This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: problems with sshd and RSAAuthentication


Password authentication *truly* authenticates you, but ssh (without a 
password) uses NtCreateToken, which creates an authentication token 
without the need for a password. Unfortunately, this token is not 
unique- it cannot be, because it isn't generated with a unique 
username/password combination.  So the rights that you have when you use 
password authentication are very slightly different when you use 
RSAAuthentication.

How did you install sshd- "sshd --install-as-service"? Which user is 
running the sshd service- SYSTEM, or another user? You can check the 
mailing list archives to confirm this, but AFAIK there are limitations 
to ssh when you do not use password authentication, specifically with 
intricacies of user rights and accessing network shares.

HTH,
Peter

Peter Fales wrote:

> I'm currently trying to get sshd access to our Cygwin/Win2000 machine.  
> Currently it works well using password authentication, but I can't get
> it to use RSAAuthentication - it seems to be accepting the key, but
> then exits right away and creates a windows event log entry:
> 
> 10/26/2001      9:51:38 AM      1       0       0       sshd    NT AUTHORITY\SYSTEM             EXPNOVE sshd : Win32 Process Id = 0x470 : Cygwin Process Id = 0x470 : fatal: setuid 1000: Not owner
> 
> I know something like this has been discuseed before, and I've tried to 
> follow all the steps I can find documented:
> 
> 	- I've added "CYGWIN=ntsec tty" to the system environement
> 	- I've added these rights for the user that is running cygrunsrv
> 	  and the SYSTEM account:
> 		"Act as part of operating system" 
> 	        "Replace a process level token" 
>           	"Increase quotas" 
> 
> I'm at a loss to understand why this isn't working, particularly since
> it seems like password authentication would be doing pretty much the same
> thing.  Can anyone suggest what to try next?
> 
> 


-- 
-- 
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]

--


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]