bradleywas@gmail.com wrote:
> IssacNewton is the new RSA trusted user. he'll (Issac) be coming
> (making an ssh connection) from linuxcomputer05; logging in to
> win2xcomputer01 without a password.
>
> ssh -x root@linuxcomputer05
> useradd -m IssacNewton
> passwd IssacNewton
> su - IssacNewton
> ssh-keygen -t rsa
> cat .ssh/id_rsa.pub # to include the key in echo command below
> exit
>
> ssh -x administrator@win2xcomputer01
> cd \documents and settings
> net user IssacNewton grav1tyPassw0rd /add /homedir:"C:\documents and
> settings\IssacNewton" /fullname:"Sir Isaac Newton, PRS" /expires:NEVER
> net localgroup Administrators IssacNewton /add
> cd \program files\openssh\etc
> mkpasswd -l > passwd
> mkgroup -l > group
> exit
>
> ssh -x IssacNewton@win2xcomputer01
> cd \documents and settings
> mkdir IssacNewton
> cd IssacNewton
> mkdir .ssh
> cd .ssh
> echo ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwzZZIEA5ZLuNXTKMQmHV7FXGrtwZ6 u9dyOAHoj7qRV2mnmOtoigswFDgt+jIfGUtMdgIQ2fxAj1ByoJ bxWzZM4+ECe53LgZ0vasz7sCuyb/stuJ3hM9pCfnQq0JR9U38HKJ5lxidKnMFZCmJPu9Ss+5YabRSU R+ziaFwLni2/YDqDuwkX3fY0k=
> IssacNewton@linuxcomputer05 > authorized_keys2
> cacls . /T /E /R "BUILTIN\Power Users" "BUILTIN\Users" "Everyone"
> attrib +R . /S /D
> cd ..\..
> xcopy /E /O "Default User\*" IssacNewton
> cacls IssacNewton /T /E /G IssacNewton:F
> attrib +R IssacNewton
> exit
>


Hi bradley !

I was hardly marking test to use public mecanism logon from linux box to
W2K3 box via SSH.

I will try this and I will come back to you if something fails =)

Actually, what I was testing doesn t work ! neither the public key auth
nor the password auth work ! I surely make something wrong in user
creation on W2K3 box.

BTW, I'm using openSSH 3.8.1p1

Raphael.

> Hi bradley !
>
> I was hardly marking test to use public mecanism logon from linux box to
> W2K3 box via SSH.
>

me too. from win/* -> Linux works great but not the converse

I'm running Gygwin and the SSHD component is difficult to configure
(ie getting into SYSTEM mode to setup the host Keys)


--
---
Jeff B (remove the No-Spam to reply)

Jeff B wrote:
> > Hi bradley !
>>
>> I was hardly marking test to use public mecanism logon from linux box to
>> W2K3 box via SSH.
>>

> me too. from win/* -> Linux works great but not the converse

I have my XP laptop setup for logins which work just fine from unix
openssh clients.

> I'm running Gygwin and the SSHD component is difficult to configure
> (ie getting into SYSTEM mode to setup the host Keys)

I'm not sure what you mean here. Does 'ssh-host-config' not do
everything for you when run from an administrator's account? I don't
know how to get into SYSTEM mode.

Are you trying to set it up as a service or just run it from an account?

Did you disable privilege separation when prompted? I didn't want to
create another account, so that's the easy way to configure.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

>>>>> "JB" == Jeff B writes:

>> Hi bradley ! I was hardly marking test to use public mecanism
>> logon from linux box to W2K3 box via SSH.
>>

JB> me too. from win/* -> Linux works great but not the converse

JB> I'm running Gygwin and the SSHD component is difficult to
JB> configure (ie getting into SYSTEM mode to setup the host Keys)

Note that both ssh.com and VShell (VanDyke) support Kerberos/GSSAPI
authentication in their Windows server products, integrated with the
Windows ccache. It works seamlessly from Linux/OpenSSH to Windows.

