This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SUMMARY sort of: OpenSSH public key authentication woes


On Wed, 28 Apr 2004 01:33 am, Larry Hall wrote:
> At 11:21 AM 4/27/2004, you wrote:
> >On Tue, 27 Apr 2004, Greg Rudd wrote:
> >> On Tue, 27 Apr 2004 02:12 am, Karl M wrote:
> >> > Hi Greg...
> >> >
> >> > Try setting your authorized_keys to 644 for now. If that doesn't work,
> >> > take a look at the problem reporting section on the Cygwin web page.
> >> > This list would need more information to help further.
> >>
> >> Doing the above does allow a local user to public key authenticate :-)
> >> but when I try to do the same thing with a domain user public key still
> >> fails but what is interesting is when I try to set the acl's for the
> >> .ssh directory to be the same as the local users the setfacl command
> >> fails with a error message setfacl function not implemented.  I notice
> >> that this message comes up when the ssh-user-config command is run for
> >> the first time.
> >>
> >> Is this error message occuring because the domain users home directory
> >> is mapped to a unc (which in this case is //machine/grudd) instead of a
> >> path name in the form of "/home/grudd"
> >
> >Most likely.  Add "smbntsec" to your CYGWIN environment variable.  Also,
> >you can hide the fact that it's on a remote machine by using "mount -s
> >//machine/grudd /home/grudd".
> >HTH,
> >    Igor
>
Thanks Igor works like a charm.

> But (anticipating the next question) the domain user won't be able to see
> your share through ssh and pubkey authentication unless it doesn't require
> Windows authentication to access it (i.e. it's accessible by "Everyone").
>
Hi Larry 

Correct me if I am wrong, but what you are infact saying is that a domain user 
( who when using password authentication is authenticating against a 
PDC/Active Directory Server) whose home directory is mapped to a unc  won't 
be able to use publickey without making their home directory open to all ( 
this a bad thing). So the way forward here would be to define the user as a 
local user to the machine and have their home directory mapped to the unc.

Also it is interesting to look at the debug messages from the sshd when the 
local user logs in using publickey the public key is read without any problem 
but the debug messages from the ssh daemon when the domain user logs in 
recognizes the existence of the key but refuses to accept it.

-greg

-greg



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]