This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Using sshd on Windows 2000 with public keys


"McCann, Brian" wrote:

> Hi all.  I've been fighting this for some time now, and I can't find a
> solid fix to make this work.  I'm running Cygwin under Windows 2000, and
> I'm trying to setup ssh using key authentication.  The auth part works
> fine, but when I try to run commands that require rights inside Windows,
> it fails (like iisreset).

This is covered in the FAQ somewhere I think.

Windows requires the user's password in order to do true user context
switching.  So when you log on using public key auth, Cygwin can only
partially impersonate the user account.  Things such as protected
network shares will not work.  There's no way around this short of using
password authentication, because it's a fundamental windows requirement
that the token contain the password.

> I've discovered that I need to have sshd run
> as another user, like Administrator or something, so I did that by
> changing who the service runs as and setting file permissions and
> ownerships accordingly, and that fixed the problem for the Administrator
> account. But, when another user tries to login, it disconnects right
> away.  In the event log, I see "setreuid 1014: Permission denied.".
> I've found the fix for Windows 2003, which involves granting the user
> the service runs as the "Change a process-level token" permission, but
> that does not exist under Windows 2000.  I can't find a fix for this for
> 2000.  Is there such a thing?  Does anyone have any ideas that could
> help me out?

You should be able to use editrights to assign the necessary
privileges.  Read /usr/share/doc/Cygwin/*openssh* and the contents of
/usr/bin/ssh-host-config.

Brian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]