--
Richard Silverman
res@qoxp.net

Darren Dunham wrote:
> Jeff B wrote:
>
>>
>>I'm running Gygwin and the SSHD component is difficult to configure
>>(ie getting into SYSTEM mode to setup the host Keys)
>
>
> I'm not sure what you mean here. Does 'ssh-host-config' not do
> everything for you when run from an administrator's account? I don't
> know how to get into SYSTEM mode.

that's the issue. s-h-c runs fine, but there's no key files generated
and doing keygen under admin account doesn't work; files are in the
wrong location

> Are you trying to set it up as a service or just run it from an account?

either would do

> Did you disable privilege separation when prompted? I didn't want to
> create another account, so that's the easy way to configure.
>

yes


--
---
Jeff B (remove the No-Spam to reply)

$ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
debug1: sshd version OpenSSH_4.1p1
Could not load host key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

ls -l /etc/ssh*
-rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
-rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key
-rw-r--r-- 1 SYSTEM None 602 Dec 6 11:53 /etc/ssh_host_dsa_key.pub
-rw------- 1 SYSTEM None 736 Dec 6 11:45 /etc/ssh_host_key
-rw-r--r-- 1 SYSTEM None 602 Dec 6 11:45 /etc/ssh_host_key.pub
-rw------- 1 SYSTEM None 951 Dec 6 11:54 /etc/ssh_host_rsa_key
-rw-r--r-- 1 SYSTEM None 222 Dec 6 11:54 /etc/ssh_host_rsa_key.pub
-rw-r--r-- 1 SYSTEM None 229 Dec 6 11:38 /etc/ssh_known_hosts
-rw-r--r-- 1 SYSTEM None 2821 Jan 6 14:42 /etc/sshd_config

goofus! ssh_host_rsa_key.pub from my linux is actually
present in ssh_known_hosts

Jeff B wrote:
> $ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
> debug1: sshd version OpenSSH_4.1p1
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.

> ls -l /etc/ssh*
> -rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
> -rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key

Hmm, I can't go back in time, but I think my keys weren't owned by
SYSTEM until I set it up to run as a service. Once that happened, I
can't run by hand any longer. So your messages are expected if you've
done that.

I would expect you could either

1) Chown the keys to you (since you're running sshd) or
2) Start the sshd service

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.

I chowned my RSA key to me and was able to start it up in the shell.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

Darren Dunham wrote:
> Jeff B wrote:
>
>>$ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
>>debug1: sshd version OpenSSH_4.1p1
>>Could not load host key: /etc/ssh_host_key
>>Could not load host key: /etc/ssh_host_rsa_key
>>Could not load host key: /etc/ssh_host_dsa_key
>>Disabling protocol version 1. Could not load host key
>>Disabling protocol version 2. Could not load host key
>>sshd: no hostkeys available -- exiting.
>
>
>>ls -l /etc/ssh*
>>-rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
>>-rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key
>
>
> Hmm, I can't go back in time, but I think my keys weren't owned by
> SYSTEM until I set it up to run as a service. Once that happened, I
> can't run by hand any longer. So your messages are expected if you've
> done that.
>
> I would expect you could either
>
> 1) Chown the keys to you (since you're running sshd) or
> 2) Start the sshd service
>
> $ net start sshd
> The CYGWIN sshd service is starting.
> The CYGWIN sshd service was started successfully.
>
> I chowned my RSA key to me and was able to start it up in the shell.
>

What you see is the results of failing when owned by me & then
attempting to get SYSTEM to allow sshd. Both ways, I get:
>>Could not load host key: /etc/ssh_host_key
>>Could not load host key: /etc/ssh_host_rsa_key
>>Could not load host key: /etc/ssh_host_dsa_key
>>Disabling protocol version 1. Could not load host key
>>Disabling protocol version 2. Could not load host key
>>sshd: no hostkeys available -- exiting.



--
---
Jeff B (remove the No-Spam to reply)

Jeff B wrote:

> What you see is the results of failing when owned by me & then
> attempting to get SYSTEM to allow sshd.

I don't know what you mean by "get SYSTEM to allow sshd".

Can you chown the key files to you?
Can you read the key files?

Once done, can you run sshd by hand and not get those errors?

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >