This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
I have Cygwin and OpenSSH set up on a number of Win2K machines. Home directories for users are mounted via a FreeBSD-based Samba server named Whistler. SSH to the Win2K machines works without any problems *except* for key-based authentication where the ~/.ssh/authorized_keys file is in a Samba-mounted home directory. I found email from Brian Hayward (http://sources.redhat.com/ml/cygwin/2003-10/msg00479.html) from a couple of weeks ago, which seems pretty similar. However, when I try the solution (running "setfacl -m u:system:r-- ~ ~/.ssh ~/.ssh/authorized_keys", where ~ is a Samba-mounted home directory), I get an error message that says "Function not implemented." I don't get this error message when I try it on a local home directoy, like /home/administrator. (I've also tried appending keys in authorized_keys2 to authorized_keys, without any more success.) I *have* been able to get key-based authentication to work if I set up a home directory for the user on the Win2K machine. In other words, I change the home directory listed in /etc/passwd from "//sambaserver/username" to "/home/username", create the directory, and copy over the user's .ssh directory. However, at this point they no longer have access to their home directory, so it's less than ideal. And for the record, password-based authentication works without any problem at all. On the Samba server, some home directories are mounted via NFS from other FreeBSD machines via amd, and some are on the machine itself; this doesn't seem to make any difference -- key-based authentication keeps failing. I thought it might be a problem with symlinks (http://www.cygwin.com/faq/faq_4.html#SEC69). To test, I tried setting my home directory in Cygwin's /etc/passwd to a temporary directory on Whistler (one that was not mounted via AMD, and had no symbolic links at all) and copying the .ssh directory in there; it still didn't work. Here's the debug log from the ssh daemon when I try to log in: debug1: userauth-request for user hbrown service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x100f4888 debug1: temporarily_use_uid: 13044/545 (e=18/18) debug1: trying public key file //whistler/hbrown/.ssh/authorized_keys debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug1: restore_uid: (unprivileged) debug1: temporarily_use_uid: 13044/545 (e=18/18) debug1: trying public key file //whistler/hbrown/.ssh/authorized_keys2 debug1: restore_uid: (unprivileged) debug3: mm_answer_keyallowed: key 0x100f4888 is disallowed debug3: mm_request_send entering: type 21 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Failed publickey for hbrown from 192.168.0.80 port 2621 ssh2 Directory permissions for ~hbrown, listed in Cygwin: $ ls -ld .ssh drwxr-xr-x 2 hbrown Users 0 Oct 23 13:31 .ssh $ ls -ld .ssh/authorized_keys* -rw-r--r-- 1 hbrown Users 3894 Oct 23 16:08 .ssh/authorized_keys -rw-r--r-- 1 hbrown Users 1221 Oct 23 15:55 .ssh/authorized_keys2 And the options in sshd_config that are not commented out: Port 22 StrictModes no UsePrivilegeSeparation yes Subsystem sftp /usr/sbin/sftp-server Finally, I've attached the output of cygcheck -s -v -r. Thanks in advance for any help you can give me, and please let me know if I've left anything out. -- Hugh Brown hbrown@dyaptive.com
Attachment:
cygcheck.out
Description: Text document
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |