From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22647 invoked by alias); 13 Feb 2019 16:26:21 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 22633 invoked by uid 89); 13 Feb 2019 16:26:21 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy= X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.17.24) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 13 Feb 2019 16:26:20 +0000 Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue108 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MowOm-1hQbHd2IV4-00qUgA; Wed, 13 Feb 2019 17:26:15 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id E6E3AA8071B; Wed, 13 Feb 2019 17:26:14 +0100 (CET) Date: Wed, 13 Feb 2019 16:26:00 -0000 From: Corinna Vinschen To: Bill Stewart Cc: cygwin@cygwin.com Subject: Re: sshd: computer name's case must match? Message-ID: <20190213162614.GA3718@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: Bill Stewart , cygwin@cygwin.com References: <20190213103200.GK3718@calimero.vinschen.de> <20190213122509.GL3718@calimero.vinschen.de> <20190213161029.GY3718@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LQAwcd5tHl0Qlnzi" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-SW-Source: 2019-02/txt/msg00127.txt.bz2 --LQAwcd5tHl0Qlnzi Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 926 On Feb 13 09:23, Bill Stewart wrote: > On Wed, Feb 13, 2019 at 9:10 AM Corinna Vinschen > wrote: >=20 > > This can't work correctly with OpenSSH. The decision to allow only > > the correct case in OpenSSH was made back in 2010, because otherwise > > we would need a lot of special rules in OpenSSH just for Cygwin. > > Sorry, but that's how it is. >=20 > Thanks for the explanation -- this is understandable. >=20 > In that case, the former arrangement before the patch was preferable. >=20 > That is: For DOMAIN+username or COMPUTERNAME+username, the part before > the "+" must be UPPERCASE, but the username is not case-sensitive. >=20 > IMO This is the simplest and most straightforward arrangement. No, that was a bug. With case insenitive usernames, the pattern matching in OpenSSH won't work and you create a potential security problem. Corinna --=20 Corinna Vinschen Cygwin Maintainer --LQAwcd5tHl0Qlnzi Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlxkRSYACgkQ9TYGna5E T6DnqxAAoORU+ix1ZF5uzt0xYAitbtx1mxze9tRsNnG9WvpNWBBvWW/1ZQ0/C8sY 5u0l4SYBx6vhMXw/QLSvj8U4abCRvXCSIOH3oQvS1dL6rmM6ZPjU1dDcgk1PUkUD XbYH+9zwr+NVQlUKnsc6hm0U/ST5Iuh1AMajqUoOCASzDN2/cJsgZnZZ+/o4sFPZ uTdqxGBwKywl67kK6098Bf3KnWCsiNtKr8x/HEexwGJwuoAbOewQLPE+0ziu9fMB dSq8+5UMJ5qv2KDvYkI9lQFM7aXNSrcI7l6J11ISbMBmuVFKWHUfzd1/sVRhZRA2 Wk391t5L96A8kwflEflVBUBiinQ3gFq/gJE7pTDtKwbLG7+h0HBtIU2GbiySnqKx f7TW9d60lpgH7QioA3upN9XOSU0se2hh/xOY1FErHs5hHmbY464suMbwKmVf3XY3 vZEwr2EJF7aTpLCuM8+qVJwAyDo/lkNu2IgUOfhJUkSHFP3QUnii7h8qtid7jo1W B/WSDejH0/wXCOtdSYxUrz0Vr0NU/CzyTSQf6NZ/hAFK0Om2qV3Nm+pFVgjUujI/ JBbiQepxtIpoEdlUAKZnTRQOXtGF/pa1uJTit8szXjue+4UtkrBDk75mDOdzErOq 4kpQscwzzW3Cxm+/dc4Veh1JQk2NIEEQsSvXM4j+cmcEhb5RZNQ= =NjKh -----END PGP SIGNATURE----- --LQAwcd5tHl0Qlnzi--