X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org X-Authority-Analysis: v=1.0 c=1 a=l-ybVGMfYOEA:10 a=zeAeT-1tAAAA:8 a=w_pzkKWiAAAA:8 a=74zvnWgDAAAA:8 a=CETNlwIS9Y82ViAKOHIA:9 a=WaabjIrxfjufLXkdDNUA:7 a=r4z6bq0B1XDydeUDGgDFRxEcjHsA:4 a=66msUWWtX2wA:10 a=rLtpFUfr5jMA:10 a=uQUDH0dggCoA:10 a=MxZ3bB5I4kYA:10 Message-ID: <008301c86507$140ecd70$0302a8c0@r00jao4> From: "Terry Orechia" To: References: <004e01c864fd$1172f870$0302a8c0 AT r00jao4> <47A365E5 DOT 8020702 AT cygwin DOT com> Subject: Re: OPENSSH passwordless login getting "system error 59" on "net use" cmd with samba Date: Fri, 1 Feb 2008 14:17:24 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=response Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com > You should still be able to login as yourself and gain access to > your network shares. I am able to login as myself without passwordless login and get access to my network shares. However, I am not able to login as myself using PASSWORDLESS login via public keys and have access to the network shares. I need to execute ssh login in a batch script so I need passwordless login to work and I need to have access to the network shares when I login. Is there some other way to get access to network shares via passwordless login without changing the user who runs the sshd service and opening the security hole? Thanks for your input, Terry ----- Original Message ----- From: "Larry Hall (Cygwin)" To: Sent: Friday, February 01, 2008 1:33 PM Subject: Re: OPENSSH passwordless login getting "system error 59" on "net use" cmd with samba > Terry Orechia wrote: >> Hi, >> >> I was able to resolve this issue by switching the user who runs the sshd >> service. If anyone else is having this problem you can find detailed >> documentation on how to do get around this issue this at >> http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html. >> > > Some words of caution here: > > The procedure outlined with the domain user as the user the service will > run as gives the domain user advanced privileges which encompass those > of SYSTEM (on security hole than just using SYSTEM (on as the service user. > > If you don't need the ability to let others login via 'ssh' to the system > in question, you are better off to not alter your user's permissions at > all. You should still be able to login as yourself and gain access to > your network shares. By doing this, you won't be opening up the security > hole but others trying to log in will run in your user context in your > case. > See for more > details. > > -- > Larry Hall http://www.rfk.com > RFK Partners, Inc. (508) 893-9779 - RFK Office > 216 Dalton Rd. (508) 893-9889 - FAX > Holliston, MA 01746 > > _____________________________________________________________________ > > A: Yes. > > Q: Are you sure? > >> A: Because it reverses the logical flow of conversation. > >>> Q: Why is top posting annoying in email? > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/