Cygwin SSHD Password different from Windows Password – Possible?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Cygwin SSHD Password different from Windows Password – Possible?

O. Olson
I have Windows XP set up with just a single account
i.e. an Admin account with no admin password. I have
installed cygwin in this account.
 
            Is it possible that this cygwin sshd
server runs with a password i.e. I want to maintain
the Windows XP without a password, while the cygwin
sshd server should have a password (for anyone trying
to connect to it.)
 
I tried setting the cygwin password, and after that it
seemed that my windows account also required the
password to log in.
I have tried searching this topic online – but I don’t
think I get anything.
 
Thank you for taking your time to respond to this.
Regards,
O.O.


               
___________________________________
Yahoo! Messenger: chiamate gratuite in tutto il mondo
http://it.messenger.yahoo.com


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|

Re: Cygwin SSHD Password different from Windows Password – Possible?

Brett Serkez
I believe sshd will not allow login without both a password and home
directory.  The second requirement means you must start a login shell as
a given user to create their home directory.  This is a way of
controlling which accounts can login remotely.

Cygwin/Windows doesn't directly support su as UNIXies do.  Normally you
wouldn't allow direct remote login as an administrator/root, you'd force
login as an ordinary user and then su.  In this case, you don't have
that option, atleast not easily, perhaps use of a dedicated remote
account with a password would be appropriate, otherwise just use the
password on the administrator account for both.

I'm not sure if this would work with Cygwin's sshd, but I believe you
can disable password login and use public/private keys to authenticate.
If their is no password, I am not sure if sshd will allow login based on
key authentication.

Brett


On Wed, 4 Jan 2006 19:43:14 +0100 (CET), "Ordinary Olson"
<[hidden email]> said:

> I have Windows XP set up with just a single account
> i.e. an Admin account with no admin password. I have
> installed cygwin in this account.
>  
>             Is it possible that this cygwin sshd
> server runs with a password i.e. I want to maintain
> the Windows XP without a password, while the cygwin
> sshd server should have a password (for anyone trying
> to connect to it.)
>  
> I tried setting the cygwin password, and after that it
> seemed that my windows account also required the
> password to log in.
> I have tried searching this topic online – but I don’t
> think I get anything.
>  
> Thank you for taking your time to respond to this.
> Regards,
> O.O.
>
>
>
> ___________________________________
> Yahoo! Messenger: chiamate gratuite in tutto il mondo
> http://it.messenger.yahoo.com
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
----------------------------------------------------------------
Brett C. Serkez, Techie



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|

Re: Cygwin SSHD Password different from Windows Password - Possible?

Larry Hall (Cygwin)
Reformatted top-post:

Brett Serkez wrote:
>
> On Wed, 4 Jan 2006 19:43:14 +0100 (CET), "Ordinary Olson"
> <[hidden email]> said:

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>

>>I have Windows XP set up with just a single account
>>i.e. an Admin account with no admin password. I have
>>installed cygwin in this account.
>>
>>            Is it possible that this cygwin sshd
>>server runs with a password i.e. I want to maintain
>>the Windows XP without a password, while the cygwin
>>sshd server should have a password (for anyone trying
>>to connect to it.)
>>
>>I tried setting the cygwin password, and after that it
>>seemed that my windows account also required the
>>password to log in.
>>I have tried searching this topic online – but I don’t
>>think I get anything.
>>
>>Thank you for taking your time to respond to this.
>>Regards,
>>O.O.
 >

> I believe sshd will not allow login without both a password and home
> directory.  The second requirement means you must start a login shell as
> a given user to create their home directory.  This is a way of
> controlling which accounts can login remotely.
>
> Cygwin/Windows doesn't directly support su as UNIXies do.  Normally you
> wouldn't allow direct remote login as an administrator/root, you'd force
> login as an ordinary user and then su.  In this case, you don't have
> that option, atleast not easily, perhaps use of a dedicated remote
> account with a password would be appropriate, otherwise just use the
> password on the administrator account for both.
>
> I'm not sure if this would work with Cygwin's sshd, but I believe you
> can disable password login and use public/private keys to authenticate.
> If their is no password, I am not sure if sshd will allow login based on
> key authentication.


Cygwin's sshd does not require a password by default.  I run it without
one all the time.  If you want to log in using password authentication
but keep your password empty, you need to change "PermitEmptyPasswords"
to "Yes" in your sshd_config file.  Regardless of this setting or what
your password is, you may use public key authentication.

On NT platforms and up, cygwin's sshd defers to Windows for password
authentication. Given that, one wouldn't be able to have a password for a
user in Cygwin's world but not in Windows or vice versa.


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|

Re: Cygwin SSHD Password different from Windows Password - Possible?

O. Olson
Thanks to Brett and Larry for your replies.
        If I understood Larry correctly – the Cygwin and
Windows passwords are internally linked. Is there
anyway i.e. any setting that I can use to unlink this
i.e. can I have different passwords for Cygwin and
Windows?

        If this is not possible is it possible for me to make
a new user in Cygwin without a new user being created
in Windows – for me creating a new user in Cygwin also
creates new users in Windows.
Thank you for your replies
Regards,
O.O.


--- "Larry Hall (Cygwin)"
<[hidden email]> ha scritto:

>
> On NT platforms and up, cygwin's sshd defers to
> Windows for password
> authentication. Given that, one wouldn't be able to
> have a password for a
> user in Cygwin's world but not in Windows or vice
> versa.
>
>


       

       
               
___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|

Re: Cygwin SSHD Password different from Windows Password - Possible?

Brett Serkez
Cygwin creates a UNIX like password file /etc/passwd that links 'UNIX'
users back to Windows users, sshd uses this file to work back to Windows
security information.  Ultimately it has to be this way, as it is
Windows that is hosting security, so Cygwin needs to be able to map
accordingly.  You can 'cat /etc/passwd' to see the entries.

If you create a new Windows user and never login to Windows with that
id, the user profile will never be created.  Beyond this, I suppose you
could hand edit /etc/password and point the administrator entry to such
an account.  This may be close enough for your purposes, you would be
able to login as administrator locally without a password, need a
password for administrator remotely, but they would be different
accounts as far as Windows was concerned.  This may not be a bad thing
as you could use the two similar but different accounts to customize
security and auditing.

Brett


On Wed, 4 Jan 2006 22:40:58 +0100 (CET), "Ordinary Olson"
<[hidden email]> said:

> Thanks to Brett and Larry for your replies.
> If I understood Larry correctly – the Cygwin and
> Windows passwords are internally linked. Is there
> anyway i.e. any setting that I can use to unlink this
> i.e. can I have different passwords for Cygwin and
> Windows?
>
> If this is not possible is it possible for me to make
> a new user in Cygwin without a new user being created
> in Windows – for me creating a new user in Cygwin also
> creates new users in Windows.
> Thank you for your replies
> Regards,
> O.O.
>
>
> --- "Larry Hall (Cygwin)"
> <[hidden email]> ha scritto:
>
> >
> > On NT platforms and up, cygwin's sshd defers to
> > Windows for password
> > authentication. Given that, one wouldn't be able to
> > have a password for a
> > user in Cygwin's world but not in Windows or vice
> > versa.
> >
> >
>
>
>
>
>
>
> ___________________________________
> Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
> http://mail.yahoo.it
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
----------------------------------------------------------------
Brett C. Serkez, Techie



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/