This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: Question about cygwin sshd and StrictModes

From: "Larry Hall (RFK Partners, Inc)" <lhall at rfk dot com>
To: "Matt Berney" <mberney at polyserve dot com>, "Cygwin List" <cygwin at cygwin dot com>
Date: Wed, 10 Dec 2003 15:57:23 -0500
Subject: RE: Question about cygwin sshd and StrictModes
References: <C75BC7A96CFE2C44B38C639E4362739E018A29A1@postman.ms.polyserve.com>

Clearly, you have not read the document I pointed to, or not read it
carefully, since the "procedure" you describe below does not use 
ssh-user-config.  While your procedure may do everything that is covered
in the README (implicitly or explicitly), it would be wise for you to 
review your procedure against the prescribed method and make sure there 
are no differences.  From a help-desk perspective, this list relies heavily
on the codified knowledge of these scripts.  No one is likely to spend much
time theorizing what your problem might be without a known baseline.  These 
scripts and tools are there to automate the process of installation with 
best practices.  You're free not to use them but you can't expect those of
us who monitor and respond on this list to debug everyone's custom 
installation.  Sorry if that's what you were expecting.  So maybe this 
amounts to "no-help" from your perspective.  If that's the case, you probably
won't be happy with any response you get from this list on this subject
at least.

Larry


At 12:17 PM 12/10/2003, Matt Berney you wrote:
>Thanks for the no-help.  I have already read all relevant documentation that I could find.  That is the reason for posting a message to the group.  In the future, if you wish to be helpful, please offer more than RTFM.
>
>
>
>-----Original Message-----
>From: Larry Hall [mailto:cygwin-lh@cygwin.com]
>Sent: Tuesday, December 09, 2003 7:40 PM
>To: Matt Berney; cygwin@cygwin.com
>Subject: Re: Question about cygwin sshd and StrictModes
>
>
>At 07:22 PM 12/9/2003, Matt Berney you wrote:
>>I have a question about the /etc/sshd_config file under cygwin.  I have cygwin v1.5.5 and openssh 
>>
>>Cygwin Package Information
>>Package                 Version
>>cygwin                  1.5.5-1
>>cygwin-doc              1.3-6
>>
>>openssh                 3.7.1p2-1
>>openssl                 0.9.7c-1
>>openssl-devel           0.9.7c-1
>>openssl096              0.9.6j-1
>>
>>What is the recommended technique to allow for ssh without passwords?  
>
>
>Read /usr/share/doc/Cygwin/openssh.README
>
>
>>Here is my procedure:
>>  1)  on the server, ssh-host-config
>>  2)  on the server, ssh-keygen -d (no passkey e.g. blank)
>>  3)  on the server, net start sshd
>>
>>  4)  on the client, ssh-keygen -d (no passkey e.g. blank)
>>  5)  on the client, scp ~/.ssh/id_dsa.pub qar50s1:
>>
>>  6)  on the server, cat id_dsa.pub >> .ssh/authorized_keys2
>>
>>All of this works just fine until I change the /etc/sshd_config file to set StrictModes to yes
>>
>>[sshd_config]
>>StrictModes yes
>>
>>
>>What do I have to do to make this work?  Here is the debug output:
>>
>>OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
>>debug1: Reading configuration data /etc/ssh_config
>>debug1: Connecting to qar50s1 [10.11.50.1] port 22.
>>debug1: Connection established.
>>debug1: identity file /home/mberney/.ssh/identity type -1
>>debug1: identity file /home/mberney/.ssh/id_rsa type -1
>>debug1: identity file /home/mberney/.ssh/id_dsa type 2
>>debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
>>debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
>>debug1: Enabling compatibility mode for protocol 2.0
>>debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
>>debug1: SSH2_MSG_KEXINIT sent
>>debug1: SSH2_MSG_KEXINIT received
>>debug1: kex: server->client aes128-cbc hmac-md5 none
>>debug1: kex: client->server aes128-cbc hmac-md5 none
>>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>debug1: Host 'qar50s1' is known and matches the RSA host key.
>>debug1: Found key in /home/mberney/.ssh/known_hosts:85
>>debug1: ssh_rsa_verify: signature correct
>>debug1: SSH2_MSG_NEWKEYS sent
>>debug1: expecting SSH2_MSG_NEWKEYS
>>debug1: SSH2_MSG_NEWKEYS received
>>debug1: SSH2_MSG_SERVICE_REQUEST sent
>>debug1: SSH2_MSG_SERVICE_ACCEPT received
>>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>>debug1: Next authentication method: publickey
>>debug1: Trying private key: /home/mberney/.ssh/identity
>>debug1: Trying private key: /home/mberney/.ssh/id_rsa
>>debug1: Offering public key: /home/mberney/.ssh/id_dsa
>>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>>debug1: Next authentication method: keyboard-interactive
>>debug1: Authentications that can continue: publickey,password,keyboard-interactive
>>debug1: Next authentication method: password
>>root@qar50s1's password:
>>
>>--
>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>Problem reports:       http://cygwin.com/problems.html
>>Documentation:         http://cygwin.com/docs.html
>>FAQ:                   http://cygwin.com/faq/
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- RE: Question about cygwin sshd and StrictModes
  - From: Matt Berney

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]