This is the mail archive of the
mailing list for the Cygwin project.
OpenSSH + Public Key Auth + ntsec
- From: John <cras at werd dot net>
- To: cygwin at cygwin dot com
- Date: Tue, 8 Jul 2003 11:44:31 -0500 (EST)
- Subject: OpenSSH + Public Key Auth + ntsec
We are running openssh 3.5p1 with public key authentication working with
no problems. Currently, we have sshd running with the following:
CYGWIN="binmode ntsec tty".
When making directories via ssh:
ssh <server> "mkdir /cygdrive/d/temp/test"
or when copying files via scp:
scp file.txt <server>:/cygdrive/d/temp/test
the files are given the "ntsec" permissions from cygwin and are corrupting
the NTFS filesystem. I have tried installing sshd with:
CYGWIN="binmode nontsec tty"
so that cygwin would stop using ntsec and start using inherited NTFS
permissions. However public key authentication will not work with this
configuration. What happens with this configuration is that I can connect
to the remote server but am immediately disconnected. I think what is
happening is that sshd accepts the public key authentication but rejects
it when it sees world readable files in ~/.ssh since the directory was
initially created via nontsec.
I have also tried specifying CYGWIN="binmode nontsec tty" in .bashrc and
.bash_profile with sshd installed with "ntsec" so that making directories
with ssh.exe uses inherited NTFS permissions. However, this does not work
for scp.exe. I tried to write a wrapper script for scp.exe to set the
variables correctly, however that did not work. I think I would have had
to associate all .exe files with bash.exe to get that to work.
I have digged through the list archives and can not seem to find anyone
using "nontsec" and public key authentication. Is this possible? Or are
any of my partial workarounds close to a full workaround with a little
help? Essentially we need ssh working with public key authentication on a
usable NTFS filesystem. I would like to avoid using ntsec if at all
possible. Any advice is greatly appreciated. I can reply with more
information if needed. Thank you,
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html