This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Passwordless sftp with ssh 5.9 still asks for password

From: Warren Young <warren at etr-usa dot com>
To: Cygwin-L <cygwin at cygwin dot com>
Date: Tue, 29 Nov 2011 16:17:45 -0700
Subject: Re: Passwordless sftp with ssh 5.9 still asks for password
References: <9E9DD545D034B84B935BB50A739B078B0551DD6893@sha-exch12.shared.ifeltd.com>

On 11/29/2011 2:49 PM, Andrew Erskine wrote:

ssh-keygen -t dsa

"-t [keytype]" is a default flag these days, and it defaults to RSA, not DSA. Unless you know for a fact you need DSA keys for some odd reason, leave this flag off and accept the default.

(ssh itself doesn't care what kind of key you use, as long as both ends have support for the key type you want to use. Since every ssh implementation I've used since *forever* supports both RSA and DSA, the only way I can see why you'd want to use DSA is if you had some weird third-party tool that only understood DSA keys.)

Accept the default
key location, C:\Documents and Settings\nhuser\.ssh\id_dsa,

Why would that be the default location, if you are using Cygwin tools? Shouldn't it be something like c:\cygwin\home\nhuser\.ssh\...? You can change your HOME to anything you like, but that's not the default with Cygwin.

2. Copy the public key, id_dsa.pub, to all remote poller systems

More superannuated information. Use the ssh-copy-id script instead of this manual process they're running you through. It Does The Right Thing (TM) and it's included with recent versions of the openssh package in the default Cygwin package repo.

If you aren't using official Cygwin packages or you are insisting on using old stuff, you get what you deserve. :)

4.  Copy the public key into the authorized_keys2
file, using the following command: copy /b id_dsa.pub
authorized_keys2

That overwrites authorized_keys2, rather than appending to it as claimed. Plus, you should be talking about authorized_keys, no numeral.

If I'm wrong and sshd *will* look for a '2' file, the problem is likely to be permissions. It won't use the file if it isn't locked down, since that means you have only the illusion of security, and it won't play into a fantasy.

But if you use ssh-copy-id, you don't have to worry about any of this. Updating this file correctly is one of the things it does for you.

Restart the cygwin Windows service

Not needed. sshd re-reads authorized_keys on each login attempt.

D:\cygwin\bin>...

You'll get a lot less friction with Cygwin tools if you use the Cygwin Bash shell instead of CMD.

ssh-copy-id is a shell script, so you'll have to jump through some hoops to even run it from a CMD shell, whereas it behaves just like any other command when you're running *any* Cygwin shell, not just Bash.

Regards Andy Sent from my iPhone

<eyebrows type="through-the-roof">You typed all that on a screen keyboard?</eyebrows> That's dedication.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: Passwordless sftp with ssh 5.9 still asks for password
  - From: Andrey Repin
- Re: Passwordless sftp with ssh 5.9 still asks for password
  - From: Csaba Raduly

References:
- Passwordless sftp with ssh 5.9 still asks for password
  - From: Andrew Erskine

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]