Re: sshd not doing key based authentication
* Rurik Christiansen (Tue, 10 Apr 2012 11:23:04 +1000) On 6/04/2012 08:44, Andrey Repin wrote: Greetings, Rurik Christiansen! [...] and my understanding is that I can't run the sshd frontend without screwing the permissions. I don't understand what you mean by this. From an earlier mail on this list: http://cygwin.com/ml/cygwin/2008-11/msg00212.html I cite: Ugh! This suggests that you have not read OpenSSH readme in /usr/share/doc/Cygwin. You can't do this without screwing up all the permissions on various directories and files that SSH checks the permissions of. Nonsense. sshd doesn't change or screw up any permissions. I've been running sshd as user or sshd via xinetd run as user for the last seven years on my workstation and never had no problem. Of course I can only login as myself but that's expected. Thorsten -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd not doing key based authentication
On 4/10/2012 10:02 AM, Thorsten Kampe wrote: * Rurik Christiansen (Tue, 10 Apr 2012 11:23:04 +1000) On 6/04/2012 08:44, Andrey Repin wrote: Greetings, Rurik Christiansen! [...] and my understanding is that I can't run the sshd frontend without screwing the permissions. I don't understand what you mean by this. From an earlier mail on this list: http://cygwin.com/ml/cygwin/2008-11/msg00212.html I cite: Ugh! This suggests that you have not read OpenSSH readme in /usr/share/doc/Cygwin. You can't do this without screwing up all the permissions on various directories and files that SSH checks the permissions of. Nonsense. sshd doesn't change or screw up any permissions. I've been running sshd as user or sshd via xinetd run as user for the last seven years on my workstation and never had no problem. Of course I can only login as myself but that's expected. And that's exactly the point of the referenced thread. If you know how to do what you've done and what the limitations are, then you can make things work within these limitations. For those that don't know all these little details and limitations and just want to get sshd running in a general, non-restrictive way, using the provided configure scripts is the way to go and the Cygwin readme for OpenSSH is the right place to look for details about these scripts and how to run them. And more importantly, unless you use these resources, it's assumed you know what you're doing and that you don't need this list's help if you run into problems. Just to button up this thread for whoever may be reading it in the future, if the previous statement doesn't describe you, don't try to initially hand configure your OpenSSH installation and don't run sshd from the command line unless you know what you are doing. -- Larry _ A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd not doing key based authentication
On 6/04/2012 08:44, Andrey Repin wrote: Greetings, Rurik Christiansen! [...] and my understanding is that I can't run the sshd frontend without screwing the permissions. I don't understand what you mean by this. From an earlier mail on this list: http://cygwin.com/ml/cygwin/2008-11/msg00212.html I cite: Ugh! This suggests that you have not read OpenSSH readme in /usr/share/doc/Cygwin. You can't do this without screwing up all the permissions on various directories and files that SSH checks the permissions of. (the client sends the publickey packet and then jumps to next auth method) This looks exactly like wrong permissions on authorized_keys file, or absence of it for particular user. Palm slap over forehead :) ... Yes that was it. Also, please don't top-post. Sorry, sometimes I forget to switch contexts :) All the best and thanks -- Nihil verus. Omnia possibilis. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd not doing key based authentication
(replying to the list, sorry if it breaks the thread) On Thu, Apr 05, 2012 at 03:19:41PM +1000, Rurik Christiansen wrote: I was hoping more for some pointers to what the permissions must be and then do the troubleshooting myself. The unix side of permissions look ok. I don't know what the windows side must be or if it matters. The ssh -vvv' (client side) has not been particularly helpful to me when it comes to permissions. and my understanding is that I can't run the sshd frontend without screwing the permissions. (the client sends the publickey packet and then jumps to next auth method) How did you setup the server? IIRC, ssh-host-config complains if it finds wrong perms. How do you start the service? Is there something in /var/log/sshd.log (provided you are logging there, and not elsewhere via syslog-ng or other means). You could also delete the service and recreate it. -- Primary key fingerprint: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56 signature.asc Description: Digital signature
