Re: Slightly OT - connecting from Fedora to Windows 7 sftp/ssh using public keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 24, 2016 at 6:15 AM, Gary Stainburn <gary.stainburn@xxxxxxxxxxxxxx> wrote:
On Wednesday 23 March 2016 18:35:22 George N. White III wrote:
> Cygwin has become pretty robust, but there are some fundamental problems
> with file permissions/attributes.   There is a technical document that goes
> into
> the gory details, but the basic rule of thumb is that you are safe if you
> do all
> the work in Cygwin, but problems can arise if your workflow requires mixing
> cygwin and Windows apps.  Enterprise level environments do tricks with
> Windows attributes/permissons that cause grief.  In my case, I often got
> "access denied" after a file had been touched by Windows apps, and the
> Cygwin (POSIX} permissions required by shh for my ~/.ssh directory were
> being translated to Windows permissions that then gave "access denied"
> in Cygwin's interpretation (e.g., back to POSIX) of the Windows
> permissions.

That's thr sort of experience I've had with cygwin in the past. Having said
that, I haven't tried it in a *long* time.


Read https://cygwin.com/cygwin-ug-net/ntsec.html.  The section of file
permissons (https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files)
warns you to never "canonicalize" the ACEs.  I suspect canonicalization
is being enforced thru corporate policies in some large organizations.

I think the issues are well understood by the Cygwin developers (thanks
to more open availability of technical details for Windows), so when things
go bad you can understand why and realize that some things just won't
work.  Because different organizations use different policies, it is difficult
to know whether Cygwin sshd will work for you.


I am still looking for a solution to provide me with a working sftp server
which is really the only bit I need from SSH (*) but for now I'm making do
with sharing the folder from the Win7 box and mounting it using a fstab entry
on the server.

(*) it would be nice to have ssh access to the server so that I could
integrate/automate other tasks using Perl and Net::SSH
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



--
George N. White III <aa056@xxxxxxxxxxxxxx>
Head of St. Margarets Bay, Nova Scotia
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux