can't achieve password-less ssh authentication when my home directory is on a network file server

Igor Pechtchanski pechtcha@cs.nyu.edu
Sat Feb 28 04:30:00 GMT 2004 

John,

Please configure your mailer to wrap long lines.  Thanks.  More below.

On Fri, 28 Feb 2004 ncokwqc02<at>sneakemail<dot>com wrote:

> Here's the scenario:
>
> I have Cygwin installed and the OpenSSH daemon running on a PC (let's
> call it 'Alpha') and I have an account in the Windows NT domain of which
> 'Alpha' is a member. I log onto 'Alpha' and all the other workstations
> in this domain with the same password. 'Alpha' can access its local disk
> (the usual 'c:') as well as a network drive (accessible at
> '//Filer/...').
>
> I also have Cygwin installed on another PC (let's call it 'Beta') and I
> would like to achieve password-less 'ssh' access from 'Beta' to 'Alpha'.
>
> Both 'Alpha' and 'Beta' have 'rsa' public/private keys.
>
> I have no problem achieving my objective if 1) my home directory (as
> specified in 'Alpha:/etc/passwd') is '/home/john', and 2)
> 'Beta:/home/john/.ssh/known_hosts' includes the 'id_rsa.pub' file from
> 'Alpha:/home/john/.ssh', and 3) 'Alpha:/home/john/.ssh/authorized_keys2'
> includes the 'id_rsa.pub' file from 'Beta:/home/john/.ssh'. Note that
> for both 'Alpha' and 'Beta', '/' is the Cygwin mount point for
> 'c:/cygwin'. The only drawback to this procedure is that when I 'ssh'
> from 'Beta' to 'Alpha' this way, **I CAN'T ACCESS** any files on
> '//Filer'. Such access is critical for my application.
>
> On the other hand, if 1) my home directory (as specified in
> 'Alpha:/etc/passwd') is on the network file server at
> '//Filer/home/john', and 2) 'Beta:/home/john/.ssh/known_hosts' includes
> the 'id_rsa.pub' file from '//Filer/home/john/.ssh', and 3)
> '//Filer/home/john/.ssh/authorized_keys2' includes the 'id_rsa.pub' file
> from 'Beta:/home/john/.ssh', then **I DO HAVE ACCESS** to the files on
> '//Filer' as well as the local files on 'c:' (aka '/cygdrive/c'). The
> only problem is that, in this case, the 'ssh' authentication process
> asks me to enter my password each time.
>
> I don't understand why 'Alpha' and 'Beta' are interacting this way
> because various other Linux and UNIX clients configured similarly are
> able to achieve password-less access to 'Alpha' without any trouble.
>
> So my question is this: How do I modify the file(s) on 'Alpha' or on
> '//Filer' to obtain password-less access from 'Beta' to 'Alpha' when the
> password file on 'Alpha' says '//Filer/john' is my home directory?
>
> Any help would be appreciated.
>
> Thanks,
> john

Sorry, no can do[*].  This is the way Windows/Samba shares (and other
authenticated mounts, e.g., DFS) works.  To access the directory, you need
a valid token with a password, otherwise the remote machine won't trust
it.  To find out that you allow passwordless authentication, you need to
access the directory, which you can't without a password.  FWIW, I ran
into the same problem on AIX (with DFS).

[*] I can think of a couple of things to try, but don't think either will
work too well:
- If you have control over the //Filer share, you might try to make the
share public (i.e., accessible to anyone).  I'd say that this cure is
worse than the disease, though...
- Create a local home directory (e.g. /home/john); mount the remote
directory (//Filer) onto it; then mount c:\cygwin\home\john\.ssh onto
/home/john/.ssh.  In theory, this should allow you to keep a local (and
therefore accessible without a password) copy of the .ssh directory, while
the rest of your files are on the Samba share.  The caveat, of course, is
that you won't be able to access the remote .ssh directory, if there is
one.  Also, make sure the mounts are all system mounts, so sshd can pick
them up.

Please let us know if either works for you.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list