This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

ssh, smbntsec, mounted home directory - is it possible

I've found that in life if you don't completely solve a problem you tend
to come back upon it until you do. Dredging up an old issue
( of which Corinna
commented here:
but it was what Igor said in that really got me

>From what I understand, if you wish to share a home directory via SMB
among a number of Windows machines then you will have problems with ssh
and permissions if you are attempting to use pre-shared ssh keys. By
using pre-shared ssh keys you are attempting to allow passwordless ssh
login - secure ssh login but passwordless nonetheless. As such, when you
log into the Windows machine you will not have access to your SMB home
directory, since as Igor says "trying to access network shares from a
session you did with passwordless authentication"... is "not gonna
work". As I understand it, when no password is supplied then no password
is available to give Windows in order to authenticate access to the SMB
share. So, during the attempt to authenticate the pre-shared key, the
sshd process cannot access the user's ~/.ssh/authorized_keys. So then it
eventually has to prompt for the password. But even worse, after giving
the password you still have no access to your home directory.

Although Cygwin 1.7 may offer some hope:

    Cygwin now allows storage and use of user passwords in a hidden area
    of the registry. This is tried first when Cygwin is called by
    privileged processes to switch the user context. This allows, for
    instance, ssh public key sessions with full network credentials to
    access shares on other machines.

my client isn't able to use Cygwin 1.7 yet.

So to recap: I'd like to provide pre-shared key ssh access to a
particular username. I cannot, however, use an SMB shared home directory
for that user without encountering problems with ssh and permissions.

If the above statement is not true and you have any ideas on how to
achieve these objectives then let me know.
Andrew DeFaria <>
Can you sentence a homeless man to house arrest?

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]