This is the mail archive of the
mailing list for the Cygwin project.
Re: CYGWIN - As admin setup other users SSH for them?
- From: "Roger Vicker, CCP" <rvicker at vicker dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 10 Jun 2014 15:56:09 -0500
- Subject: Re: CYGWIN - As admin setup other users SSH for them?
- Authentication-results: sourceware.org; auth=none
- References: <lmo56t$us6$1 at ger dot gmane dot org> <5390204E dot 2050300 at etr-usa dot com>
- Reply-to: rvicker at vicker dot com
On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that:
> On 6/4/2014 16:05, Roger Vicker, CCP wrote:
>> 3) deliver the private key to the user along with the rest of the
>> instructions on how to use it in the provided apps.
> How were you planning on delivering these sensitive private keys? Via
> insecure email, perhaps?
These particular users are barely computer literate so I would be
copying the private keys directly to their Android devices and setting
up the apps that need to use SSH as a tunnel to connect to their server
> Use ssh as it was designed: have the users generate their own local
> keypairs, and have them email the public key to you. The words we use
> here mean something. The *public* key goes out over the public link,
> and the *private* key stays at home.
I know security. That is why we are implementing SSH with keys to
further secure a remote protocol. VPN is not as practical given the
level of the users, the specific remote devices and app.
> It's not like the commands are difficult. They set up a local Cygwin,
> add the openssh package, then say:
> $ ssh-keygen
> ...press Enter a bunch of times...
> $ cat ~/.ssh/id_rsa.pub > /dev/clipboard
> ...compose email to rvicker, paste
>> With out their passwords I can't login to establish their $home
>> directory structure,
> Take a look at /etc/profile, starting at line 75. See the stuff about
> /etc/skel? That's how the user's home directory gets set up. Nothing
> magic here. You could cut those couple-dozen lines into a new script
> and tweak it for your purposes.
> The only trick is that if you do all this as administrator, you'll
> have to say something like
> # chown -R otheruser.otheruser ~otheruser
> after you get done setting up the user's home directory.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple