This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Sshd - Can't get access thru Public Key
On Mon, Sep 15, 2003 at 03:13:27PM +0200, Olivier ALLART wrote:
> Corinna Vinschen wrote:
> >create a special account for this, which is member of the admins
> >group and has the additional user privileges "Create a token object",
> >"Replace a process level token" and "Logon as a service". Probably
> >it makes sense to remove other privileges from that account, e.g.
> >the right to logon locally or so.
>
> my (dumb ?) question is : where do we define such parameters ?
>
> And if I get the thing correctly, sshd sould still run the same way
> (under the sshd user account with local sys privileges) but we should
> connect using this newluy created user account to log in .. am I right ?
No. *Don't* run sshd under the sshd account. The service must run
under some privileged account, member of the administrators group,
created with the usual Windows user management tools. Add the
"Create a token object" right to the account in the "Local Security
Policy" mmc snap-in. Create an /etc/passwd entry for the user.
Install the service with cygrunsrv so that it runs under that new
privileged account.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/