SSH Client Odditie with shosts on 2K/2K3/XP??

Corinna Vinschen corinna-cygwin@cygwin.com
Sun Sep 18 14:28:00 GMT 2005


On Sep 18 04:09, Bill Martin wrote:
> I am utterly confused . . . 
> 
> Win2K3 Server latest patches, latest install of Cygwin (DLL version: 1.5.18)
> and OpenSSH (openssh 4.2p1-1). No trouble getting SSHD to behave properly
> once configured; I can authenticate to this box via shosts from remote Linux
> and UNIX systems.  I cannot use the Cygwin SSH client to do host based
> authentication to another server that I typically can SSH to via host base
> (-o PreferredAuthentications hostbased) or even to the localhost.
> [...]
> I even went to far as to setuid on the ssh.exe, so what AM I missing?

setuid has no meaning in the Windows environment and it's so far not
doing anything useful on Cygwin.  And this is basically already your
problem.  ssh doesn't access the private hostkeys by itself, since
it knows that it can't access them usually.  It starts ssh-keysign
which would have to be setuid root (well, SYSTEM, or sshd_server on Cygwin)
to be able to access the private hostkeys.

So, bottom line, hostbased authentication is not supported on Cygwin
so far.  As a workaround, you could try this:  Use setfacl to add the
user which wants to use hostbased authentication to the ACL of the
private host keys in /etc.  Maybe this works.  But of course this is
NOT AT ALL recommended due to security concerns.  Use user based
pubkey authentication instead.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list