This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Sshd - Can't get access thru Public Key


On Mon, Sep 15, 2003 at 03:13:27PM +0200, Olivier ALLART wrote:
> Corinna Vinschen wrote:
> >create a special account for this, which is member of the admins
> >group and has the additional user privileges "Create a token object",
> >"Replace a process level token" and "Logon as a service".  Probably
> >it makes sense to remove other privileges from that account, e.g.
> >the right to logon locally or so.
> 
> my (dumb ?) question is : where do we define such parameters ?
> 
> And if I get the thing correctly, sshd sould still run the same way 
> (under the sshd user account with local sys privileges) but we should 
> connect using this newluy created user account to log in .. am I right ?

No.  *Don't* run sshd under the sshd account.  The service must run
under some privileged account, member of the administrators group,
created with the usual Windows user management tools.  Add the
"Create a token object" right to the account in the "Local Security
Policy" mmc snap-in.  Create an /etc/passwd entry for the user.
Install the service with cygrunsrv so that it runs under that new
privileged account.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]