Thanks for the info - I wasn't aware of passwd -R - just tried it and it works which is a good relief. It's a dev lab - anyone with access to the keys is allowed full rights to the machines - so security not a major concern.
BTW - I had installed cyglsa-config and rebooted and gave the users the "Act as part of OS" right - but it doesn't work for me. I must be missing something ..... Thanks again - you've saved me considerable problems! On 2010/02/03 10:07 PM, shane fenton wrote: > Hi, > First time poster - so hopefully will get it right :) > Cygwin 1.7 installed on approx 10 machines - XP /2008 > domain cyg_server user created > Added above user to Quotas/create token/replace token & log on as > service & local admins on pc's > added cyg_server to passwd file > ssh-host-config (found above user and used it and did the right perms > on /var/empty & /var/log/sshd.log ) > added domain user accounts to passwd & domain users group > group You didn't mention whether you set up the LSA authentication package (with /usr/bin/cyglsa-config), or used 'passwd -R' for each user. Did you try either of those? The Cygwin User Guide goes into great detail about the methods of changing user context, in this chapter: http://cygwin.com/cygwin-ug-net/ntsec.html The gist of that chapter is this: If you want to be able to login via ssh as a user that is not running the sshd daemon, you have basically two options: (1) Provide a valid Windows password to the sshd daemon, either interactively (which you obviously don't want to do, since you're attempting public key auth), or stored statically in the registry via 'passwd -R'. (2) Use the LSA authentication package. Bear in mind that if you use this option to avoid giving sshd your password entirely, I believe that certain privileges are withheld from the logged in user. [I don't remember exactly what privs are missing in this case... access to network resources maybe?] Hope this helps, -SM -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple