* Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
@ 2017-07-31 18:38 Pierre Souchay
2017-07-31 20:12 ` Corinna Vinschen
0 siblings, 1 reply; 6+ messages in thread
From: Pierre Souchay @ 2017-07-31 18:38 UTC (permalink / raw)
To: cygwin-apps
Hello,
Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 )
Regards
Pierre Souchay
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
2017-07-31 18:38 Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin Pierre Souchay
@ 2017-07-31 20:12 ` Corinna Vinschen
2017-07-31 21:07 ` Pierre Souchay
0 siblings, 1 reply; 6+ messages in thread
From: Corinna Vinschen @ 2017-07-31 20:12 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 667 bytes --]
On Jul 31 20:38, Pierre Souchay wrote:
> Hello,
>
> Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
>
> It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 )
Cygwin's OpenSSH is built from upstream sources only. Consequentially
this patch will go into Cygwin's OpenSSH package as soon as an official
OpenSSH version will be released with this patch.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
2017-07-31 20:12 ` Corinna Vinschen
@ 2017-07-31 21:07 ` Pierre Souchay
2017-08-01 8:54 ` Corinna Vinschen
2017-08-01 18:25 ` Achim Gratz
0 siblings, 2 replies; 6+ messages in thread
From: Pierre Souchay @ 2017-07-31 21:07 UTC (permalink / raw)
To: cygwin-apps
Hi Corinna,
> On 31 Jul 2017, at 22:12, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
>
> On Jul 31 20:38, Pierre Souchay wrote:
>> Hello,
>>
>> Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
>>
>> It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 )
>
> Cygwin's OpenSSH is built from upstream sources only. Consequentially
> this patch will go into Cygwin's OpenSSH package as soon as an official
> OpenSSH version will be released with this patch.
This patch can be applied on sources in current Cygwin repositories (aka openssh-7.4p1-1), so, if I understand well, you don't want to use the PATCH_URI mechanism of cygport to fix the issue and prefer me to do the fix upstream in OpenBSD source code?
(The issue being that root on CYGWIN is not uid=0 but uid=18 aka SYSTEM)
I'll send a patch to openbds maintainers as well, but since the patch is Cygwin centric, I expected it would take less time to be applied this way.
Regards
Pierre Souchay
>
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Maintainer cygwin AT cygwin DOT com
> Red Hat
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
2017-07-31 21:07 ` Pierre Souchay
@ 2017-08-01 8:54 ` Corinna Vinschen
2017-08-01 18:25 ` Achim Gratz
1 sibling, 0 replies; 6+ messages in thread
From: Corinna Vinschen @ 2017-08-01 8:54 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 1953 bytes --]
On Jul 31 23:07, Pierre Souchay wrote:
> Hi Corinna,
>
> > On 31 Jul 2017, at 22:12, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> >
> > On Jul 31 20:38, Pierre Souchay wrote:
> >> Hello,
> >>
> >> Please consider this patch: https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch
> >>
> >> It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwin (similar to https://github.com/openssh/openssh-portable/pull/72 )
> >
> > Cygwin's OpenSSH is built from upstream sources only. Consequentially
> > this patch will go into Cygwin's OpenSSH package as soon as an official
> > OpenSSH version will be released with this patch.
>
> This patch can be applied on sources in current Cygwin repositories
> (aka openssh-7.4p1-1), so, if I understand well, you don't want to use
> the PATCH_URI mechanism of cygport to fix the issue and prefer me to
> do the fix upstream in OpenBSD source code?
>
> (The issue being that root on CYGWIN is not uid=0 but uid=18 aka SYSTEM)
>
> I'll send a patch to openbds maintainers as well, but since the patch
> is Cygwin centric, I expected it would take less time to be applied
> this way.
This patch won't work as desired. How did you test it? UID 18, or
better S-1-5-18, has no relevance as the sole file owner SID for a long
time. You would have to test for the TrustedInstaller account as well.
Also, what about the files within the Cygwin installation? They are
owned by some admin account, but not by SYSTEM or TrustedInstaller.
For those, the check will still fail.
Yes, I prefer to fix the problem upstream. There are a couple of
Cygwin-specific patches in upstream portable OpenSSH. The guys are
accommodating, as long as the patch is not too intrusive.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
2017-07-31 21:07 ` Pierre Souchay
2017-08-01 8:54 ` Corinna Vinschen
@ 2017-08-01 18:25 ` Achim Gratz
2017-08-01 20:53 ` Pierre Souchay
1 sibling, 1 reply; 6+ messages in thread
From: Achim Gratz @ 2017-08-01 18:25 UTC (permalink / raw)
To: cygwin-apps
Pierre Souchay writes:
> (The issue being that root on CYGWIN is not uid=0 but uid=18 aka
> SYSTEM)
This is a misconception. There is no root user on Windows and
consequently there is none on Cygwin. There are multiple possibilities
of what could be usefully considered a proxy for root, so it's
inappropriate to hard-code some other SID instead.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin
2017-08-01 18:25 ` Achim Gratz
@ 2017-08-01 20:53 ` Pierre Souchay
0 siblings, 0 replies; 6+ messages in thread
From: Pierre Souchay @ 2017-08-01 20:53 UTC (permalink / raw)
To: cygwin-apps
Hello,
> On 1 Aug 2017, at 20:25, Achim Gratz <Stromeko@nexgo.de> wrote:
>
> Pierre Souchay writes:
>> (The issue being that root on CYGWIN is not uid=0 but uid=18 aka
>> SYSTEM)
>
> This is a misconception. There is no root user on Windows and
> consequently there is none on Cygwin. There are multiple possibilities
> of what could be usefully considered a proxy for root, so it's
> inappropriate to hard-code some other SID instead.
Well I am fine with that.
Practically speaking, the feature cannot work as it is right now, since nobody has uid=0 - so does not work on Cygwin.
In our infrastructure, all of Cygwin is installed as SYSTEM (uid=18), thus my patch (We are currently using a quite old version of Cygwin).
I am quite open to suggestions and would be glad to fix it the way you want.
Best Regards
Pierre Souchay
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-08-01 20:53 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-31 18:38 Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin Pierre Souchay
2017-07-31 20:12 ` Corinna Vinschen
2017-07-31 21:07 ` Pierre Souchay
2017-08-01 8:54 ` Corinna Vinschen
2017-08-01 18:25 ` Achim Gratz
2017-08-01 20:53 ` Pierre Souchay
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).