I have successfully set up ssh and sshd under cygwin to allow myself to login from A to B and B to A (both A and B are Vista machines).
To do this, I have had to set StrictModes no
in my /etc/sshd_config.
If I set StrictModes
to yes
, key-based login is bypassed, and ssh(d) prompts for a password (which then works). In the event log, I get this message:
sshd: PID 3684: Authentication
refused: bad ownership or modes for
file /home/brent/.ssh/authorized_keys
I have two sub-questions:
- Is there any point in using
StrictModes yes
under cygwin/Vista? (I imagine that under a true Unix this will provide additional security.) -
Assuming yes, precisely what ownership and mode should I be using? The current listing for the authorized_keys is:
-rwxrwxrwx 1 Administrators None 847 Sep 5 14:38 .ssh/authorized_keys
After a little more research:
It looks like /home/brent/, /home/brent/.ssh/, and /home/brent/.ssh/authorized_keys all need to meet the following criteria:
- Not group- or world-writable (minimum chmod 755)
- Owner: brent (in this case) — I don't know whether this means "this user" or "any user with certain status or privileges" or "the user who installed cygwin" or "the user who ran
sshd-host-config
".
So it works, but I'd still appreciate precise comments on why, and on whether it's correct.
Best Answer
In my experience on normal unix systems, your authorized_keys file needs to be octal permissions 600 so that only the user who created it (and root) could be able to read it to prevent other users from seeing the file. I assume it's the same in cygwin. Strict mode is just telling you to change the permissions as you found out.
So from previous experience, I'd say you were correct. As for owner, it should be the person who owns the files, probably meaning 'this user' in your context.