This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Question about "rexec"
Andrew DeFaria wrote:
> Larry Hall (RFK Partners, Inc.) wrote:
>
>> Andrew DeFaria wrote:
>>
>>> Bill C. Riemers wrote:
>>>
>>>> You might also want to check the ownership of your home directory
>>>> and .ssh directory, as that is the only thing I can think of that
>>>> would cause the touch error in your previous message. If ownership
>>>> or permissions are wrong, then sshd defaults to require a password
>>>> rather than trusting that nobody else has changed the key files.
>>>
>>> Herein I believe my difficulties lie. That an not understanding
>>> Windows permissions vs Unix permissions and how such things are
>>> mapped. Here's what I do know:
>>>
>>> $ cd ~/.ssh
>>> $ ls -l
>>> total 6
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 17:10 authorized_keys
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 15:25 authorizedkeys
>>> -rw-r--r-- 1 adefaria Domain U 887 May 22 15:22 id_rsa
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 15:22 id_rsa.pub
>>> -rw-r--r-- 1 adefaria Domain U 1624 May 22 15:19 known_hosts
>>> $ chmod 600 id_rsa*
>>> $ ls -l
>>> total 6
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 17:10 authorized_keys
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 15:25 authorizedkeys
>>> -rw-r--r-- 1 adefaria Domain U 887 May 22 15:22 id_rsa
>>> -rw-r--r-- 1 adefaria Domain U 227 May 22 15:22 id_rsa.pub
>>> -rw-r--r-- 1 adefaria Domain U 1624 May 22 15:19 known_hosts
>>>
>>> Nothing. So I go into Windows Explorer and look at the Security
>>> setting on the Properties dialog. I attempt to remove the users in
>>> the Security section and it tells me that I have to stop inheriting
>>> permissions. So I go to stop inheriting permissions and tell it to
>>> remove everything. Now nobody's listed in the Securities section.
>>> Windows warns me that only the create of the file will be able to
>>> access it. I look in Cygwin with ls -l and the mode bits are the
>>> same. I try the chmod again and there is no change! So I add my user
>>> back to having full control. My user is the only user listed now but
>>> the mode bits are still 644.
>>>
>>> When I try to ssh $(hostname) cmd I get:
>>>
>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> Permissions 0644 for '/us/adefaria/.ssh/id_rsa' are too open.
>>> It is recommended that your private key files are NOT accessible by
>>> others.
>>> This private key will be ignored.
>>> bad permissions: ignore key: /us/adefaria/.ssh/id_rsa
>>>
>>> Now what?!?
>>>
>>> (It would be nice if somebody who really knew the algorithm could
>>> explain Windows permissions and how they are mapped to Unix mode bits).
>>
>> Or you could just look at the FAQ:
>>
>> Why doesn't chmod work?
>> <http://cygwin.com/faq/faq_toc.html#TOC45>
>
> All that this says is to insure that you have ntsec set. I have it set.
> chmod still doesn't work! BTW I'm on Windows XP and use NTFS. My home
> directory is on the server (/us is a mount of //<server>/<share>).
Aha! Then have a look at smbntsec.
Max.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/