out the call to check_nt_auth at the end of
9) copy sshd.exe to /usr/sbin (stopping the sshd service as needed)
10) edit /etc/sshd_config, change Protocol whatever line to 'Protocol 2',
change StrictModes from yes to no, and add the following line near the
bottom of the file 'AuthOrder2 publickey:password'
You can now run the service from LocalSystem and have rsa/dsa authentication
from multiple users. The login sequence will now look like:
$ ssh localhost
Enter passphrase for key '/home/user/.ssh/id_rsa':
Authenticated with partial success.
Last login: Mon Apr 23 00:07:17 2001 from machine
I hope this is helpful.
Get your FREE download of MSN Explorer at http://explorer.msn.com
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple