How do I run sshd as a particular user?

How do I run sshd as a particular user?

[Alfred von Campe]

I've read about the restrictions on accessing shares while logged  
into a Windows system with the Cygwin ssh daemon.  We are interested  
in this to do remote builds, and it would be nice to access network  
shares.  We only really need one user to be able to log in, so I  
thought I'd change the CYGWIN sshd service to run as that user.   
However, when I changed the service and tried to start it, I got the  
following error message: "The VYGWIN sshd servcice on Local COmputer  
started and then stopped."  Any ideas what's going on?

I tried to revert to having the service started by the .\sshd user,  
but I can't get that to work no either!  I think it's because I am  
using the wrong password.  How can I change or reset the password on  
that account?

Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Larry Hall (Cygwin)]

Alfred von Campe wrote:
> I've read about the restrictions on accessing shares while logged into a 
> Windows system with the Cygwin ssh daemon.  We are interested in this to 
> do remote builds, and it would be nice to access network shares.  We 
> only really need one user to be able to log in, so I thought I'd change 
> the CYGWIN sshd service to run as that user.  However, when I changed 
> the service and tried to start it, I got the following error message: 
> "The VYGWIN sshd servcice on Local COmputer started and then stopped."  
> Any ideas what's going on?
> 
> I tried to revert to having the service started by the .\sshd user, but 
> I can't get that to work no either!  I think it's because I am using the 
> wrong password.  How can I change or reset the password on that account?

How did you make this change?  If you removed and reinstalled the service
with 'cygrunsrv' like the sshd configuration script does, then use the
'-W, --passwd <password>' flag.  Otherwise, specify the password in
Control Panel->Administrative Tools->Services->Cygwin sshd Logon properties
page.

FWIW, the sshd_server user that the sshd configuration script will make
for you if you're on W2K3 or later has no password by default.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

On Feb 26, 2008, at 18:29, Larry Hall (Cygwin) wrote:
>


> How did you make this change?  If you removed and reinstalled the  
> service
> with 'cygrunsrv' like the sshd configuration script does, then use the
> '-W, --passwd <password>' flag.  Otherwise, specify the password in
> Control Panel->Administrative Tools->Services->Cygwin sshd Logon  
> properties
> page.

It's not a month since Larry posted this (thanks, BTW), and this  
issue has bubbled up to the top again.  I have tried various ways to  
get the sshd service started as a domain user (instead of the local  
sshd_server user) and can not get it to work.  What is the correct  
syntax to specify a domain user with cygrunsrv?  This is what I have  
tried:

   cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN  
sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip

This successfully installs the service, and if I look at it in the  
Services panel it shows the correct username (DOMAIN\USERNAME), but  
if I try to start the service I always get the error "The Cygwin sshd  
service in Local Computer started and then stopped".  If I substitute  
sshd_server for the user and supply the correct password, the sshd  
service starts correctly.  But I want to start the service as a  
domain user so that I can access network shares and resolve some  
build issues with Visual Studio that are apparently caused by not  
being fully authenticated.

Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

[I'm reposting this with a couple of corrections/clarifications and  
also to raise its visibility since I didn't get any responses last  
time :-)]

It's been a month since Larry Hall replied to my last post on this  
topic (thanks, BTW), and this issue has bubbled up to the top again.   
I have tried various ways to get the sshd service started as a domain  
user (instead of the default local user "sshd_server") and can not  
get it to work.  What is the correct syntax to specify a domain user  
with cygrunsrv?  This is what I have tried:

   cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN  
sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip

This successfully installs the service, and if I look at it in the  
Services control panel, it shows the correct username (DOMAIN 
\USERNAME), but if I try to start the service I always get the error  
"The Cygwin sshd service in Local Computer started and then  
stopped".  If I substitute sshd_server for the user and supply the  
correct password, the sshd service starts correctly.  But I want to  
start the service as a domain user so that I can access network  
shares and resolve some build issues with Visual Studio that are  
apparently caused by not being fully authenticated.

Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Larry Hall (Cygwin)]

Alfred von Campe wrote:
> [I'm reposting this with a couple of corrections/clarifications and also 
> to raise its visibility since I didn't get any responses last time :-)]
> 
> It's been a month since Larry Hall replied to my last post on this topic 
> (thanks, BTW), and this issue has bubbled up to the top again.  I have 
> tried various ways to get the sshd service started as a domain user 
> (instead of the default local user "sshd_server") and can not get it to 
> work.  What is the correct syntax to specify a domain user with 
> cygrunsrv?  This is what I have tried:
> 
>   cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN 
> sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip
> 
> This successfully installs the service, and if I look at it in the 
> Services control panel, it shows the correct username (DOMAIN\USERNAME), 
> but if I try to start the service I always get the error "The Cygwin 
> sshd service in Local Computer started and then stopped".  If I 
> substitute sshd_server for the user and supply the correct password, the 
> sshd service starts correctly.  But I want to start the service as a 
> domain user so that I can access network shares and resolve some build 
> issues with Visual Studio that are apparently caused by not being fully 
> authenticated.

Does it have to be a domain user?  If not, create a local one and give it
the permissions outlined in '/usr/share/doc/cygwin/openssh.README' from the
"Important note for windows 2003 Server users:" section.  Or just look at
what '/bin/ssh-host-config' does.  If it has to be a domain user for some
reason, I guess you can try the above on the machine in question for that
user but I really don't know enough about how domain user permissions can
(or can't) be augmented on local machines to say how this will work (and I
don't have a domain to test against currently).

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: How do I run sshd as a particular user?

[Dave Korn]

Alfred von Campe wrote on 28 March 2008 12:30:

> I have tried various ways to get the sshd service started as a domain
> user (instead of the default local user "sshd_server") and can not
> get it to work.  What is the correct syntax to specify a domain user
> with cygrunsrv?  This is what I have tried:
> 
>    cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN
> sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip

  That's the windows domain user syntax sure enough.  There aren't any shell
metacharacters in the password by any chance are there?
 
> This successfully installs the service, and if I look at it in the
> Services control panel, it shows the correct username (DOMAIN
> \USERNAME), but if I try to start the service I always get the error
> "The Cygwin sshd service in Local Computer started and then
> stopped".  If I substitute sshd_server for the user and supply the
> correct password, the sshd service starts correctly.  But I want to
> start the service as a domain user 

  I suppose it might also be worth turning on all the auditing in the
security log to see if it's a login failure or not.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

On Mar 28, 2008, at 11:28, Dave Korn wrote:
> Alfred von Campe wrote on 28 March 2008 12:30:
>
>> I have tried various ways to get the sshd service started as a domain
>> user (instead of the default local user "sshd_server") and can not
>> get it to work.  What is the correct syntax to specify a domain user
>> with cygrunsrv?  This is what I have tried:
>>
>>    cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN
>> sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip
>
>   That's the windows domain user syntax sure enough.  There aren't  
> any shell
> metacharacters in the password by any chance are there?

Nope, just upper and lowercase letters, numbers, and a dash.  I also  
ensured that the user had all the user rights as described in the  
openssh.README file (well, all except for Increase Quota, which for  
some reason was not defined on this system, and must not really be  
required since the sshd_server account also did not have that right  
and it is able to start the service).  The result is the same, the  
service starts and immediately stops.  There is nothing obvious in  
the logs.  I am not really a Windows person, so I've been working  
with one of our IT guys on this, but he is out today and I will be  
out tomorrow and Friday, so this will have to wait until next week.

Again, the problem I am trying to solve is to be able to kick off  
builds remotely and automatically on this Windows server.  To do  
this, we need password-less login, and to that end, we have exchanged  
ssh keys and have this working.  However, by exchanging ssh keys the  
user is never fully authenticated on the domain, so there is no  
access to network drives.  Is there any other way to have  
passwordless ssh access yet still be fully authenticated on the  
domain?  I thought starting the service as a domain user would  
accomplish this, but alas, I have not been able to do that.  So if  
there is any other way to achieve our goal, I'd be happy to try it.

Thanks,
Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Corinna Vinschen]

On Apr  2 09:11, Alfred von Campe wrote:
> On Mar 28, 2008, at 11:28, Dave Korn wrote:
>> Alfred von Campe wrote on 28 March 2008 12:30:
>>
>>> I have tried various ways to get the sshd service started as a domain
>>> user (instead of the default local user "sshd_server") and can not
>>> get it to work.  What is the correct syntax to specify a domain user
>>> with cygrunsrv?  This is what I have tried:
>>>
>>>    cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN
>>> sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip
>>[...]
>   I thought starting the service as a domain 
> user would accomplish this, but alas, I have not been able to do that.  So 
> if there is any other way to achieve our goal, I'd be happy to try it.

Did you try anything besides switching the user?  For instance:

- Did you check the event log?

- Did you check /var/run/sshd.log?  If it's empty it's probably because
  the domain user has no write permission.

- Does the domain user have an entry in the local /etc/passwd?  sshd
  needs that when checking file ownership.  And it allows to specify the
  user to cygrunsrv without the "domain\win_username" syntax.

- Did you chown /etc/ssh* and /var/empty to the domain user when trying
  to start the service under that account?  That's a must have.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

On Apr 2, 2008, at 9:27, Corinna Vinschen wrote:
>


> Did you try anything besides switching the user?  For instance:
>
> - Did you check the event log?

Yes, did not find anything useful.

> - Did you check /var/run/sshd.log?  If it's empty it's probably  
> because
>   the domain user has no write permission.

No, I did not.

> - Does the domain user have an entry in the local /etc/passwd?  sshd
>   needs that when checking file ownership.  And it allows to  
> specify the
>   user to cygrunsrv without the "domain\win_username" syntax.

Well, there is an entry for a user of the same name.  Is that enough  
or is there a way to specify the fact that it's a domain user?

> - Did you chown /etc/ssh* and /var/empty to the domain user when  
> trying
>   to start the service under that account?  That's a must have.

No, I did not know about this either.  I will try these suggestions  
as soon as I get a chance, but that might not be until I return to  
the office next week.  A quick question, though.  Instead of making  
all these changes, is there a better way to (re-)install Cygwin sshd  
so that it is properly set up for a domain user?

Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Corinna Vinschen]

On Apr  2 13:55, Alfred von Campe wrote:
> On Apr 2, 2008, at 9:27, Corinna Vinschen wrote:
>> - Does the domain user have an entry in the local /etc/passwd?  sshd
>>   needs that when checking file ownership.  And it allows to specify the
>>   user to cygrunsrv without the "domain\win_username" syntax.
>
> Well, there is an entry for a user of the same name.  Is that enough or is 
> there a way to specify the fact that it's a domain user?

The SID in the pw_gecos field must match.  When in doubt, try
mkpasswd -d -u username.

>> - Did you chown /etc/ssh* and /var/empty to the domain user when trying
>>   to start the service under that account?  That's a must have.
>
> No, I did not know about this either.  I will try these suggestions as soon 
> as I get a chance, but that might not be until I return to the office next 
> week.  A quick question, though.  Instead of making all these changes, is 
> there a better way to (re-)install Cygwin sshd so that it is properly set 
> up for a domain user?

No, that's not supported by the install scripts.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

On Apr 2, 2008, at 9:27, Corinna Vinschen wrote:

> - Did you check /var/run/sshd.log?  If it's empty it's probably  
> because
>   the domain user has no write permission.
>
> - Does the domain user have an entry in the local /etc/passwd?  sshd
>   needs that when checking file ownership.  And it allows to  
> specify the
>   user to cygrunsrv without the "domain\win_username" syntax.
>
> - Did you chown /etc/ssh* and /var/empty to the domain user when  
> trying
>   to start the service under that account?  That's a must have.

It's taken me a while to get to this, but changing the above  
mentioned permissions did the trick.  I can now log on and access  
network shares!  This will make the build engineers' lives a lot  
easier.  Thank you for a great product and for all the help on this  
list!

Well, I spoke a little too soon.  I got this working on two systems,  
but can not get it to work on a third.  The ssh daemon appears to  
start (neither cygrunsrv -S nor starting it from the Services Panel  
gives an error), but it really does not.  The Event Viewer  
Application log shows the following:

   The description for Event ID ( 0 ) in Source ( sshd ) cannot be  
found. The local
   computer may not have the necessary registry information or  
message DLL files to
   display messages from a remote computer. You may be able to use  
the /AUXSOURCE=
   flag to retrieve this description; see Help and Support for  
details. The following
   information is part of the event: sshd: PID 2920: service `sshd'  
failed: signal 11
   raised.

Any ideas what could be raising signal 11 (SIGSEGV) and how I would  
go about debugging this?  ssh access was working to this machine  
before I changed the file system permissions and the account  
information for the sshd service.

Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Alfred von Campe]

On Apr 11, 2008, at 11:48, I wrote:

> Well, I spoke a little too soon.  I got this working on two  
> systems, but can not get it to work on a third.  The ssh daemon  
> appears to start (neither cygrunsrv -S nor starting it from the  
> Services Panel gives an error), but it really does not.

I managed to solve this by rebooting the system and re-running ssh- 
host-config (and then changing permissions, etc.).  I now have all  
three build systems working as expected.

Thanks again for all the help,
Alfred


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Robert McKay]

On Fri, Apr 11, 2008 at 8:22 PM, Alfred von Campe <alfred@von-campe.com> wrote:
> On Apr 11, 2008, at 11:48, I wrote:
>
>
> > Well, I spoke a little too soon.  I got this working on two systems, but
> can not get it to work on a third.  The ssh daemon appears to start (neither
> cygrunsrv -S nor starting it from the Services Panel gives an error), but it
> really does not.
> >
>
>  I managed to solve this by rebooting the system and re-running
> ssh-host-config (and then changing permissions, etc.).  I now have all three
> build systems working as expected.
>
>  Thanks again for all the help,

I'm a bit late to this discussion.. I set this up a while ago and one
interesting thing that I noticed is that you can:

net use \\whatever /user:domain\user

instead of

net use x: \\whatever /user:domain\user

(ie: without specifying a drive letter).

If you don't specify a drive letter then it works even when you are
logged in without a password. Taking this one step further, you can
make a symlink

ln -s '\\whatever' /remotefilesystem
and then just access files in /remotefilesystem instead of /cygdrive/X

This pretty much solved the issue of accessing network drives when
logged in without a password.

Later a requirement was introduced that we run sshd as an unprivileged
user and so I switched to having a service that logs in with a
password as you are now doing.

In order to run sshd as an unprivileged user I had to use a nasty
hexedit hack on the sshd.exe file to replace the seteuid() call (which
fails / returns -1 without admin privileges and causes sshd to exit)
with a call to isalpha() which has (almost) the same function
prototype, but always returns 0 unless your userid 'is an alphanumeric
charater' :)

If you run without admin privileges sshd can't actually verify
passwords for passworded logins, but ssh keys seemed to work just fine
which is what we wanted anyway. Obviously you can only log in as that
one user that's running ssh, but again this was acceptable.


Rob.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Corinna Vinschen]

On Apr 12 01:11, Robert McKay wrote:
> In order to run sshd as an unprivileged user I had to use a nasty
> hexedit hack on the sshd.exe file to replace the seteuid() call (which
> fails / returns -1 without admin privileges and causes sshd to exit)
> with a call to isalpha() which has (almost) the same function
> prototype, but always returns 0 unless your userid 'is an alphanumeric
> charater' :)

Aaaaargh!

I don't know what you're doing wrong but this is *totally* unnecessary.
You can run sshd as unprivileged user without having to change the
sshd code.  You can do this while another sshd is running on
port 22 under a privileged account.  What the user has to do is to create
her own sshd_config file and own host keys.  If no other sshd is running
on the machine, just chown the host key files in /etc and switch off
privilege separation in /etc/sshd_config.

