This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Is RSA authentication on SSH still broken?


> 
> chmod 755 $HOME/.ssh
> chmod 644 $HOME/.ssh/authorized_keys*
> 
> I had $HOME set to 700 and authorized_keys* to 600 before and that
> somehow broke RSA authentication - it is odd that stricter permissions
> would cause that. I suppose this is because the SYSTEM or 
> sshd user need
> to read the keys and cannot without the appropriate privileges.
> 

Could this be a bug in Cygwin's implementation of openssh?

Try the following in a bash shell:

$ /usr/bin/mv  ~/.ssh  ~/save.ssh
$ /usr/bin/ssh-keygen -t rsa -C "some useful comment"

Then respond to the 'ssh-keygen' prompts by simply
pressing [Enter] (or [Return]).  ssh-keygen will
create a new ~/.ssh directory for you, along with
the requested ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
files.

After ssh-keygen has completed, set up your
authorized_keys2 file:

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2

$ ls -ld ~/.ssh

ssh-keygen created a ~/.ssh directory with the
permissions set to 700.  (These permissions match
what ssh-keygen does on my Linux installation.)
But if you attempt to connect to your Cygwin system
via ssh, you'll find that you cannot, unless you make
the permissions less restrictive, that is
"chmod 755 ~/.ssh".

Similarly, if ~/.ssh/authorized_keys* is set to 600
on Linux, then ssh works without errors, but if you set
the file permissions to 644, then it might work, but
I have had some versions of ssh issue a warning that
the permissions for ~/.ssh/authorized_keys are "too open".
In other words, ssh should work with the more secure
setting of 600, but does not on Cygwin.

In the meantime, the following rules appear to be in effect:

Cygwin:

    chmod 755 ~/.ssh
    chmod 644 ~/.ssh/authorized_keys*

Non-Cygwin:

    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys*

---

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]