I've looked through the mailing list and I've seen some discussion about this, but most of the threads were pretty old and none of them really addressed the exact problem I'm seeing. I have sshd up and running on a Windows 2003 server with public-key auth working. The setup was smooth as silk and completely painless. Very impressive, the maintainers should be quite proud. So the only snag I have left is that when I try to kick off a script/program via an ssh "one-liner" the authentication doesn't work the way I expect. If I log in to a shell "whoami" returns to correct answer. If I "ssh [EMAIL PROTECTED] whoami", I get the sshd_server user:
======= [EMAIL PROTECTED] ~]# ssh [EMAIL PROTECTED] Last login: Wed Aug 22 20:14:51 2007 from 172.16.3.22 Fanfare!!! You are successfully logged in to this server!!! [EMAIL PROTECTED] ~ $ whoami ADAdministrator [EMAIL PROTECTED] ~ $ logout Connection to kazzak.ad.logicworks.net closed. [EMAIL PROTECTED] ~]# ssh [EMAIL PROTECTED] whoami kazzak\sshd_server ======= I am making an educated guess here in that the former instance the sshd_server is kicking off the user's shell as the user (that's where Privilege Escalation comes into play?), but in the latter case it just executes the script/program directly. If so, doesn't this represent a pretty serious security problem (ie. any user could run any program as the sshd_server user)? If this isn't a default security problem and is merely a configuration issue, does anyone have any suggestions as to how to fix it? Or if I'm stuck with this, are there any clever workarounds? Thanks in advance for the help. BG -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
