I've got a new server for Cygwin @work and wanted to get the sshd to run with StrictMode on (it's been off on the old server). Long story short, some accounts used for administrative tasks are contrained so that I need to store the authorized_keys file directly on the server, so I added /etc/ssh/%u/authorized_keys in front of the default .ssh/authorized_keys. Unfortunately that only works if the same administrative account has been used to install Cygwin itself, lest sshd declares the directory /etc/ssh unsafe (or use StrictMode=no). I found this patch that seems to address exactly the same situation:
https://github.com/pierresouchay/cygwin_patches/blob/master/openssh.patch The code has since been refactored and a similar change would need to be applied elsewhere. Interestingly enough there is some special handling to _not_ check all the leading path components for the home directory (otherwise it wouldn't work at all). In my reading of the refactored code it seems that the same effect could be achieved by defining PLATFORM_SYS_DIR_UID appropriately (although I would prefer if that was configurable somewhere in a file). But it seems that for Cygwin that symbol doesn't get defined at all? Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables