This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Is RSA authentication on SSH still broken?
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 7 Nov 2002 07:59:41 +0100
- Subject: Re: Is RSA authentication on SSH still broken?
- References: <BADF3C947A1BD54FBA75C70C241B0B9E90B9C8@ex02.idirect.net>
- Reply-to: cygwin at cygwin dot com
On Wed, Nov 06, 2002 at 07:19:40PM -0500, Harig, Mark A. wrote:
> >
> > chmod 755 $HOME/.ssh
> > chmod 644 $HOME/.ssh/authorized_keys*
> >
> > I had $HOME set to 700 and authorized_keys* to 600 before and that
> > somehow broke RSA authentication - it is odd that stricter permissions
> > would cause that. I suppose this is because the SYSTEM or
> > sshd user need
> > to read the keys and cannot without the appropriate privileges.
> >
>
> Could this be a bug in Cygwin's implementation of openssh?
It isn't. It's a problem with the permission model of NTFS. Even
though SYSTEM is *the* major player on the machine, it gets an
"access denied" if it has no permissions on a file. Don't ask for
my opinion on this behaviour.
However, since NTFS uses ACLs, you can give SYSTEM explicitely access
to the file:
[~/.ssh]$ chmod 600 authorized_keys
[~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: corinna
# group: root
user::rw-
group::---
mask::---
other::---
[~/.ssh]$ setfacl -m g:SYSTEM:r-- authorized_keys
[~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: corinna
# group: root
user::rw-
group::---
group:SYSTEM:r--
mask::---
other::---
HTH,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/