On Sat, Feb 13, 2016 at 4:15 PM, David Willis wrote: <snip> > So you're telling me any user that logs in using key authentication cannot > access the network as the same user (i.e. this is the intended behavior)? If > that's the case wouldn't it be better not to allow network access at ALL, > rather than allowing it as the service account that sshd is running as?
Responding to only this one piece at present from https://cygwin.com/cygwin-ug-net/passwd.html {{ -R, --reg-store-pwd enter password to store it in the registry for later usage by services to be able to switch to this user context with network credentials. }} {{ Don't use this feature if you don't need network access within a remote session. You can delete your stored password by using `passwd -R' and specifying an empty password. }} Since there are explicit instructions on how to store your Windows password in a way that Cygwin sshd (and other Cygwin services) can use the password for network authentication and that it says not to store the credentials if you do not need network access when authenticating via public key, I would make the logical assumptions that #1: authenticated network access is supposed to be possible inside a public key authenticated ssh session #2: without storing the password as described, I should have no network access at all, not the cyg_server account's network access (regardless of how much or little access the cyg_server account has). <snip> -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
