Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
E.g.
cd /
chown Administrator.root cygdrive
chown Administrator.root cygdrive/d [if cygwin is installed to D:]
chown Administrator.root cygdrive/d/cygwin64
chown Administrator.root cygdrive/d/cygwin64/sandbox
$ mkdir /sandbox/home/ygn001
$ chmod 700 /sandbox/home/ygn001
$ chown ygn001 /sandbox/home/ygn001
$ mkdir /sandbox/home/ygn001/.ssh
$ chown ygn001 /sandbox/home/ygn001/.ssh
18. On client PC run the followings.
19. Copy the id_rsa.pub from client pc to ygnopsftpif501.
scp ~/.ssh/id_rsa.pub ygn001@10.10.10.2:/sandbox/home/ygn001/.ssh
20. cat id_rsa.pub >> authorized.keys
chown ygn001 authorized.keys
chgrp Domain Users authorized.keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Or
You have to use
ssh-copy-id -i /home/ygn001/.ssh/id_rsa.pub 10.10.10.2 <- authorized.keys="" automatically.="" command="" create="" file="" span=""
this="">
cygrunsrv --start sshd (You can start/stop sshd service from Windows services)
#ps -ef | grep sshd
#tail f /var/log/sshd.log
in passwd file
manually edit root user to change the group id (usually 544) to 0
for example as below :
SvcCOPSSH:unused_by_nt/2000/xp:0:545:U-WINDOWS-AU90FH5\SvcCOPSSH,S-1-5-21-2943273595-299576109-709065550-
1031:/var/:/bin/false
Steps to use local Linux admin to configure new FatPC SFTP user who is a domain user:
=====================================================================================
1. Capture the domain user's SID into /etc/passwd (only a domain user can do this step. Use your domain account to login FatPC, then run the
Linux command)
mkpasswd -l -u ygnopr1 -D DOMAIN >> /etc/passwd
2. Edit the /etc/passwd file to make this entry follow the format for local users (refer to the xls sheet for instructions).
3. mkdir /home/ygnopr1
4. mkdir /home/ygnopr1/.ssh
5. cp the shared id_rsa & id_rsa.pub files to /home/ygnopr1/.ssh
6. chgrp "Domain Users" /home/ygnopr1/.ssh ************NOTE
7. chgrp "Domain Users" /home/ygnopr1
8. Give ownership for /home/ and /home//.ssh to the domain user. This can't be done at the Linux command line by the local admin, but can be
done using your AD account.
So use Windows explorer to give ownership. You will need to enter your domain credentials when prompted.
************NOTE
If there is an error about group "Domain Users" not existing, then it means "Domain Users" doesn't exist inside /etc/group.
You should login Windows using your domain account, run Linux Terminal & then the command mkgroup -c >> /etc/group. After that,
logout & login as Local Windows Admin & continue the config using Linux Terminal.
1. Login with ygnopr1 domain account, it will create the home folder under /home/ygnopr1
2. mkdir /home/ygnopr1/.ssh
3. logoff and login with zawhtet domain account
4. copy /home/zawhtet/.ssh/id_rsa and id_rsa.pub to /home/ygnopr1/.ssh
5. change permission for .ssh folder (chown R ygnopr1 .ssh) (chgrp -R Domain Users .ssh)
6. Login with zawhtet domain user and check the /etc/passwd file
7. If theres no record for ygnopr1 user you need to run this command
8. mkpasswd -l -u ygnopr1 -D DOMAIN >> /etc/passwd
9. the test login to sftp ygn001@10.10.10.2
On Client Side id_rsa private key should be 600.