This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: cannot access $HOME (on Samba) via ssh

From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu>
To: Harald Dunkel <harald dot dunkel at t-online dot de>
Cc: cygwin at cygwin dot com
Date: Tue, 11 Jan 2005 15:25:46 -0500 (EST)
Subject: Re: cannot access $HOME (on Samba) via ssh
References: <41E42508.3020400@t-online.de>
Reply-to: cygwin at cygwin dot com

On Tue, 11 Jan 2005, Harald Dunkel wrote:

> Igor Pechtchanski wrote:
> | <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch>, second
> | paragraph.
> | HTH,
> | 	Igor
>
> Sorry, but this does not help.
>
> If I got this right, then you assume that either sshd or the login
> process started by sshd are running as SYSTEM, and the bash started
> later inherits the restricted network access somehow, making an
> access to shares which require an authentication impossible.

Yes, I'm assuming both of those things.  If sshd runs as any user but
SYSTEM (unless that user also has SYSTEM's capabilities as described in
the above link, in which case it might as well be SYSTEM), then no other
user will be able to log in using that sshd instance.  And yes, bash
started from sshd does inherit the authentication token, which is used to
attempt to authenticate with network shares.

I believe you missed the fact that the above link talks about
*passwordless* authentication.  The authentication token constructed by
sshd won't contain the password, and therefore cannot be used to access
network shares that require authentication.  This is a Windows limitation,
and Cygwin can't do anything about it.

> :-(
>
> Please note that ssh and rsh are typical applications of users used
> to work on remote machines in a LAN. If you take away the network
> access to their home directory and all other shares, then this is a
> very severe restriction. And making a network share accessible
> without any authentication is usually not an option, either.
>
> Not a good deal.

Authenticating using the user's password will not restrict the access.
An alternative is to change the authentication mechanism for the shares.
FWIW, the same problem exists with Unix filesystems that require
authentication, notably DFS.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: cannot access $HOME (on Samba) via ssh
  - From: Harald Dunkel

References:
- Re: cannot access $HOME (on Samba) via ssh
  - From: Harald Dunkel

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]