This is the mail archive of the
mailing list for the Cygwin project.
Silly question about OpenSSH and Cygwin
- To: cygwin at cygwin dot com
- Subject: Silly question about OpenSSH and Cygwin
- From: joshua dot newton at dfs dot com
- Date: Wed, 8 Aug 2001 07:31:30 -0700
I'm going to cross my fingers and hope this question hasn't been asked before.
First, some fast background (skip if you find it unimportant):
In an effort to save my company some (lots) of money, I've been coding up a
system to deploy
software remotely to all of our NT4 workstations, using Free and/or open source
I couldn't find a way to execute commands remotely on the workstations, so I had
to code up a mess
of MS batch and fun things like Task Scheduler and regini.exe. The current
system works, even if it
is an ugly mess. However, it's using a pull model whereby all the workstations
are ftping tarballs
from a central server and executing the contents, relying on Task Scheduler to
make it happen on
a regular basis. This means there's no central control and no easy way to turn
it off when the staff
are working late. I spent a while looking for free implementations of sshd or
*gack* rshd or even
something like telnet and came up blank.
Then, I saw the light of OpenSSH and Cygwin. I spent a while testing Cygwin and
protoyping the new
deployment system, only to discover the FAQ entry as regards Cygwin security in
environment ( http://www.cygwin.com/faq/faq_4.html#SEC71 ).
Is Cygwin still inherently insecure on a multiuser system, or is this a FAQ
entry that hasn't been
revised in a while? If it's still correct, is there any way to lock it down, or
protect Cygwin from non-
admin users? The new system I was prototyping relies on sshd running on all the
I see lots of other folks using OpenSSH on Cygwin for a variety of things, so
I'm going to guess
that I missed something.
But -- we're working in a reasonably security-conscious environment, and the
last thing I want to do
is explain myself to an audit team when they find out I deployed new code that's
anyone logged into the workstations locally.
If I can't distribute the new system soon, I'm going to have to pull the current
one out and deploy
software manually on over 100 client machines until I can cost-justify either a
implementation or S&M Server...
Thanks in advance, all.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html