Re: sshd not doing key based authentication
Greetings, Rurik Christiansen! The ssh -vvv' (client side) has not been particularly helpful to me when it comes to permissions. That's because server will not disclose any potential vulnerabilities to client. and my understanding is that I can't run the sshd frontend without screwing the permissions. I don't understand what you mean by this. (the client sends the publickey packet and then jumps to next auth method) This looks exactly like wrong permissions on authorized_keys file, or absence of it for particular user. Also, please don't top-post. -- WBR, Andrey Repin (anrdae...@freemail.ru) 06.04.2012, 02:42 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
sshd not doing key based authentication
Hello, I'm trying to make sshd to do key based authentication. I am guessing that is probably a problem of permissions but can't figure it out. All I found was this email: http://cygwin.com/ml/cygwin/2008-11/msg00212.html which basically says RTFM Well, I did RTFM, I followed the instructions. all looks OK as far as I can see but still no go. Any better suggestions much appreciated. (running on Windows 7) Thanks. Regards. -- Nihil verus. Omnia possibilis. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd not doing key based authentication
Greetings, Rurik Christiansen! I'm trying to make sshd to do key based authentication. I am guessing that is probably a problem of permissions but can't figure it out. All I found was this email: http://cygwin.com/ml/cygwin/2008-11/msg00212.html which basically says RTFM Well, I did RTFM, I followed the instructions. all looks OK as far as I can see but still no go. Any better suggestions much appreciated. Read logs on both sides, of course. The most common issue is access rights on key files. (running on Windows 7) -- WBR, Andrey Repin (anrdae...@freemail.ru) 04.04.2012, 15:25 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd not doing key based authentication
On Wed, Apr 04, 2012 at 03:26:39PM +0400, Andrey Repin wrote: Greetings, Rurik Christiansen! I'm trying to make sshd to do key based authentication. I am guessing that is probably a problem of permissions but can't figure it out. All I found was this email: http://cygwin.com/ml/cygwin/2008-11/msg00212.html which basically says RTFM Well, I did RTFM, I followed the instructions. all looks OK as far as I can see but still no go. Read logs on both sides, of course. The most common issue is access rights on key files. Check for PubkeyAuthentication, StrictModes, AllowUsers, AllowGroups, AuthorizedKeysFile in the server side (whether they exist and how they are defined), read the manpage for detailed info on this options (sshd_config(5)). Try setting LogLevel to DEBUG. Provide a 'ssh -vvv user@host' test connection. You don't give enough info to figure out what the problem might be. -- Primary key fingerprint: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56 signature.asc Description: Digital signature
Re: sshd not doing key based authentication
David and Andrew thanks for your replies. Yes I didn't provide enough details, David you are right. But ... I was hoping more for some pointers to what the permissions must be and then do the troubleshooting myself. The unix side of permissions look ok. I don't know what the windows side must be or if it matters. The ssh -vvv' (client side) has not been particularly helpful to me when it comes to permissions. and my understanding is that I can't run the sshd frontend without screwing the permissions. (the client sends the publickey packet and then jumps to next auth method) Cheers. On 4/04/2012 23:30, David Sastre Medina wrote: On Wed, Apr 04, 2012 at 03:26:39PM +0400, Andrey Repin wrote: Greetings, Rurik Christiansen! I'm trying to make sshd to do key based authentication. I am guessing that is probably a problem of permissions but can't figure it out. All I found was this email: http://cygwin.com/ml/cygwin/2008-11/msg00212.html which basically says RTFM Well, I did RTFM, I followed the instructions. all looks OK as far as I can see but still no go. Read logs on both sides, of course. The most common issue is access rights on key files. Check for PubkeyAuthentication, StrictModes, AllowUsers, AllowGroups, AuthorizedKeysFile in the server side (whether they exist and how they are defined), read the manpage for detailed info on this options (sshd_config(5)). Try setting LogLevel to DEBUG. Provide a 'ssh -vvv user@host' test connection. You don't give enough info to figure out what the problem might be. -- Nihil verus. Omnia possibilis. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple