* Re: accessing shared drives when logged in via ssh
@ 2002-09-10 10:53 Scott Evans
0 siblings, 0 replies; 7+ messages in thread
From: Scott Evans @ 2002-09-10 10:53 UTC (permalink / raw)
To: Cygwin List
> This is expected behavior if sshd is running as LocalSystem and you used
> publickey authentication when you logged in. On my Win2k box, I can
> access shares if I use password authentication.
No way -- really? I'll have to try it.
That behavior seems pretty surprising to me; why should the type of
authentication end you up with any more or less priveleges? And for that
matter, why would *password* auth be treated as "more secure" than
publickey?
> Alternatively, you can run the sshd process as a specific user. If you
> then use pubkey authentication (and are logging in as the user running
> sshd), you'll also have share access.
hm. I suppose I could do that though it "feels" wrong since there are,
in face, multiple user accounts on this machine.
Sigh -- sometimes the line between Cygwin and Windows still confuses me.
Especially when there's no "su" that I know of.
Thanks for the tip, Dave...
scott
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: accessing shared drives when logged in via ssh
2002-09-11 1:39 ` Corinna Vinschen
@ 2002-09-11 9:56 ` Scott Evans
0 siblings, 0 replies; 7+ messages in thread
From: Scott Evans @ 2002-09-11 9:56 UTC (permalink / raw)
To: cygwin
Corinna Vinschen <corinna-cygwin@cygwin.com> writes:
> On Tue, Sep 10, 2002 at 11:45:58AM -0700, Scott Evans wrote:
> > In my case, I'm running on a workgroup and the shares on other machines
> > are shared to *everyone*. So it seems like I should indeed be able to get
> > to them, regardless of who I am.
>
> Everyone is not everyone :-)
>
> There's a difference between shares which allow anonymous access and
> shares which allow access to every authenticated user. The latter
> are demanding password authentication and therefore are not open to
> processes under a non-password context switch. Of course I don't
> know which of them are used in your environment.
I don't either, since I'm using "simple networking" under XP for the
time being. Under the "sharing" settings, I have "share this folder
on the network" checked, and "allow network users to change my files".
Those are the only options available with "simple networking".
--
scott evans :: www.antisleep.com
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: accessing shared drives when logged in via ssh
2002-09-10 12:21 ` Scott Evans
@ 2002-09-11 1:39 ` Corinna Vinschen
2002-09-11 9:56 ` Scott Evans
0 siblings, 1 reply; 7+ messages in thread
From: Corinna Vinschen @ 2002-09-11 1:39 UTC (permalink / raw)
To: cygwin
On Tue, Sep 10, 2002 at 11:45:58AM -0700, Scott Evans wrote:
> > This is really a good thing. Basically, the sshd daemon can not switch
> > user contexts within the domain without a password. If that weren't the
> > case, a user with only local Admin rights could use ssh to become _any
> > user_ in the domain without ever providing a password for that user!
>
> I guess this is where things get a little funny -- Windows has a "domain
> administrator" while unix only has root on individual machines.
>
> In my case, I'm running on a workgroup and the shares on other machines
> are shared to *everyone*. So it seems like I should indeed be able to get
> to them, regardless of who I am.
Everyone is not everyone :-)
There's a difference between shares which allow anonymous access and
shares which allow access to every authenticated user. The latter
are demanding password authentication and therefore are not open to
processes under a non-password context switch. Of course I don't know
which of them are used in your environment.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: accessing shared drives when logged in via ssh
2002-09-10 11:16 ` David Rothenberger
@ 2002-09-10 12:21 ` Scott Evans
2002-09-11 1:39 ` Corinna Vinschen
0 siblings, 1 reply; 7+ messages in thread
From: Scott Evans @ 2002-09-10 12:21 UTC (permalink / raw)
To: David Rothenberger; +Cc: cygwin
> This is really a good thing. Basically, the sshd daemon can not switch
> user contexts within the domain without a password. If that weren't the
> case, a user with only local Admin rights could use ssh to become _any
> user_ in the domain without ever providing a password for that user!
