Problem with ssh-host-config?

Problem with ssh-host-config?

[Nick.Battle]

I'm having a strange problem with the sshd configuration script on Windows 8. I'm calling it as follows, where I expect both the fjsupport Windows user account and /etc/passwd entry to be created by the script:

/bin/ssh-host-config -y -c ntsec -u fjsupport -w <the password>

If the user has no entry in /etc/passwd, it creates the Windows account, but then complains when it comes to create the sshd service that the privileged user does not exist (I think it means in /etc/passwd). If I add the user to /etc/passwd (using mkpasswd after the first run) and just remove the Windows account, then it sees that the user exists in /etc/passwd and does not attempt to create a Windows account, then complaining that it cannot use the (non-existent) Windows user when it tries to create the service. If I have both the Windows account (with privileges) and the /etc/passwd entry beforehand, everything is fine, but of course it doesn't have to make either.

By stepping through the script (incidentally, the -d flag doesn't work properly?), I found that the csih_create_privileged_user function is using the variable ${username} to write to /etc/passwd. But when called as above this variable is not set. So that doesn't update /etc/passwd and it (later) thinks the user is not known. This is at line 3069 in cygwin-service-installation-helper.sh.

/usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd"

Changing ${username} to ${csih_PRIVILEGED_USERNAME} seems to fix the problem and everything works as expected.

So I have the result I want, but I'm not sure that the fix above is correct. Isn't it normal to use ssh-host-config to create the user in Windows and /etc/passwd? In which case why isn't everyone getting this problem? Or am I using the script the wrong way?

-- 
Cheers,
-nick

Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications Europe Limited, together "Fujitsu".

This email is only for the use of its intended recipient.  Its contents are subject to a duty of confidence and may be privileged.  Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free.

Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London W1U 3BW.

Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London W1U 3BW.

PFU Imaging Solutions Europe Limited, registered in England No 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE.

Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YU.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem with ssh-host-config?

[Achim Gratz]

Nick.Battle <at> uk.fujitsu.com <Nick.Battle <at> uk.fujitsu.com> writes:
> Changing ${username} to ${csih_PRIVILEGED_USERNAME} seems to fix the
problem and everything works as expected.

From a quick glance I'd say this is correct.

> So I have the result I want, but I'm not sure that the fix above is
correct. Isn't it normal to use
> ssh-host-config to create the user in Windows and /etc/passwd? In which
case why isn't everyone getting
> this problem? Or am I using the script the wrong way?

On a fresh installation you don't have /etc/passwd anymore, so the script
never branches there.


Regards,
Achim.







--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem with ssh-host-config?

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1124 bytes --]

On Mar 11 14:01, Achim Gratz wrote:
> Nick.Battle <at> uk.fujitsu.com <Nick.Battle <at> uk.fujitsu.com> writes:
> > Changing ${username} to ${csih_PRIVILEGED_USERNAME} seems to fix the
> problem and everything works as expected.
> 
> >From a quick glance I'd say this is correct.

ACK.

> > So I have the result I want, but I'm not sure that the fix above is
> correct. Isn't it normal to use
> > ssh-host-config to create the user in Windows and /etc/passwd? In which
> case why isn't everyone getting
> > this problem? Or am I using the script the wrong way?
> 
> On a fresh installation you don't have /etc/passwd anymore, so the script
> never branches there.

In theory this should only happen if you *only* use passwd in
/etc/nsswitch.conf.  If you use default settings (passwd db), this
branch should not be hit either.

So I wonder how your /etc/nsswitch.conf looks like.  Are you using 

  passwd: passwd
  group: passwd

?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

RE: Problem with ssh-host-config?

[Nick.Battle]

Hi Corinna,

>> In theory this should only happen if you *only* use passwd in
>> /etc/nsswitch.conf.  If you use default settings (passwd db), this
>> branch should not be hit either.
>>
>> So I wonder how your /etc/nsswitch.conf looks like.  Are you using 
>>
>>  passwd: passwd
>>  group: passwd
>
> We install the following in nsswitch.conf just before running ssh-host-config:
>
> passwd:   files
> group:    files 
> db_home:  windows
>
> Does that explain the path we're taking?

Looking at the csih scripts, that would take the code into the mkpasswd branch with the bug.
So perhaps no one has noticed this before simply because the default behaviour skips it.

-- 
Cheers,
-nick




Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications Europe Limited, together "Fujitsu".

This email is only for the use of its intended recipient.  Its contents are subject to a duty of confidence and may be privileged.  Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free.

Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London W1U 3BW.

Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London W1U 3BW.

PFU Imaging Solutions Europe Limited, registered in England No 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE.

Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YU.

Re: Problem with ssh-host-config?

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 989 bytes --]

On Mar 15 15:42, Nick.Battle@uk.fujitsu.com wrote:
> Hi Corinna,
> 
> >> In theory this should only happen if you *only* use passwd in
> >> /etc/nsswitch.conf.  If you use default settings (passwd db), this
> >> branch should not be hit either.
> >>
> >> So I wonder how your /etc/nsswitch.conf looks like.  Are you using 
> >>
> >>  passwd: passwd
> >>  group: passwd
> >
> > We install the following in nsswitch.conf just before running ssh-host-config:
> >
> > passwd:   files
> > group:    files 
> > db_home:  windows
> >
> > Does that explain the path we're taking?
> 
> Looking at the csih scripts, that would take the code into the mkpasswd branch with the bug.
> So perhaps no one has noticed this before simply because the default behaviour skips it.

Yup, makes sense.  Thanks for checking.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]