Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?

Fri Jul 13 17:17:47 EST 2007

Hi folks,

If I try to login on a Cygwin host via ssh, then my
.ssh on a network drive is unaccessible until I login.
I have to enter my password, even if my authorized_keys
would allow me to login without. This is fatal, since it
forces me to use an interactive session for working on a
Windows host. Unusable for automatic builds and tests
managed from a central machine, for example.

There is no such restriction if I create local
accounts on every Cygwin PC, using local disks for
$HOME/.ssh. Highly inefficient and troublesome, I have
to rsync my data again and again, but it works.

Would it be possible to extend auth2-pubkey.c to
look in /cde/ssh/$LOGNAME/authorized_keys for the
public key, in addtition to the user's .ssh directory?
Of course the usual access restrictions should be
checked. And it should be made a configure option
for the ssh server. I don't want to change the default
behavior.

This would be a rough patch, just to give you an
idea:

--- auth2-pubkey.c~	2006-08-05 04:39:39.000000000 +0200
+++ auth2-pubkey.c	2007-07-13 09:07:40.000000000 +0200
@@ -282,6 +282,17 @@
  	file = authorized_keys_file2(pw);
  	success = user_key_allowed2(pw, key, file);
  	xfree(file);
+	if (success)
+		return success;
+
+#if SUPPORT_LOCAL_AUTHORIZED_KEYS
+	/* look in system ssh directory for authorized keys */
+	file = xmalloc(4096);
+	snprintf(file, 4096, "/etc/ssh/allowed_users/%s/authorized_keys", pw->pw_name);
+	success = user_key_allowed2(pw, key, file);
+	xfree(file);
+#endif
+
  	return success;
  }


Please keep me on CC:, since I am not subscibed to this
list.

Regards

Harri
-- 
CoWare, Inc.           |  Barbarus hic ergo sum, quia non
Harald Dunkel          |  intellegor ulli.
Grüner Weg 1           |
52070 Aachen, Germany  |                             Ovid
(+49) 241 943 788 107  |
