Openssh for Windows

Corinna Vinschen vinschen at redhat.com
Tue Jul 29 20:08:06 EST 2008


On Jul 29 11:02, Harald Dunkel wrote:
> Corinna Vinschen wrote:
> > 
> > You can use password-less authentication and Cygwin will create
> > a user token for your user.  This user token has no credentials for
> > network access because you only get that when using password
> > authentication.  The result is that you only get your remote home dir
> > after logging in by using `net use share /user:domain\user password',
> > thus explicitely authenticating against the sharing server.
> > 
> 
> If I got you correctly then this means that Cygwin's sshd doesn't
> have permission to access my .ssh for authentication, if it is on
> a remote disk. Doesn't this mean that pubkey simply doesn't work
> in this case?

Basically yes.  The usual workaround is to define a local home dir
which contains the .ssh dir and to attach to the network drive after
authentication.

However, if sshd is running from a domain account which has access
to the network drives, and if /etc/passwd has the homedirs mentioned
as UNC paths, you can get this working transparently.  It just requires
a bit of administration.  The user still has no network credentials, of
course, so the explicit `net use' is still required.

Btw., in the next major Cygwin release you can use NFS shares instead of
SMB shares for your home dir (together with Microsoft's NFS client).  As
long as you use UNC paths, rather than drive letters, you can access
them just fine from your user account without having to call `net use'.
Provided you installed the name mapping service correctly.

> > The advantage of the Interix method is that the user token is a password
> > authenticated token with network credentials.  The downside is that
> > there's a two-way encrypted copy of your password somewhere in an
> > undocumented place in the registry, using an undocumented two-way
> > encryption.
> 
> I am surely not an advocate for Windows, but the Unix procedure is
> pretty rude, too: sshd is running with root permission. Since the
> NFS partition containing my $HOME might be mounted without giving
> root the right to read all files it likes (no_root_squash), sshd has
> to break into my account (via seteuid(1), I would guess) to read my
> .ssh directory.
> 
> In other words, sshd on Unix doesn't need an encrypted copy of my
> password to generate some network credentials (as Interix' sshd
> does). It bypasses all security means by brute force.

As Interix does.  And IMHO even worse.  Interix has access to your
cleartext(!) password.  You entered it when calling regpwd, then it gets
encrypted, but Interix knows the key to fetch it back in cleartext
whenever it needs it to create a user token on your behalf.

Actually, if we wanted to, we could easily do the same.  But I'm still
feeling rather uncomfortable with the idea to have two-way encrypted
password stored somewhere in the system.

> I can live with both. But I have to say that Cygwin's sshd doesn't
> match my needs.

That's ok.  That doesn't mean that Cygwin isn't useful for other people :)


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list