I guess this is where things get a little funny -- Windows has a "domain
administrator" while unix only has root on individual machines.
In my case, I'm running on a workgroup and the shares on other machines
are shared to *everyone*. So it seems like I should indeed be able to get
to them, regardless of who I am.
scott
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: accessing shared drives when logged in via ssh
[not found] <Pine.LNX.4.44.0209101040370.980-100000@oontz.dissonant.org>
@ 2002-09-10 11:16 ` David Rothenberger
2002-09-10 12:21 ` Scott Evans
0 siblings, 1 reply; 7+ messages in thread
From: David Rothenberger @ 2002-09-10 11:16 UTC (permalink / raw)
To: Scott Evans; +Cc: cygwin
> > This is expected behavior if sshd is running as LocalSystem and you used
> > publickey authentication when you logged in. On my Win2k box, I can
> > access shares if I use password authentication.
>
> No way -- really? I'll have to try it.
>
> That behavior seems pretty surprising to me; why should the type of
> authentication end you up with any more or less priveleges? And for that
> matter, why would *password* auth be treated as "more secure" than
> publickey?
This is really a good thing. Basically, the sshd daemon can not switch
user contexts within the domain without a password. If that weren't the
case, a user with only local Admin rights could use ssh to become _any
user_ in the domain without ever providing a password for that user!
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: accessing shared drives when logged in via ssh
2002-09-09 15:44 Scott Evans
@ 2002-09-09 16:10 ` David Rothenberger
0 siblings, 0 replies; 7+ messages in thread
From: David Rothenberger @ 2002-09-09 16:10 UTC (permalink / raw)
To: Scott Evans; +Cc: cygwin
This is expected behavior if sshd is running as LocalSystem and you used
publickey authentication when you logged in. On my Win2k box, I can
access shares if I use password authentication. Alternatively, you can
run the sshd process as a specific user. If you then use pubkey
authentication (and are logging in as the user running sshd), you'll
also have share access.
Dave
Scott Evans wrote:
>
> While I'm asking about weirdness I've seen recently...
>
> I have a home network with 4 machines in a workgroup. 3 of them run
> XP, one still runs Win98. I just installed XP on the "main" machine,
> which also runs sshd. Now I find that I can't access shared drives on
> the other XP machines when I'm ssh'd in. If I open a bash window
> directly on the machine, no problem.
>
> In an ssh session, output looks like this:
>
> [gse] $ cd //studio/c
> -bash: cd: //studio/c: Permission denied
>
> Any ideas on where to start looking? Would strace output be useful?
>
> --
> scott evans :: www.antisleep.com
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
* accessing shared drives when logged in via ssh
@ 2002-09-09 15:44 Scott Evans
2002-09-09 16:10 ` David Rothenberger
0 siblings, 1 reply; 7+ messages in thread
From: Scott Evans @ 2002-09-09 15:44 UTC (permalink / raw)
To: cygwin
While I'm asking about weirdness I've seen recently...
I have a home network with 4 machines in a workgroup. 3 of them run
XP, one still runs Win98. I just installed XP on the "main" machine,
which also runs sshd. Now I find that I can't access shared drives on
the other XP machines when I'm ssh'd in. If I open a bash window
directly on the machine, no problem.
In an ssh session, output looks like this:
[gse] $ cd //studio/c
-bash: cd: //studio/c: Permission denied
Any ideas on where to start looking? Would strace output be useful?
--
scott evans :: www.antisleep.com
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-09-11 16:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-09-10 10:53 accessing shared drives when logged in via ssh Scott Evans
[not found] <Pine.LNX.4.44.0209101040370.980-100000@oontz.dissonant.org>
2002-09-10 11:16 ` David Rothenberger
2002-09-10 12:21 ` Scott Evans
2002-09-11 1:39 ` Corinna Vinschen
2002-09-11 9:56 ` Scott Evans
-- strict thread matches above, loose matches on Subject: below --
2002-09-09 15:44 Scott Evans
2002-09-09 16:10 ` David Rothenberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).