* SSHD pubkey authentication
@ 2001-04-24 4:36 Lapo Luchini
2001-04-24 5:53 ` Corinna Vinschen
2001-04-24 6:17 ` Mail list page Vince Rice
0 siblings, 2 replies; 7+ messages in thread
From: Lapo Luchini @ 2001-04-24 4:36 UTC (permalink / raw)
To: cygwin
It is possible to use pubkey authentication on NT?
I played a lot with ntsec,nontsec,ntea,nontea starting serrvice as
SYSTEM or as administrator
Result is that the SYSTEM user can't access
/home/*/.ssh/authorized_keys[2] no matter the modes or owners, only way
to use pubkey auth is to start the service as the user that wants to
connect, not a real solution..
As anyone got better?
I mean using the OpenSSH distro available now.
Thanks =)
--
Lapo 'Raist' Luchini
lapo@lapo.it (PGP & X.509 keys available)
http://www.lapo.it (ICQ UIN: 529796)
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: SSHD pubkey authentication
2001-04-24 4:36 SSHD pubkey authentication Lapo Luchini
@ 2001-04-24 5:53 ` Corinna Vinschen
2001-04-24 6:17 ` Mail list page Vince Rice
1 sibling, 0 replies; 7+ messages in thread
From: Corinna Vinschen @ 2001-04-24 5:53 UTC (permalink / raw)
To: cygwin
On Tue, Apr 24, 2001 at 01:36:23PM +0200, Lapo Luchini wrote:
> It is possible to use pubkey authentication on NT?
> I played a lot with ntsec,nontsec,ntea,nontea starting serrvice as
> SYSTEM or as administrator
>
> Result is that the SYSTEM user can't access
> /home/*/.ssh/authorized_keys[2] no matter the modes or owners, only way
> to use pubkey auth is to start the service as the user that wants to
> connect, not a real solution..
>
> As anyone got better?
The reason is the restriction for changing user context on NT/W2K.
You can do this only by providing the password of that user, even
if the process is running under LocalSystem account.
> I mean using the OpenSSH distro available now.
I don't understand what you try to say with that sentence.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Mail list page
2001-04-24 4:36 SSHD pubkey authentication Lapo Luchini
2001-04-24 5:53 ` Corinna Vinschen
@ 2001-04-24 6:17 ` Vince Rice
2001-04-24 8:29 ` Christopher Faylor
1 sibling, 1 reply; 7+ messages in thread
From: Vince Rice @ 2001-04-24 6:17 UTC (permalink / raw)
To: cygwin
I had reason to go to the mail list page today (where you go when you click
the "unsubscribe" at the bottom of a message), and the Cygwin link doesn't
work. I tried several others, and they worked fine. I was going to send
this comment to "Suggestions", but that link didn't work either <g>.
Vince
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Mail list page
2001-04-24 6:17 ` Mail list page Vince Rice
@ 2001-04-24 8:29 ` Christopher Faylor
0 siblings, 0 replies; 7+ messages in thread
From: Christopher Faylor @ 2001-04-24 8:29 UTC (permalink / raw)
To: cygwin
On Tue, Apr 24, 2001 at 08:21:19AM -0500, Vince Rice wrote:
>I had reason to go to the mail list page today (where you go when you click
>the "unsubscribe" at the bottom of a message), and the Cygwin link doesn't
>work.
I'll rectify this. In the meantime you'll have to make do with using the
cygwin web page: http://cygwin.com/ . I would suggest that this is probably
a good starting place for all cygwin inquiries.
>I tried several others, and they worked fine. I was going to send this
>comment to "Suggestions", but that link didn't work either <g>.
I'm not sure what <g> means but if you have found an inoperable link, please
send the URL here.
cgf
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: SSHD pubkey authentication
@ 2001-04-24 5:58 Lapo Luchini
0 siblings, 0 replies; 7+ messages in thread
From: Lapo Luchini @ 2001-04-24 5:58 UTC (permalink / raw)
To: cygwin
> The reason is the restriction for changing user context on NT/W2K.
> You can do this only by providing the password of that user, even
> if the process is running under LocalSystem account.
I feared that =(
Thanks anyway for the confirm =)
> > I mean using the OpenSSH distro available now.
> I don't understand what you try to say with that sentence.
I meant something like: please don't answer me "just patch, hack,
recompile and you can do it"
The problem with recompiling is that I must use ssh in a system which is
not mine ans they would not accept to use a "ercompiled" version of ssh.
Anyway the problem is at the source of W2K authentication as you said,
so there is no such problem...
--
Lapo 'Raist' Luchini
lapo@lapo.it (PGP & X.509 keys available)
http://www.lapo.it (ICQ UIN: 529796)
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: SSHD pubkey authentication
@ 2001-05-01 7:34 Lapo Luchini
2001-05-02 6:17 ` Corinna Vinschen
0 siblings, 1 reply; 7+ messages in thread
From: Lapo Luchini @ 2001-05-01 7:34 UTC (permalink / raw)
To: cygwin
> The reason is the restriction for changing user context on NT/W2K.
> You can do this only by providing the password of that user, even
> if the process is running under LocalSystem account.
>
But then how can IIS authenticate (in https) using only private key?
Of course they have some special access to some special not documented
API to change active user?
--
Lapo 'Raist' Luchini
lapo@lapo.it (PGP & X.509 keys available)
http://www.lapo.it (ICQ UIN: 529796)
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: SSHD pubkey authentication
2001-05-01 7:34 Lapo Luchini
@ 2001-05-02 6:17 ` Corinna Vinschen
0 siblings, 0 replies; 7+ messages in thread
From: Corinna Vinschen @ 2001-05-02 6:17 UTC (permalink / raw)
To: cygwin
On Tue, May 01, 2001 at 04:34:05PM +0200, Lapo Luchini wrote:
> > The reason is the restriction for changing user context on NT/W2K.
> > You can do this only by providing the password of that user, even
> > if the process is running under LocalSystem account.
> >
> But then how can IIS authenticate (in https) using only private key?
>
> Of course they have some special access to some special not documented
> API to change active user?
No, they are using a so-called "subauthentication package". I'm just
preparing one for Cygwin but the information which are provided by
Microsoft are very spare. However, we will be able to login to a
system without a password in future but with substantial constraints,
probably. A logon without password will not be able to connect to network
drives unless somebody can show me how to solve that problem.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2001-05-02 6:17 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-04-24 4:36 SSHD pubkey authentication Lapo Luchini
2001-04-24 5:53 ` Corinna Vinschen
2001-04-24 6:17 ` Mail list page Vince Rice
2001-04-24 8:29 ` Christopher Faylor
2001-04-24 5:58 SSHD pubkey authentication Lapo Luchini
2001-05-01 7:34 Lapo Luchini
2001-05-02 6:17 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).