This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: uid having logged in with ssh

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: "Larry Hall (Cygwin)" <cygwin at cygwin dot com>
Date: Thu, 10 Aug 2006 09:58:31 +0200
Subject: Re: uid having logged in with ssh
References: <001c01c6bbee$47443220$35c94e98@CASSANDRA5> <44DA42F7.8030102@cygwin.com> <1039663999.20060810090353@cxxl.de>
Reply-to: cygwin at cygwin dot com

On Aug 10 09:03, cygwin-060809@cxxl.de wrote:
> hi,
> 
> Wednesday, August 9, 2006, 10:17:59 PM, "Larry Hall (Cygwin)" wrote:
> 
> > Andy Keane wrote:
> >> I am running sshd having set up the sshd service using ssh-host-config with
> >> privilege separation and with sshd running as a server owned by the local
> >> sshd_server user.
> >> All is working fine and I can log in using my keys without the need for
> >> passwords or without keys and using passwords.
> >> My problem is that if I then try and run some processes after logging in
> >> (specifically MPI ones) the system thinks I am the local sshd_server user
> >> and not the person I wish to be.
> 
> >> Any ideas how I can get sshd working such that after log in I am really the
> >> user I wish to be would be much appreciated.
> 
> > Patience. ;-)
> 
> i just want to add one more detail: i have the same setup with sshd.
> plus, i use EFS (encrypting file system) on the sshd box.  now EFS
> encrypts files ONLY for the user that writes them (and for so called
> recovery agents, but they are set up globally and all EFS files are
> decryptable for them), but not for all other users that may have
> access to the files (based on the their file privileges).
> 
> so when i'm user X and log in through sshd, write some file and then
> log on locally though a console, i can't read my own file, because the
> file was encrypted for SvcCOPSSHD (the sshd user in my case).
> 
> i, too, would much appreciate a solution :)

There's a working workaround:  Use password login.

Otherwise only the subauthentication stuff mentioned in
http://cygwin.com/ml/cygwin-developers/2006-07/msg00013.html as Larry
already pointed out will allow what you want.  There's really no gain in
repeating scenarios in which the current technique doesn't work.  The
drawbacks are known for years, really.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re[2]: uid having logged in with ssh
  - From: cygwin-060809

References:
- RE: uid having logged in with ssh
  - From: Andy Keane
- Re: uid having logged in with ssh
  - From: Larry Hall (Cygwin)
- Re[2]: uid having logged in with ssh
  - From: cygwin-060809

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]