Openssh for Windows

Corinna Vinschen vinschen at redhat.com
Tue Jul 29 18:17:16 EST 2008 

On Jul 29 09:12, Harald Dunkel wrote:
> Corinna Vinschen wrote:
> > On Jul 28 16:33, Harald Dunkel wrote:
> >> You might want to consider to use Microsoft's Services For Unix.
> >> A nice OpenSSH implementation (client and server, including
> >> public-key authentications!) is provided by Interopsystems. Some
> > 
> > Cygwin supports pubkey since at least OpenSSH 2.1.0p3, back in 2000.
> > 
> 
> Surely I don't want to goof on Cygwin, but you mean you can
> login via ssh on a remote Windows XP host without being asked
> for a password? Within an LDAP environment, including your
> home directory on a remote network drive?
> 
> Maybe I missed some trick hidden too deep in the documentation,
> but I never made this work with Cygwin's ssh (in 2006). AFAICR
> sshd was not running with the appropriate rights to read the
> user's .ssh directory on a remote share, and there was no "regpwd"
> tool as there is for Interix.

You can use password-less authentication and Cygwin will create
a user token for your user.  This user token has no credentials for
network access because you only get that when using password
authentication.  The result is that you only get your remote home dir
after logging in by using `net use share /user:domain\user password',
thus explicitely authenticating against the sharing server.

The method Interix uses is to store a copy of the user's password in the
registry in a two-way encrypted fashion, which is then used whenever
Interix needs to impersonate a user.  That means, the pubkey
authentication is used in OpenSSH, but the actual authentication against
the OS is using password authentication.  The result is that you get a
user token which includes the network credentials to access your home
dir automatically.

The advantage of the Interix method is that the user token is a password
authenticated token with network credentials.  The downside is that
there's a two-way encrypted copy of your password somewhere in an
undocumented place in the registry, using an undocumented two-way
encryption.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

More information about the openssh-unix-dev mailing list