Hi All... I am currently running OpenSSH 2.5.2p2 with multiple (sequential) authentication modes in a WinNT/Win2k srvany sshd server environment. That is: to login, I first type a passphrase for my ssh2 rsa (or dsa) key, then I type the password on the local machine. It is working great and gives the security improvement I was looking for. For now, the recipe is as follows: 1) Download and install the latest CygWin code (including source for both openssh and openssl). 2) Download Carson Gaspar's 3-28-01 patch from the OpenSSH Archives. 3) cd /openssh-2.5.2p2 4) ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin 5) edit defines.h, line 439 and uncomment the `#define USE_PIPES 1' 6) apply the Partial Authentication Patch 7) edit auth2.c, comment out the call to check_nt_auth at the end of userauth_pubkey 8) make 9) copy sshd.exe to /usr/sbin (stopping the sshd service as needed) 10) edit /etc/sshd_config, change Protocol whatever line to 'Protocol 2', change StrictModes from yes to no, and add the following line near the bottom of the file 'AuthOrder2 publickey:password' You can now run the service from LocalSystem and have rsa/dsa authentication from multiple users. The login sequence will now look like: user@machine ~ $ ssh localhost Enter passphrase for key '/home/user/.ssh/id_rsa': Authenticated with partial success. user@localhost's password: Last login: Mon Apr 23 00:07:17 2001 from machine user@machine ~ $ I hope this is helpful. Thanks, ...Karl _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple
