Sshd and key based authentication
Larry Hall (Cygwin)
reply-to-list-only-lh@cygwin.com
Wed Nov 20 23:00:00 GMT 2013
On 11/20/2013 12:37 PM, Andrea Venturoli wrote:
> On 11/18/13 10:17, Andrea Venturoli wrote:
>> On 11/18/13 09:22, Andrey Repin wrote:
>>
>>> Did you installed Cygwin LSA module?
>>> http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2
>>
>> I don't think so, but I can't check right now...
>>
>> Should I?
>
> Hello.
>
> Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted:
> still no luck.
>
> I raised the loglevel to DEBUG3 and verified sshd was *always* looking for
> /home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in.
>
> So, if I do "ln -s /home/user /home/cyg_server", then ssh user@server works
> without password prompt!!!
> Of course I know the security implications of this...
Hm, thinking about this a little more, if you're still trying to log in
with domain users, your best bet is probably option 3 in the Users
Guide. Since option 2 is using the Local Security Authority (LSA), it's
not going to get better at authenticating domain users than the default
mode unless the user you run the service as can authenticate domain
users. So in this respect, it's the same thing as the default option
(the first option in the Users Guide). Option 3 authenticates with the
password though so it should be much more like normal ssh password
authentication. Give it a try and let us know if my thought experiment
works in the real world. :-)
--
Larry
_____________________________________________________________________
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list