This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: sshd can't do publickey auth with .ssh linked to /cygdrive/c/rest/of/path
- From: Marc Bejarano <beej at alum dot mit dot edu>
- To: "Igor Pechtchanski" <pechtcha at cs dot nyu dot edu>
- Cc: cygwin at cygwin dot com
- Date: Wed, 05 Feb 2003 12:15:43 -0800
- Subject: Re: sshd can't do publickey auth with .ssh linked to /cygdrive/c/rest/of/path
- References: <5.2.0.9.2.20030204105352.034ad8d0@127.0.0.1>
i'm still not subscribed to this list so i would be grateful if i could be
left on the cc: line of this thread.
igor: thanks for you help. i appreciate you working through this with me :)
At 12:03 PM 2/4/2003, Igor Pechtchanski wrote:
>On Tue, 4 Feb 2003, Marc Bejarano wrote:
>> At 04:26 PM 2/3/2003, Igor Pechtchanski wrote:
>> >On Mon, 3 Feb 2003, Marc Bejarano wrote:
>> >> i tried to link my ~/.ssh to "/cygdrive/c/Documents and
>> >> Settings/<username>/Application Data/Van Dyke Technologies/SecureCRT/"
>> >> because i thought it was the most straight-forward way to share my
>identity
>> >> files. this breaks incoming publickey auth to cygwin openssh sshd.
>>
>> >> Authentication refused: bad ownership or modes for directory
/cygdrive/c
>>
>> >> d--------- 15 65535 65535 0 Feb 3 04:11 /cygdrive/c/
>>
>> >> so my question: is there a way to make this work? can i change the
>> >> mode/ownership bits on a /cygdrive mountpoint? or can i tell the
sshd to
>> >> be less security-conscious?
>> sshd thinks /cygdrive/c
>> is a directory. it is worried about the modes of the dir,
>> itself. unfortunately, even when i'm logged in as user Administrator, i
>> can't seem to make any changes to it:
>> [Administrator@beej-lap]/:{1}:$ chmod 755 /cygdrive/c
>> chmod: changing permissions of `/cygdrive/c': Permission denied
>>
>> and on the windoze side of things, i don't know how to set permissions for
>> a drive.
>Looks like Administrator is not the owner of that directory (and it is a
>directory, namely 'C:\').
>
>Sorry, mea culpa. I have a guess that the owner of 'C:\' is not
>Administrator, but rather the Administrators group (which Windows treats
>as a user). Please try regenerating /etc/passwd using
>
>$ mkpasswd -l -g > /etc/passwd
>
>(this will also add local groups as users to /etc/passwd) and post the
>output of 'ls -ld /cygdrive/c' again.
still no dice:
d--------- 15 65535 65535 0 Feb 4 04:49 /cygdrive/c/
>There's nothing magical about it...
>Once
>you see the correct owner/group names for the relevant directories, you
>can start tackling your sshd problem.
ok. no magic. :) but i'm still mystified, here.
>P.S. As long as your user has appropriate privileges, you should be able
>to change permissions with Cygwin tools (chown, chmod) just as easily as
>with Windows tools.
that's what i was hoping.
>FYI, however, to change Windows permissions,
>right-click on the directory name in Explorer and select Properties ->
>Security -> Advanced.
ahh.. that was what i should have done all along. i was looking in the
wrong place, so thought that there was no ownership for the root directory
of a drive in windows. obviously i should lay off the hard drugs ;)
>Once there, the Owner tab will show you the current
>owner, and the Permissions tab will let you change permissions.
righto. i didn't get as far as checking the owner tab before being tempted
to make changes on the permissions tab. i didn't see "Full Control" for my
username, so i clicked on "Add" and gave my local user "Full Control" and
told it to "Apply onto: This folder and files". it took forever to
complete what it was doing, but now cygwin can grok the perms:
drwxrwxr-x+ 15 Administ SYSTEM 0 Feb 4 04:49 /cygdrive/c/
and now that i finally check the owner tab, i see that the owner is indeed
the Adminstrators group. since i gave by username "Full Control", i could
change ownership to my username, so i did. i then had:
drwxrwxr-x+ 15 <user> SYSTEM 0 Feb 5 11:33 /cygdrive/c/
still no dice :( so i did a "chmod g-w /cygdrive/c" and then had:
drwxr-xr-x+ 15 <user> SYSTEM 0 Feb 5 11:33 /cygdrive/c/
new error:
Authentication refused: bad ownership or modes for directory /
perms:
drwxrwxr-x+ 10 Administ Administ 0 Feb 4 13:58 //
ok. that's ridiculous. i'm not changing the owner of / just so it'll be
more convenient to share the default key directory that scrt uses.
the real problem is that openssh checks ownership and modes up the tree
from the authorized_keys2 file until it hits your home dir. since my home
dir is under /home, it never hits that.
one trick that was immensely helpful was to install a separate sshd service
for use in debugging. i did:
cygrunsrv -I sshdtest -t manual -o -p /usr/sbin/sshd -a "-d -d -d -e -p 222"
this allowed me to "tail -f /var/log/sshdtest.log" and see what was going
on. my normal sshd service logs to the windoze event log which is much
less friendly to read.
oh well... at least i learned a thing or two along the way. i'm back to
just having a real .ssh dir and copying key files around between the
windoze world and the cygwin world.
thanks, again!
marc
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/