From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1812 invoked by alias); 18 Nov 2013 08:35:22 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 1741 invoked by uid 89); 18 Nov 2013 08:35:21 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=6.2 required=5.0 tests=AWL,BAYES_99,FREEMAIL_FROM,KAM_THEBAT,RDNS_NONE,SPF_SOFTFAIL,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: smtpback.ht-systems.ru Received: from Unknown (HELO smtpback.ht-systems.ru) (78.110.50.181) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Mon, 18 Nov 2013 08:35:20 +0000 Received: from [91.78.166.180] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) id 1ViKIR-00040D-M0; Mon, 18 Nov 2013 12:35:03 +0400 Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Mon, 18 Nov 2013 08:22:33 -0000 Date: Mon, 18 Nov 2013 08:35:00 -0000 From: Andrey Repin Reply-To: Andrey Repin Message-ID: <1679047089.20131118122233@mtu-net.ru> To: Andrea Venturoli , cygwin@cygwin.com Subject: Re: Sshd and key based authentication In-Reply-To: <5289C8BD.1010109@netfence.it> References: <5289C8BD.1010109@netfence.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-11/txt/msg00305.txt.bz2 Greetings, Andrea Venturoli! > I'm trying to set up sshd on a Windows 2003 domain controller. > Everything works with password authentication; however I need this for a > script, so, in order to get non-interactive login, I must use keys. > Tried as hard as I could, but I could not achieve this: I'm always asked > for a password. > I read several posts which say I need to use local accounts, not domain > accounts; however, the machine being a DC, I don't have Local security > policy or Local users in Control panel or Administrative tool. > So, this is the fragment from my /etc/passwd: >> sshd:unused:2259:513:sshd privsep,U-MYDOMAIN\sshd,S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX:/var/empty:/bin/false >> cyg_server:unused:2265:513:cyg_server,U-MYDOMAIN\cyg_server,S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXXX-XXXX:/home/cyg_server:/bin/bash > "ssh -vvv" suggest the key is presented to the server, but key > authentication does not succeed anyway. Nothing special is logged > server-side and ssh moves on to password authentiation. > On with the questions... > Is this supposed to work? Several posts say so, but no one mentions a > domain controller... Does it bring in anything special? Not that I know of. > Are the above users correct? Any problem with it? They are irrelevant. Both only used to start up the service. > What are correct ownership and permissions of /home, /home/myuser, > /home/myuser/.ssh and /home/myuser/.ssh/authorized_keys? sshd only check permissions on $HOME/.ssh and authorized_keys (as far as I'm aware) - they need to be (as a safest bet) owned by user logging in and don't have write permission by anyone except the owner (and SYSTEM). > According to some how-tos, ssh-host-confing should have prompted with > "CYGWIN=" and I should have replied "tty ntsec", Long time gone. http://cygwin.com/cygwin-ug-net/using-cygwinenv.html#cygwinenv-removed-options > but this did not > happen. Other how-tos suggest putting this variable in the environment. > Is this information current or obsolete? I tried and it didn't seem to > matter... > Any other hint? Did you installed Cygwin LSA module? http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 -- WBR, Andrey Repin (anrdaemon@yandex.ru) 18.11.2013, <12:13> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple