Possible Security Hole in SSHD w/ CYGWIN?

Achim Gratz Stromeko@nexgo.de
Sun Feb 14 10:49:00 GMT 2016

Erik Soderquist writes:
> I would suspect Domain Admin for the Cyg_server account is a
> requirement of David's environment, which neither of us know anything
> about at present.  I know I've had to do things that were not "best
> practice" due to corporate policy on more occasions than I care to
> count.

If that's the case, then security of the sshd is the least of your
worries and I wouldn't install sshd at all.

> Actually the Cygwin doc does include instructions for accessing
> network shares when using ssh public key authentication.

…which boil down to the password being stored (obscured) on the machine
running sshd in order for sshd to obtain the necessary authentication
via password-based login.

> Once again, assumptions.  While I can't explicitly vouch for David's
> environment, as I do not have access to check, I can vouch for mine,
> and mine was configured using sshd_host_config, with the only changes
> after sshd_host_config being regarding TCP and X tunneling.

I have to again make an assumption, namely that if cyg_server is a local
account you've checked the C$ share of the same server that sshd is
running on.  That's bad enough, shouldn't happen and needs fixing, but
at least you wouldn't be able to access any network shares from other
servers that weren't otherwise accessible for everybody.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for KORG EX-800 and Poly-800MkII V0.9:

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list