From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26343 invoked by alias); 18 Nov 2013 18:11:06 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 26252 invoked by uid 89); 18 Nov 2013 18:11:05 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: vms173003pub.verizon.net Received: from Unknown (HELO vms173003pub.verizon.net) (206.46.173.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 18 Nov 2013 18:11:04 +0000 Received: from [192.168.1.231] ([unknown] [74.104.179.122]) by vms173003.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0MWH0019015QG990@vms173003.mailsrvcs.net> for cygwin@cygwin.com; Mon, 18 Nov 2013 12:10:44 -0600 (CST) Message-id: <528A581F.2060607@cygwin.com> Date: Mon, 18 Nov 2013 18:11:00 -0000 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: Sshd and key based authentication References: <5289C8BD.1010109@netfence.it> In-reply-to: <5289C8BD.1010109@netfence.it> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit X-SW-Source: 2013-11/txt/msg00318.txt.bz2 On 11/18/2013 2:58 AM, Andrea Venturoli wrote: > Hello. > > I'm trying to set up sshd on a Windows 2003 domain controller. > Everything works with password authentication; however I need this for a > script, so, in order to get non-interactive login, I must use keys. > Tried as hard as I could, but I could not achieve this: I'm always asked for > a password. > Is this supposed to work? Several posts say so, but no one mentions a domain > controller... Does it bring in anything special? If you want/have to use domain user logins, then you need to create a domain equivalent of 'cyg_server'. You can use the scripts that 'ssh-host-config' uses as a guide to do this but the actual process must be done by hand and you need access and permission on your domain controller to set this up. 'ssh-host-config' will not handle this case for you. > Are the above users correct? Any problem with it? For local users, no, no problem. > What are correct ownership and permissions of /home, /home/myuser, > /home/myuser/.ssh and /home/myuser/.ssh/authorized_keys? 'ssh-host-config' will set these up for you. I suggest you use it. > According to some how-tos, ssh-host-confing should have prompted with > "CYGWIN=" and I should have replied "tty ntsec", but this did not happen. > Other how-tos suggest putting this variable in the environment. > Is this information current or obsolete? I tried and it didn't seem to > matter... Yes, this information is obsolete. This is the main reason we recommend not using various How-To guides that you'll find littered around the Internet. > Any other hint? If a domain service account isn't an option, look at the other options listed in the User's Guide: Method 2 or 3 might be sufficient for your need. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple