This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Sshd and key based authentication

On 11/20/2013 12:37 PM, Andrea Venturoli wrote:
On 11/18/13 10:17, Andrea Venturoli wrote:
On 11/18/13 09:22, Andrey Repin wrote:

Did you installed Cygwin LSA module?

I don't think so, but I can't check right now...

Should I?


Today I followed your instruction, ran /usr/bin/cyglsa-config and rebooted:
still no luck.

I raised the loglevel to DEBUG3 and verified sshd was *always* looking for
/home/cyg_server/.ssh/authorized_keys, regardless of the user trying to log in.

So, if I do "ln -s /home/user /home/cyg_server", then ssh user@server works
without password prompt!!!
Of course I know the security implications of this...

Hm, thinking about this a little more, if you're still trying to log in
with domain users, your best bet is probably option 3 in the Users
Guide.  Since option 2 is using the Local Security Authority (LSA), it's
not going to get better at authenticating domain users than the default
mode unless the user you run the service as can authenticate domain
users.  So in this respect, it's the same thing as the default option
(the first option in the Users Guide).  Option 3 authenticates with the
password though so it should be much more like normal ssh password
authentication.  Give it a try and let us know if my thought experiment
works in the real world. :-)



A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]