For kicks I just tried it.  What I did:

  $ uname -a
  CYGWIN_NT-6.0 vmbert2k8 1.5.25(0.156/4/2) 2008-03-06 17:01 i686 Cygwin
  $ id
  uid=1004(hein) gid=513(None) groups=513(None),545(Users)
  $ pwd
  /home/hein
  $ mkdir -p etc var/run
  $ cp /etc/sshd_config etc
  $ vi etc/sshd_config
  [Set `Port 2022']
  [Set `HostKey /home/hein/etc/ssh_host_rsa_key']
  [Set `UsePrivilegeSeparation no']
  [Set `PidFile /home/hein/var/run/sshd.pid']
  [:wq!]
  $ ssh-keygen -t rsa -f /home/hein/etc/ssh_host_rsa_key -N ''
  Generating public/private rsa key pair.
  Your identification has been saved in /home/hein/etc/ssh_host_rsa_key.
  Your public key has been saved in /home/hein/etc/ssh_host_rsa_key.pub.
  The key fingerprint is:
  02:5d:02:5d:e8:2e:c6:b9:4c:d9:93:6c:13:ef:5d:61 hein@vmbert2k8
  $ /usr/sbin/sshd -f sshd_config -D

Then, from another machine:

  $ uname -a
  Linux calimero 2.6.23.17-LL #1 SMP Tue Mar 25 11:21:47 CET 2008 x86_64 x86_64 x86_64 GNU/Linux
  $ ssh -l hein -p 2022 vmbert2k8
  hein@vmbert2k8's password: 
  Fanfare!!!
  You are successfully logged in to this server!!!

  hein@vmbert2k8
  $ 


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Robert McKay]

On Sat, Apr 12, 2008 at 10:06 AM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> On Apr 12 01:11, Robert McKay wrote:
>  > In order to run sshd as an unprivileged user I had to use a nasty
>  > hexedit hack on the sshd.exe file to replace the seteuid() call (which
>  > fails / returns -1 without admin privileges and causes sshd to exit)
>  > with a call to isalpha() which has (almost) the same function
>  > prototype, but always returns 0 unless your userid 'is an alphanumeric
>  > charater' :)
>
>  Aaaaargh!
>
>  I don't know what you're doing wrong but this is *totally* unnecessary.
>  You can run sshd as unprivileged user without having to change the
>  sshd code.  You can do this while another sshd is running on
>  port 22 under a privileged account.  What the user has to do is to create
>  her own sshd_config file and own host keys.  If no other sshd is running
>  on the machine, just chown the host key files in /etc and switch off
>  privilege separation in /etc/sshd_config.

Interesting.. are you sure your account doesn't have the allow replace
process token privilege?

I'll take another look this when I get the chance.. perhaps sshd has
changed in some way.

Cheers,

Rob.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: How do I run sshd as a particular user?

[Corinna Vinschen]

On Apr 13 03:27, Robert McKay wrote:
> On Sat, Apr 12, 2008 at 10:06 AM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:


http://cygwin.com/acronyms/#PCYMTNQREAIYR


> > On Apr 12 01:11, Robert McKay wrote:
> >  > In order to run sshd as an unprivileged user I had to use a nasty
> >  > hexedit hack on the sshd.exe file to replace the seteuid() call (which
> >  > fails / returns -1 without admin privileges and causes sshd to exit)
> >  > with a call to isalpha() which has (almost) the same function
> >  > prototype, but always returns 0 unless your userid 'is an alphanumeric
> >  > charater' :)
> >
> >  Aaaaargh!
> >
> >  I don't know what you're doing wrong but this is *totally* unnecessary.
> >  You can run sshd as unprivileged user without having to change the
> >  sshd code.  You can do this while another sshd is running on
> >  port 22 under a privileged account.  What the user has to do is to create
> >  her own sshd_config file and own host keys.  If no other sshd is running
> >  on the machine, just chown the host key files in /etc and switch off
> >  privilege separation in /etc/sshd_config.
> 
> Interesting.. are you sure your account doesn't have the allow replace
> process token privilege?

Yes.  The account was created as standard user account for the purpose of
testing Cygwin with non-privileged user accounts.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/