Hi,
I installed cwrysnc server with openssh. I am able to login with key-based auth by copying the private key (cwrsync) to my linux box and issuing the following:
ssh -i cwrsync SvcwRsync@windows2003server
However, instead, I would like to use my already existing public key from my linux box as an authorized_keys file on the windows2003server.
I did this by sftp from windows2003 to linux and getting the file. Then cat linux.pubkey >> authorized_keys
and restarting sshd service. However, this doesn't work.
I also add the linux public key to authorized_keys2 (what is this file?) and again, that doesn't work.
I have added my linux public key to other linux boxes and it works fine. Am I doing something wrong? Or is this not possible?
Thanks,
John
It shouldn't be a problem actually. I did a simple test with successful results:
If I login using a domain account and a password into the rsync server ( using the ssh server ) I can list the contents of the network drives. I then setup authkeys and login using the same user and permission is denied.
Is there something else I need to do?
I've had difficulties getting this null password SSH to work as well. The web site is not much help. For example, it was unclear to me whether or not I need to install COPSSH in addition to the OpenSSN that is included with cwRsyncServer. Also, there are indications here and there that one has to "Activate a User", which is presumably done from the START menu, but I have no such option anywhere. I managed to locate an .ssh directory in which to place my authorized_keys/authorized_keys2 files at C:\Program Files\cwRsyncServer\var\SvcwRsync\.ssh but placing them there seems to have no effect.
I've had difficulties getting this null password SSH to work as well. The web site is not much help. For example, it was unclear to me whether or not I need to install COPSSH in addition to the OpenSSN that is included with cwRsyncServer. Also, there are indications here and there that one has to "Activate a User", which is presumably done from the START menu, but I have no such option anywhere. I managed to locate an .ssh directory in which to place my authorized_keys/authorized_keys2 files at C:\Program Files\cwRsyncServer\var\SvcwRsync\.ssh but placing them there seems to have no effect.
You don't need copSSH if you have installed cwRsyncServer with openssh component. For passwordless communication, copy the private key from cwRsyncServer (available from start menu) to your machine and initiate communication as described in a FAQ that suits your environment. If you want to use your own public key instead, you can add it to authorized_keys for the user SvcwRsync at server side. No user activation is needed. copSSH is a general purpose ssh server. That's the reason why it has user activation/deactivation available from start menu. cwRsyncServer has a user (SvcwRsync) already activated for convenience. However, it has also user (de)activation scripts included for advanced use.
If I login using a domain account and a password into the rsync server ( using the ssh server ) I can list the contents of the network drives. I then setup authkeys and login using the same user and permission is denied.
Is there something else I need to do?
Why don't you use the service account and its keys to establish passwordless communication? You can also add your own public key to user SvcwRsync's authorized keys if you want to.
As the first email in the thread indicated, I don't want to propagate multiple keys from each client being backed up to the Linux box. I want to (and should) be able to utilize keys generated on the Linux box, that is use the same set of keys for all boxes.
The only way I was able to do this was to install copSSH. So, to all trying this, don't install the OpenSSH that's packaged with the server. Instead, try copSSH.
As the first email in the thread indicated, I don't want to propagate multiple keys from each client being backed up to the Linux box. I want to (and should) be able to utilize keys generated on the Linux box, that is use the same set of keys for all boxes.
The only way I was able to do this was to install copSSH. So, to all trying this, don't install the OpenSSH that's packaged with the server. Instead, try copSSH.
This is not correct. copSSH may work for your specific configuration. However, permissions and settings which are required for the full rsync daemon functionality will not be set up correctly. In addition, future versions of cwRsync server will include support for other tunnelling mechanisms like stunnel. As I tried to explain before, you are free to add your own public key to authorized_keys at server side and use your private key at client side. It should work (see my previous posting in this thread). I've written a FAQ to clarify this issue. Hope it helps.
To make sure I tried everything, please clarify using the service account along with the OpenSSH packaged with cwRsyncServer. I tried copying the public key generated on my Linux box into the authorized_keys file on my Windows machine, say WIN_SOURCE. I tried many locations for this file. Can you specify *where* it is supposed to go, i.e., what folder on WIN_SOURCE? Also, could you specify the exact SSH command from my Linux box to the WIN_SOURCE, e.g.,
ssh -l cwrsync WIN_SOURCE
or
ssh -l SvcwRsync WIN_SOURCE
Thanks,
Ken
I've written a new FAQ about this issue. Hope it helps.
Tev,
I read the FAQ and followed it exactly. In fact, I've tried this now several times. It does not work. I'm still prompted for a password. I'm not new to this business either. I've setup this passwordless SSH between Linux boxes and PCs now for several years. Something is not right here. Could this have anything to do with the fact that I'm using DSS keys? Of course, I tried both authorized_keys and authorized_keys2 files. Also, I didn't cat onto these files, but rather replaced them.
Ken
If you replace the file, the new file gets a different set of permissions and ownership. That might be the problem. I recommend to run setperms.cmd again. The recipe I described in the FAQ works without problems in my test environment with Linux RH 7.1, 9.0, FC3 and Windows NT/2003.