Trouble with RSA authentication
Ross Smith II
ross@smithii.com
Thu Oct 31 09:10:00 GMT 2002
/usr/doc/Cygwin/openssh-3.4p1-5.README states that RSA authentication only
works if sshd runs under a user account (as opposed to the SYSTEM account).
To that end, I've created 2 shell scripts to allow one to "switch" from
running sshd as SYSTEM to running as a user, and visa versa.
These scripts will also fix the '/var/empty' problem, so they are worthwhile
to run once, even if you will never switch.
I haven't tried it, but you could probably even have a user and a SYSTEM
daemon running at the same time, by running one of the daemons on another
port via the -p option.
Attached and inline are the scripts.
I'll also put the latest versions up at http://www.netebb.com/cygwin/.
I'd love to see these incorporated into cygwin's openssh (or at least a user
contribs) package.
I'm not a cygwin wizard, so feedback is appreciated.
-Ross
#!/bin/sh
# $Id: sshd_user.sh $
case "$1" in
-h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h |
/he | /hel | /help | /?)
echo Usage: $0 [username] [password] ["CYGWIN options"] ["sshd options"]
exit 1
;;
*)
;;
esac
if [ -n "$1" ]
then
USER=$1
fi
CYGRUNSRV=
if [ -n "$2" ]
then
CYGRUNSRV="-w $2"
fi
if [ -n "$3" ]
then
CYGWIN=$3
fi
SSHD=""
if [ -n "$4" ]
then
shift
shift
shift
SSHD=$*
fi
cd
if [ ! -d .ssh ]
then
echo $0: Please run ssh-user-config first to create your .ssh directory.
exit 2
fi
chown ${USER}.None . .ssh /var/empty /etc/ssh_host_* /var/log/sshd.log
chmod 755 . .ssh
chmod 600 .ssh/*
chmod 644 .ssh/*.pub .ssh/authorized_keys? /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
-u ${USER} \
${CYGRUNSRV} \
-d "sshd as ${USER}" \
-p /usr/sbin/sshd.exe \
-1 /var/log/sshd.log \
-2 /var/log/sshd.log \
-a "-e -D ${SSHD} "
cygrunsrv --start sshd
#!/bin/sh
# $Id: sshd_system.sh $
case "$1" in
-h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h |
/he | /hel | /help | /?)
echo Usage: $0 [CYGWIN options...]
exit 0
;;
*)
;;
esac
if [ -n "$1" ]
then
CYGWIN="$*"
fi
SSHD=""
if [ -n "$4" ]
then
shift
shift
shift
SSHD=$*
fi
if [ ! -f /etc/ssh_host_key ]
then
echo $0: Please run ssh-host-config first to create your /etc/ssh_host_*
files.
exit 2
fi
chown SYSTEM.SYSTEM /var/empty /etc/ssh_host_* /var/log/sshd.log
chmod 600 /etc/ssh_host_*
chmod 644 /etc/ssh_host_*.pub /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
-d "sshd as SYSTEM" \
-p /usr/sbin/sshd.exe \
-1 /var/log/sshd.log \
-2 /var/log/sshd.log \
-a "-e -D ${SSHD}"
cygrunsrv --start sshd
> -----Original Message-----
> From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com]On Behalf
> Of Max Bowsher
> Sent: Thursday, October 31, 2002 4:29 AM
> To: Marcos Lorenzo; cygwin@cygwin.com
> Subject: Re: Trouble with RSA authentication
>
>
> Marcos Lorenzo <marcos@it.uc3m.es> wrote:
> > I finally got sshd working!
> >
> > But I cannot authenticate via RSA. I made the keygen with ssh-keygen
> > in my winbox and copied identity.pub to authorized_keys and identity
> > in my linbox (I have the same files in both machines). I really know
> > how ssh works in linux, but I have some troubles with RSA in cygwin.
> > Below is the message that I got:
> >
> > 12:16:21 marcos@laud~ ssh -i .ssh/identity.mozart -vvv mozart.lab -1
> > debug1: Connecting to mozart.lab [163.117.144.225] port 22.
> > debug1: Trying RSA authentication with key '.ssh/identity.mozart'
> > debug1: Server refused our key.
>
> Looks like the server logs with debugging enabled will hold the necessary
> info to debug this.
>
> Max.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd_user.sh
Type: application/octet-stream
Size: 1018 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20021031/e92208f1/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd_system.sh
Type: application/octet-stream
Size: 851 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20021031/e92208f1/attachment-0001.obj>
-------------- next part --------------
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list