Harald Dunkel
2007-Jul-13 07:17 UTC
Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?
Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no such restriction if I create local accounts on every Cygwin PC, using local disks for $HOME/.ssh. Highly inefficient and troublesome, I have to rsync my data again and again, but it works. Would it be possible to extend auth2-pubkey.c to look in /cde/ssh/$LOGNAME/authorized_keys for the public key, in addtition to the user's .ssh directory? Of course the usual access restrictions should be checked. And it should be made a configure option for the ssh server. I don't want to change the default behavior. This would be a rough patch, just to give you an idea: --- auth2-pubkey.c~ 2006-08-05 04:39:39.000000000 +0200 +++ auth2-pubkey.c 2007-07-13 09:07:40.000000000 +0200 @@ -282,6 +282,17 @@ file = authorized_keys_file2(pw); success = user_key_allowed2(pw, key, file); xfree(file); + if (success) + return success; + +#if SUPPORT_LOCAL_AUTHORIZED_KEYS + /* look in system ssh directory for authorized keys */ + file = xmalloc(4096); + snprintf(file, 4096, "/etc/ssh/allowed_users/%s/authorized_keys", pw->pw_name); + success = user_key_allowed2(pw, key, file); + xfree(file); +#endif + return success; } Please keep me on CC:, since I am not subscibed to this list. Regards Harri -- CoWare, Inc. | Barbarus hic ergo sum, quia non Harald Dunkel | intellegor ulli. Gr?ner Weg 1 | 52070 Aachen, Germany | Ovid (+49) 241 943 788 107 |
Darren Tucker
2007-Jul-13 12:10 UTC
Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?
Harald Dunkel wrote:> Hi folks, > > If I try to login on a Cygwin host via ssh, then my > .ssh on a network drive is unaccessible until I login. > I have to enter my password, even if my authorized_keys > would allow me to login without. This is fatal, since it > forces me to use an interactive session for working on a > Windows host. Unusable for automatic builds and tests > managed from a central machine, for example. > > There is no such restriction if I create local > accounts on every Cygwin PC, using local disks for > $HOME/.ssh. Highly inefficient and troublesome, I have > to rsync my data again and again, but it works. > > Would it be possible to extend auth2-pubkey.c to > look in /cde/ssh/$LOGNAME/authorized_keys for the > public key, in addtition to the user's .ssh directory? > Of course the usual access restrictions should be > checked. And it should be made a configure option > for the ssh server. I don't want to change the default > behavior.Any reason you don't use the existing AuthorizedKeysFile knob in sshd_config? eg "AuthorizedKeysFile /etc/ssh/keys/%u" -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Possibly Parallel Threads
- functions : server_input_channel_req userauth_pubkey
- [PATCH] Add multiple AuthorizedKeyFiles options
- Patch to allow glob patterns as authorized keys file names
- rsync huge tar files
- [Bug 1388] New: Parts of auth2-pubkey. c are completely devoid of debug logging