This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: 1.7 sshd - Alternative for cyg_server account?
- From: "Larry Hall (Cygwin)" <reply-to-list-only-lh at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 17 May 2010 17:19:50 -0400
- Subject: Re: 1.7 sshd - Alternative for cyg_server account?
- References: <AANLkTimNEa0kj73JlAlWxvMvwrybXRK8W7CFZSX1A4lN@mail.gmail.com>
- Reply-to: cygwin at cygwin dot com
On 5/17/2010 12:21 PM, Greg Fury wrote:
Excuse me for my lack of Windows security knowledge.
I'm getting some pushback from our Windows admins while trying to
implement sshd (1.7) on Windows server 2003.
They are concerned about the cyg_server account being a local
administrator. Saying it's another account that could be compromised,
and they would like to avoid it.
Is this a valid concern?
Are there alternatives to creating this account?
Could we run directly under Administrator?
The "Administrator" account is not sufficient. 'sshd' requires the
ability to switch users, which the "Administrator" account, by default,
doesn't allow. One could supplement "Administrator" to have the
required permissions and then use it, though I don't personally see
that as being more secure.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
_____________________________________________________________________
A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple