From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28188 invoked by alias); 5 Nov 2002 23:55:03 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 28181 invoked from network); 5 Nov 2002 23:55:03 -0000 Received: from unknown (HELO ex02.idirect.net) (208.226.76.48) by sources.redhat.com with SMTP; 5 Nov 2002 23:55:03 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Is RSA authentication on SSH still broken? Date: Tue, 05 Nov 2002 15:55:00 -0000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Harig, Mark A." To: "Antonio Bemfica" , X-SW-Source: 2002-11/txt/msg00176.txt.bz2 I am able to use SSH with public/private-key files. ssh is working on Cygwin, both as a client and as a server, at least on Win2K. # Cygwin version: $ uname -r 1.3.14(0.62/3/2) # Windows version: $ uname -s CYGWIN_NT-5.0 # ssh version $ ssh -V OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f My guess is that your problem is related to file/directory permissions. One permission problem I found is that 'ssh-keygen' creates a ~/.ssh directory (if you don't have one already) with permissions set to 700. I found that I had to change these to 755. Here are the file permissions you should check: 1. $HOME - Your home directory should be set to 700. Only you need access to your home directory. 2. $HOME/.ssh - Try setting this to 755. 3. $HOME/.ssh/authorized_keys* - Turn off write permission for anyone other than you, turn on read permission for everyone. One possible setting for this is: $ chmod 644 $HOME/.ssh/authorized_keys* Of course, only 'identity.pub' keys should be in 'authorized_keys' and only 'id_rsa.pub'/id_dsa.pub' should be in 'authorized_keys2', depending upon the type(s) of encryption you chose. 4. $HOME/.ssh/ - Of course, only you should have any permissions for your private key files 'identity', 'id_rsa', or 'id_dsa' (you need at least one of these). $ chmod 600 identity (or id_rsa or id_dsa, etc.) > -----Original Message----- > From: Antonio Bemfica [mailto:antonio@axolotl.ic.gc.ca] > Sent: Tuesday, November 05, 2002 5:32 PM > To: cygwin@cygwin.com > Subject: Is RSA authentication on SSH still broken? >=20 >=20 > Hello >=20 > Could someone clarify whether RSA authentication is still not possible > when running SSH as the SYSTEM user? I have Cygwin 1.3.14-1=20 > and OpenSSH > 3.4p1-5 and can only login via password authentication (I am familiar > with the process to effect RSA authentication under Unix). I have also > tightened permissions on the key files, home directory, etc. >=20 > The /usr/doc/Cygwin/openssh-3.4p1-5.README file mentions that "The > following restrictions only apply to Cygwin versions up to 1.3.1" - is > it safe to assume that I should be able to get it running, since I am > using 1.3.14-1? I will stop trying otherwise! >=20 > Thanks a lot for the help. >=20 > A. >=20 >=20 >=20 >=20 > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ >=20 >=20 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/