This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.7 sshd - Alternative for cyg_server account?


On 5/17/2010 12:21 PM, Greg Fury wrote:
Excuse me for my lack of Windows security knowledge.

I'm getting some pushback from our Windows admins while trying to
implement sshd (1.7) on Windows server 2003.

They are concerned about the cyg_server account being a local
administrator.  Saying it's another account that could be compromised,
and they would like to avoid it.

Is this a valid concern?
Are there alternatives to creating this account?
Could we run directly under Administrator?

The "Administrator" account is not sufficient. 'sshd' requires the ability to switch users, which the "Administrator" account, by default, doesn't allow. One could supplement "Administrator" to have the required permissions and then use it, though I don't personally see that as being more secure.

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email?

-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]