Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Aug 1 08:54:00 GMT 2017


On Jul 31 23:07, Pierre Souchay wrote:
> Hi Corinna,
> 
> > On 31 Jul 2017, at 22:12, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> > 
> > On Jul 31 20:38, Pierre Souchay wrote:
> >> Hello,
> >> 
> >> Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
> >> 
> >> It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 )
> > 
> > Cygwin's OpenSSH is built from upstream sources only.  Consequentially
> > this patch will go into Cygwin's OpenSSH package as soon as an official
> > OpenSSH version will be released with this patch.  
> 
> This patch can be applied on sources in current Cygwin repositories
> (aka openssh-7.4p1-1), so, if I understand well, you don't want to use
> the PATCH_URI mechanism of cygport to fix the issue and prefer me to
> do the fix upstream in OpenBSD source code?
> 
> (The issue being that root on CYGWIN is not uid=0 but uid=18 aka SYSTEM)
> 
> I'll send a patch to openbds maintainers as well, but since the patch
> is Cygwin centric, I expected it would take less time to be applied
> this way.

This patch won't work as desired.  How did you test it?  UID 18, or
better S-1-5-18, has no relevance as the sole file owner SID for a long
time.  You would have to test for the TrustedInstaller account as well.

Also, what about the files within the Cygwin installation?  They are
owned by some admin account, but not by SYSTEM or TrustedInstaller.
For those, the check will still fail.

Yes, I prefer to fix the problem upstream.  There are a couple of
Cygwin-specific patches in upstream portable OpenSSH.  The guys are
accommodating, as long as the patch is not too intrusive.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20170801/2d9e59bb/attachment.sig>


More information about the Cygwin-apps mailing list