-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Group Policy Management Console is a good start: http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
You may wish to create a separate group for local/ssh logins as likely every user does not need this (as I see it, this is a security issue). Of course, (to bring this back on topic), you can always use a *Nix box, and mount the windows share via cifs (provided by samba). You can have a completely separate set of users for remote ssh/sftp. I would also use rssh or scponly to provide the file transfer capabilities without allowing a local shell. I am not sure if cygwin provides these packages (to enable, you set the users shell to rssh or scponly, both are packaged in the default K/Ubuntu and Debian distros, likely other distros as well. This does increase management overhead a little, but you do gain a degree or two of security. I don't know how you code people can sit and code all day. If I am sitting for more than an hour I get twitchy :) Local users Evan Brown wrote: > It's the domain controller. I added a user that isn't a member of the > domain and I have allowed that user to login locally in the Domain > Controller Security Policy. That user can now login through ssh, so then > I made a new group and added all the existing domain users to it and > added that group to be able to login as well but no dice. I think that > there is a security setting somewhere that is foiling me, this is really > a pain in the ass to track all these user groups and permissions and > whatnot I don't know how you admins do this all day, I'll sit quietly > and write code all day and be happy as a clam. > :) > > Evan > > Gustin Johnson wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What do the logs say (aka Event Viewer)? >> >> Double check the user permissions, also, is this machine a part of a >> domain? If so group policy is where to go >> >> Evan Brown wrote: >> >>> Alright, I've been trying to set up Copssh on and off for the last few >>> days on Windows 2003 server. I can register users no problem but when I >>> used putty to try to login it tells me Access Denied. If I set it up on >>> a non windows 2k3 machine it works fine. I know think it has something >>> to do with user permissions, and the only thing that it says to do in >>> the FAQ is allow whichever users you want to login to be able to log on >>> locally, which I think they can according to group permissions. I guess >>> I'm not really asking a question just venting frustration!! GAH! >>> >>> Evan >>> >>> Evan Brown wrote: >>> >>>> So I looked around and got Copssh that has a nice windows installer that >>>> sets everything else up for you, it uses openssh and auto configures >>>> some stuff. Then all you have to do is enable some users and it works, >>>> super easy. Plus the footprint is really small so I think this will work. >>>> >>>> http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=12&MMN_position=22:22 >>>> >>>> for anyone that wants to check it out. >>>> >>>> Evan >>>> >>>> Martin Glazer wrote: >>>> >>>> >>>>> I've recently set this up for one of my clients and it works well. >>>>> >>>>> I followed these instructions on setting up SSH on a Windows 2003 Small >>>>> Busines Server >>>>> http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html >>>>> This installs Cygwin and OpenSSH >>>>> >>>>> There is also another How-To using a minimal Cygwin/openssh install >>>>> http://www.cs.bham.ac.uk/~smp/projects/ssh-windows/ >>>>> but I couldn't get this working correctly - i suspect it was a >>>>> permissions >>>>> problem which I didn't have the time to troubleshoot. The package is also >>>>> from 2004, so I doubt it took into account the new 'features' in Windows >>>>> 2003 >>>>> R2. >>>>> >>>>> Here is another How-To but for XP users. >>>>> http://pigtail.net/LRP/printsrv/cygwin-sshd.html >>>>> >>>>> HTH >>>>> >>>>> Martin >>>>> >>>>> On Monday 02 October 2006 12:51, Evan Brown wrote: >>>>> >>>>> >>>>> >>>>>> Howdy >>>>>> >>>>>> We have a client in Houston that needs to be able to download stuff from >>>>>> us here in Calgary and my boss wants a secure method to do this, we >>>>>> have setup an ftp server in the past but he's not too keen on that >>>>>> anymore. We are running a smoothwall firewall and I was planning to just >>>>>> port forward whatever to our server, I am kinda familiar with ssh and >>>>>> scp so I was thinking about something along those lines, I don't have an >>>>>> extra box to put it on I don't think, so I was looking at using Cygwin >>>>>> with the a ssh server. I've been Googleing and it seems doable using >>>>>> OpenSSH. Does anyone have experience doing this or that can offer me >>>>>> advice/alternate methods. >>>>>> >>>>>> Evan > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFI+3OwRXgH3rKGfMRAuOWAJ0dGJtUXyh8AkSBEu63XM33z377ugCgm+xf wIBmzJ9T5tF15DKeM2O9+cE= =Y3w/ -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
