This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Question about "rexec"


Bill C. Riemers wrote:

You might also want to check the ownership of your home directory and .ssh
directory, as that is the only thing I can think of that would cause the
touch error in your previous message. If ownership or permissions are
wrong, then sshd defaults to require a password rather than trusting that
nobody else has changed the key files.


Herein I believe my difficulties lie. That an not understanding Windows permissions vs Unix permissions and how such things are mapped. Here's what I do know:

$ cd ~/.ssh
$ ls -l
total 6
-rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
-rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
-rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
-rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
-rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts
$ chmod 600 id_rsa*
$ ls -l
total 6
-rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
-rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
-rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
-rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
-rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts

Nothing. So I go into Windows Explorer and look at the Security setting on the Properties dialog. I attempt to remove the users in the Security section and it tells me that I have to stop inheriting permissions. So I go to stop inheriting permissions and tell it to remove everything. Now nobody's listed in the Securities section. Windows warns me that only the create of the file will be able to access it. I look in Cygwin with ls -l and the mode bits are the same. I try the chmod again and there is no change! So I add my user back to having full control. My user is the only user listed now but the mode bits are still 644.

When I try to ssh $(hostname) cmd I get:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/us/adefaria/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /us/adefaria/.ssh/id_rsa

Now what?!?

(It would be nice if somebody who really knew the algorithm could explain Windows permissions and how they are mapped to Unix mode bits).



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]