From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9260 invoked by alias); 20 Nov 2013 23:00:57 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 9245 invoked by uid 89); 20 Nov 2013 23:00:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-HELO: vms173009pub.verizon.net Received: from Unknown (HELO vms173009pub.verizon.net) (206.46.173.9) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 20 Nov 2013 23:00:55 +0000 Received: from [192.168.1.231] ([unknown] [74.104.179.122]) by vms173009.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0MWL003MZ3WTSU20@vms173009.mailsrvcs.net> for cygwin@cygwin.com; Wed, 20 Nov 2013 17:00:34 -0600 (CST) Message-id: <528D3F0F.4070405@cygwin.com> Date: Wed, 20 Nov 2013 23:00:00 -0000 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: Sshd and key based authentication References: <5289C8BD.1010109@netfence.it> <1679047089.20131118122233@mtu-net.ru> <5289DB39.7030408@netfence.it> <528CF357.3020000@netfence.it> In-reply-to: <528CF357.3020000@netfence.it> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit X-SW-Source: 2013-11/txt/msg00371.txt.bz2 On 11/20/2013 12:37 PM, Andrea Venturoli wrote: > On 11/18/13 10:17, Andrea Venturoli wrote: >> On 11/18/13 09:22, Andrey Repin wrote: >> >>> Did you installed Cygwin LSA module? >>> http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 >> >> I don't think so, but I can't check right now... >> >> Should I? > > Hello. > > Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted: > still no luck. > > I raised the loglevel to DEBUG3 and verified sshd was *always* looking for > /home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in. > > So, if I do "ln -s /home/user /home/cyg_server", then ssh user@server works > without password prompt!!! > Of course I know the security implications of this... Hm, thinking about this a little more, if you're still trying to log in with domain users, your best bet is probably option 3 in the Users Guide. Since option 2 is using the Local Security Authority (LSA), it's not going to get better at authenticating domain users than the default mode unless the user you run the service as can authenticate domain users. So in this respect, it's the same thing as the default option (the first option in the Users Guide). Option 3 authenticates with the password though so it should be much more like normal ssh password authentication. Give it a try and let us know if my thought experiment works in the real world. :-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple