Public-Key Authentication
The OpenSSH clients--ssh, scp, and sftp--and the key-related programs--ssh-keygen, ssh-agent, and ssh-add (covered in Chapter 6)--use public-key authentication just as they do under Unix. You might need to know where your ~/.ssh folder is to refer to keys. [14.2]
When connecting to the Cygwin SSHD Service (sshd) from the outside world, there are a few things to think about:
Make sure your ~/.ssh/authorized_keys file contains the appropriate public keys. [6.1.1]
Check the
Cygwin SSHD Servicein the Services control panel, and note the NT user account under which it is running. Then make sure that this account:Has read access to your ~/.ssh directory and your ~/.ssh/authorized_keys file.
Has read access to the host keys in the Cygwin /etc directory.
Has write access to the log file /var/log/sshd.log.
Is in the local Administrators group, if you plan to invoke operations by SSH that require administrative privileges. Then authenticate using this account. (For more flexible credentials, consider a PKI solution. [11.5] Cygwin includes a Kerberos package.[166])
Is listed in the Cygwin /etc/passwd file. Use the Cygwin mkpasswd program to generate this file if you need; for example, in the Cygwin shell:
$ mkpasswd -l > /etc/passwd
but make sure you understand what you’re doing so that you don’t wipe out vital accounts! Run man mkpasswd to learn more.
14.4.1 Running an Agent
An agent is a program that keeps private keys in memory and provides authentication services to SSH ...
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
