Re[2]: Need information on creating service user to connect from the Agent server to Windows hosts for installing agents on remote

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: "Subramanya Narayanswamy" <subramanya.narayanswamy@oracle.com>
To: "Stephen Carrier" <carrier@berkeley.edu>
Cc: cygwin@cygwin.com
Subject: Re[2]: Need information on creating service user to connect from the Agent server to Windows hosts for installing agents on remote
Date: Wed, 19 Aug 2020 19:35:49 +0300	[thread overview]
Message-ID: <1597854949.449657402@f39.my.com> (raw)
In-Reply-To: <20200819163242.GA7219@iguana.crashland.org>


Hi Stephan,
Thanks for the information. Issue is fixed and it was IBM ssh service which was blocking way for cygwin to bind address 0.0.0.0/22 on my windows machine. I disabled that service and cygwin worked smoothly.
--
Thanks,
Subbu Wednesday, 19 August 2020, 10:03PM +05:30 from Stephen Carrier  carrier@berkeley.edu :

>On Sun, Aug 16, 2020 at 11:36:10AM +0200, Marco Atzeri via Cygwin wrote:
> On 16.08.2020 10:17, Subramanya Narayanaswamy via Cygwin wrote:
>> Hi Team,
>>
>> I'm facing below issue while trying to start CYGSSHD server. I'm running the below command as an Administrator but not sure why cygsshd is not starting. Any help?
>> --------------------------------------------------------------
>> $ net start cygsshd
>> The CYGWIN cygsshd service is starting.
>> The CYGWIN cygsshd service could not be started.
>>
>> The service did not report an error.
>>
>> More help is available by typing NET HELPMSG 3534.
>>
>> Subramanya
>>
>
> I saw the same problem.
> The /var/log/sshd.log gave me the hint:
> -----------------------------------------------
> Permissions 0640 for '/etc/ssh_host_rsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ecdsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ed25519_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> sshd: no hostkeys available -- exiting.
> ------------------------------------------------
>/var/log/sshd.config may provide helpful clues even if the issue is
>different from loose permissions on the private keys.  Let us know what
>you find there if you are still having trouble.
>
> from the Admin account
>
> $ cd /etc
> $ chmod 600 ssh*
>
> solved the problem
>
>It may have but ... There is no need to restrict permissions on the
>public keys and restricting permissions on /etc/ssh_config may interfere
>with ssh client use by non-Administrator users.  Moreover, I don't think
>/etc/sshd_config needs to be restricted though that could be a judgement
>call.
>
>Perhaps
>
>$ chmod 600 ssh_host_*_key
>
>is enough to fix the private key permissions, if in fact that is the problem.
>
> $ cygrunsrv -Q cygsshd
>....
>
>"cygrunsrv -V -Q cygsshd" will reveal even more information.
>
>--Stephen

next prev parent reply	other threads:[~2020-08-19 16:35 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-10 18:21 Subramanya Narayanaswamy
2020-08-10 22:38 ` Andrey Repin
2020-08-11  6:35   ` Subramanya Narayanaswamy
2020-08-11  7:44     ` Marco Atzeri
2020-08-11 23:25     ` Andrey Repin
2020-08-12 13:43       ` Subramanya Narayanaswamy
2020-08-12 14:42         ` Andrey Repin
2020-08-12 15:58         ` Stephen Carrier
2020-08-12 16:26           ` Re[2]: " Subramanya Narayanswamy
2020-08-16  8:17           ` Subramanya Narayanaswamy
2020-08-16  9:36             ` Marco Atzeri
2020-08-19 16:32               ` Stephen Carrier
2020-08-19 16:35                 ` Subramanya Narayanswamy [this message]
2020-08-16  9:55             ` ASSI
2020-08-10 22:44 ` Bill Stewart

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1597854949.449657402@f39.my.com \
    --to=subramanya.narayanswamy@oracle.com \
    --cc=carrier@berkeley.edu \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).