Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- professor chen
February 27, 2006, 12:10 pm
rate this thread
on to their workstations. What I don't want however is for the users to
log on with their SBS domain credentials.
I want them to log on with totally unprivileged accounts, which are
either cygwin only accounts that are not present in the Windows
accounts, or Windows accounts that are not part of the domain and have
only the minimum privileges required for them to log on to ssh and
forward their connections to their desktops.
I don't even want them to have the rights to amend their ssh keys by
running ssh_keygen after the logon to ssh or even see them, unless I
How do I go about this?
- Richard E. Silverman
February 27, 2006, 8:52 pm
Re: How to setup accounts with SSH connection rights only
PC> I want to setup cygwin sshd on an SBS2003 server, to allow users
PC> to log on to their workstations. What I don't want however is for
PC> the users to log on with their SBS domain credentials.
If you allow publickey only, this will happen, since the server needs the
password (or Kerberos/NTLM via GSSAPI) to obtain domain credentials.
PC> I don't even want them to have the rights to amend their ssh keys
PC> by running ssh_keygen after the logon to ssh or even see them,
PC> unless I permit it.
The "or even see them" part doesn't make sense, since in order to log in
with publickey they must have the private keys, from which one can always
derive the public components.
- » How to allow connection via public key authentication only
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum