How to create root account to own /var/empty for ssh?

How to create root account to own /var/empty for ssh?

[L A Walsh]

The new version of ssh is not likely my "/var/empty", which it
says:

var/empty must be owned by root and not group or world-writable.

It doesn't seems to like this:

>  llg -a /var/empty
total 4
drwx------+ 1 root Administrators 0 Oct 11  2014 ./
>  llg -an /var/empty
total 4
drwx------+ 1   0  544 0 Oct 11  2014 ./

Multiple probs:
1) there is no root account on windows.
2) My Administrator account is named 'root', as it is the closest thing
to 'root' on a windows machine.  But it doesn't like that. Originally
was UID 500.
3) Tried changing root to UID 0, but that didn't work either. :-(

How am I supposed to make ssh happy?

Thanks!
-l






--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[Marco Atzeri]

On 15/04/2017 17:51, L A Walsh wrote:
> The new version of ssh is not likely my "/var/empty", which it
> says:
>
> var/empty must be owned by root and not group or world-writable.
>
> It doesn't seems to like this:
>
>>  llg -a /var/empty
> total 4
> drwx------+ 1 root Administrators 0 Oct 11  2014 ./
>>  llg -an /var/empty
> total 4
> drwx------+ 1   0  544 0 Oct 11  2014 ./
>
> Multiple probs:
> 1) there is no root account on windows.
> 2) My Administrator account is named 'root', as it is the closest thing
> to 'root' on a windows machine.  But it doesn't like that. Originally
> was UID 500.
> 3) Tried changing root to UID 0, but that didn't work either. :-(
>
> How am I supposed to make ssh happy?
>
> Thanks!
> -l
>

user separation ?

$ ls -ld /var/empty
drwxr-xr-x+ 1 cyg_server Administrators 0 Jan  7  2015 /var/empty

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[L A Walsh]

Marco Atzeri wrote:
>
>>
>> How am I supposed to make ssh happy?
>>
>> Thanks!
>> -l
>>
>
> user separation ?
>
> $ ls -ld /var/empty
> drwxr-xr-x+ 1 cyg_server Administrators 0 Jan  7  2015 /var/empty

Um, could elaborate?  I mean do I just create a user called
cyg_server, and that makes it sshd happy?  Or how is user
separation different than having root own the directory?

Also, is it the same separation mentioned in this
deprecation message?:

>  /sbin/sshd
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
/var/empty must be owned by root and not group or world-writable.

...or has the option been renamed?  FWIW -- this *used* to work on my
machine until the upgrade.

Thanks again!



p.s. -- BTW, found this amusing: the old 'sshd' works still
works and picks up the newer openssl lib::

New sshd:
/sbin> /sbin/sshd -v
sshd: unknown option -- v
OpenSSH_7.5p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin> /sbin/sshd  -4
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
Could not load host key: /etc/ssh_host_ed25519_key
/var/empty must be owned by root and not group or world-writable.
/sbin/

Old sshd:
/sbin.o> ./sshd --version
sshd: unknown option -- -
OpenSSH_6.6.1p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin.o> /sbin.o/sshd  -4   
Could not load host key: /etc/ssh_host_ed25519_key
/sbin.o> (works)

---------
Wasn't user-separation in 6.6?




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[Marco Atzeri]

On 15/04/2017 23:33, L A Walsh wrote:
> Marco Atzeri wrote:
>>
>>>
>>> How am I supposed to make ssh happy?
>>>
>>> Thanks!
>>> -l
>>>
>>
>> user separation ?
>>
>> $ ls -ld /var/empty
>> drwxr-xr-x+ 1 cyg_server Administrators 0 Jan  7  2015 /var/empty
>
> Um, could elaborate?  I mean do I just create a user called
> cyg_server, and that makes it sshd happy?  Or how is user
> separation different than having root own the directory?
>
> Also, is it the same separation mentioned in this
> deprecation message?:
>
>>  /sbin/sshd
> /etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
> /var/empty must be owned by root and not group or world-writable.
>
> ...or has the option been renamed?  FWIW -- this *used* to work on my
> machine until the upgrade.
>
> Thanks again!


usage: ssh-host-config [OPTION]...
Options:
     --debug  -d            Enable shell's debug output.
     --yes    -y            Answer all questions with "yes" automatically.
     --no     -n            Answer all questions with "no" automatically.
     --cygwin -c <options>  Use "options" as value for CYGWIN 
environment var.
     --name   -N <name>     sshd windows service name.
     --port   -p <n>        sshd listens on port n.
     --user   -u <account>  privileged user for service, default 
'cyg_server'.
     --pwd    -w <passwd>   Use "pwd" as password for privileged user.
     --privileged           On Windows XP, require privileged user
                            instead of LocalSystem for sshd service.


Hi,
long time I am not reconfiguring the sshd server, but
ssh-host-config should propose by default the user separation
and propose the creation of cyg_server user for that scope.

Regards
Marco





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[L A Walsh]

Marco Atzeri wrote:
>
> usage: ssh-host-config [OPTION]...
> ...
>
> Hi,
> long time I am not reconfiguring the sshd server, but
> ssh-host-config should propose by default the user separation
> and propose the creation of cyg_server user for that scope.
----
    Ah... I didn't run that ... just sorta ran it and used
a certificate to log in as myself -- same as works w/rsh(localhost).
It seems to work for the currently logged in user, but I suspect
I'd need to run the above config routine to enable it for
logging in when there isn't already an active session. 

    The part that is bugging me is that the new sshd seems to
require /var/empty to be owned and only writable as root, which
the previous sshd didn't require (it just runs).

    That's why I was trying to figure out how to have /var/empty
owned by 'root' on a OS that doesn't have a UID=0(root), as it
didn't seem to accept ownership by "Administrator" as the same
thing.

    Thanks for reminding me of the config option.  I was hoping
just to use it, (for now anyway) the same as before -- where it
works if I login as the currently log'd in user (AFAIKT -- seems
to have the same drive mappings as me; if I try a different user,
it doesn't work -- but that's where I'd suspect I'd need to run
the config script. Hmmm...

    Maybe will end up doing that, but sorta would like to also
know why it thinks /var/empty must be owned by root and how it
expects me to do that.  *sigh*.

Linda


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[Andrey Repin]

Greetings, L A Walsh!

> Marco Atzeri wrote:
>>
>> usage: ssh-host-config [OPTION]...
>> ...
>>
>> Hi,
>> long time I am not reconfiguring the sshd server, but
>> ssh-host-config should propose by default the user separation
>> and propose the creation of cyg_server user for that scope.
> ----
>     Ah... I didn't run that ... just sorta ran it and used
> a certificate to log in as myself -- same as works w/rsh(localhost).
> It seems to work for the currently logged in user, but I suspect
> I'd need to run the above config routine to enable it for
> logging in when there isn't already an active session. 

You may need to store your password (passwd -R) to be able to login with
certificate.


-- 
With best regards,
Andrey Repin
Monday, April 17, 2017 18:51:49

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to create root account to own /var/empty for ssh?

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 962 bytes --]

On Apr 15 08:51, L A Walsh wrote:
> The new version of ssh is not likely my "/var/empty", which it
> says:
> 
> var/empty must be owned by root and not group or world-writable.
> 
> It doesn't seems to like this:
> 
> >  llg -a /var/empty
> total 4
> drwx------+ 1 root Administrators 0 Oct 11  2014 ./
> >  llg -an /var/empty
> total 4
> drwx------+ 1   0  544 0 Oct 11  2014 ./
> 
> Multiple probs:
> 1) there is no root account on windows.
> 2) My Administrator account is named 'root', as it is the closest thing
> to 'root' on a windows machine.  But it doesn't like that. Originally
> was UID 500.
> 3) Tried changing root to UID 0, but that didn't work either. :-(
> 
> How am I supposed to make ssh happy?

http://marc.info/?l=openssh-unix-dev&m=149250723319262&w=2


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]