OpenSSH + Public Key Auth + ntsec

John cras@werd.net
Tue Jul 8 16:16:00 GMT 2003


Hello,

We are running openssh 3.5p1 with public key authentication working with
no problems.  Currently, we have sshd running with the following:
CYGWIN="binmode ntsec tty".

When making directories via ssh:
ssh <server> "mkdir /cygdrive/d/temp/test"
or when copying files via scp:
scp file.txt <server>:/cygdrive/d/temp/test

the files are given the "ntsec" permissions from cygwin and are corrupting
the NTFS filesystem.  I have tried installing sshd with:
CYGWIN="binmode nontsec tty"

so that cygwin would stop using ntsec and start using inherited NTFS
permissions.  However public key authentication will not work with this
configuration.  What happens with this configuration is that I can connect
to the remote server but am immediately disconnected.  I think what is
happening is that sshd accepts the public key authentication but rejects
it when it sees world readable files in ~/.ssh since the directory was
initially created via nontsec.

I have also tried specifying CYGWIN="binmode nontsec tty" in .bashrc and
.bash_profile with sshd installed with "ntsec" so that making directories
with ssh.exe uses inherited NTFS permissions.  However, this does not work
for scp.exe.  I tried to write a wrapper script for scp.exe to set the
variables correctly, however that did not work.  I think I would have had
to associate all .exe files with bash.exe to get that to work.

I have digged through the list archives and can not seem to find anyone
using "nontsec" and public key authentication.  Is this possible?  Or are
any of my partial workarounds close to a full workaround with a little
help?  Essentially we need ssh working with public key authentication on a
usable NTFS filesystem.  I would like to avoid using ntsec if at all
possible.  Any advice is greatly appreciated.  I can reply with more
information if needed.  Thank you,

John


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list