Problem With SShd

Problem With SShd

[Ahmad Alkhatib]

Dear cygwin
Would You please help me with my problem?
I have CYGWIN installed on windows server 2012 and i have configured sshd
and all things goes well, I can access my server over ssh but after a period
of time i have noticed that i can't access my server over ssh. So, I have
 tried to restart the sshd service manually but it gives the following error
which I found it in ssh log and  it says "/var/empty must be owned by root
and not group or world-writable." so i have fixed these with chown and
chmod, After that, I could connect to my server over ssh but it asks me for
password not connect with public key.
Please be informed that every time i Have the problem i do the same steps
and when it did not work i uninstall cygwin and install it again. 
But I got the same problem after period of time, So would you please Provide
me with a steady solution So I did not need  to uninstall and install CYGWIN
every time.

Best Regards



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem With SShd

[Marco Atzeri]

back on mailing list

On 13/07/2016 11:33, Marco Atzeri wrote:
> On 13/07/2016 11:28, Ahmad Alkhatib wrote:
>>
>>
>>
>> Dear cygwin
>> Would You please help me with my problem?
>> I have CYGWIN installed on windows server 2012 and i have configured sshd
>> and all things goes well, I can access my server over ssh but after a
>> period
>> of time i have noticed that i can't access my server over ssh. So, I have
>>  tried to restart the sshd service manually but it gives the following
>> error
>> which I found it in ssh log and  it says "/var/empty must be owned by
>> root
>> and not group or world-writable." so i have fixed these with chown and
>> chmod, After that, I could connect to my server over ssh but it asks
>> me for
>> password not connect with public key.
>
> I assume the windows password, am I correct ?
>
>> Please be informed that every time i Have the problem i do the same steps
>> and when it did not work i uninstall cygwin and install it again.
>> But I got the same problem after period of time, So would you please
>> Provide
>> me with a steady solution So I did not need  to uninstall and install
>> CYGWIN
>> every time.
>
> this seems a bit extreme
>
>>
>> Best Regards
>>
>>
>
> What is the output of
>
> $ ls -l /var |grep empty
>
> Regards
> Marco

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: Problem With SShd

[Ahmad Alkhatib]

Dear Mr. Marco,
Thanks for your reply.
the output of  ls -l /var |grep empty is as follows 
drwxr-x--x+ 1 cyg_server Administrators 0 Jul 13 13:47 empty.
What I have noticed that after a period of time the owner changes to SYSTEM
instead of cyg_server.
So, I just run the following:
Chmod 700 /var/empty.
Chown cyg_server /var/empty.
So I can connect to my server over ssh but with a password not public key.
Best regards.
-----Original Message-----
From: Marco Atzeri [mailto:marco.atzeri@gmail.com]
Sent: Wednesday, July 13, 2016 12:33 PM
To: Ahmad Alkhatib
Subject: Re: Problem With SShd

On 13/07/2016 11:28, Ahmad Alkhatib wrote:
>
>
>
> Dear cygwin
> Would You please help me with my problem?
> I have CYGWIN installed on windows server 2012 and i have configured 
> sshd and all things goes well, I can access my server over ssh but 
> after a period of time i have noticed that i can't access my server 
> over ssh. So, I have  tried to restart the sshd service manually but 
> it gives the following error which I found it in ssh log and  it says 
> "/var/empty must be owned by root and not group or world-writable." so 
> i have fixed these with chown and chmod, After that, I could connect 
> to my server over ssh but it asks me for password not connect with 
> public
key.

I assume the windows password, am I correct ?

> Please be informed that every time i Have the problem i do the same 
> steps and when it did not work i uninstall cygwin and install it again.
> But I got the same problem after period of time, So would you please 
> Provide me with a steady solution So I did not need  to uninstall and 
> install CYGWIN every time.

this seems a bit extreme

>
> Best Regards
>
>

What is the output of

$ ls -l /var |grep empty

Regards
Marco



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem With SShd

[Marco Atzeri]

back on the mailing list, please followup here.

Please put your reply below and not before.
The standard on this mailing list is bottom posting

http://www.idallen.com/topposting.html

On 13/07/2016 12:34, Ahmad Alkhatib wrote:
>
> Dear Mr. Marco,
> Thanks for your reply.
> the output of  ls -l /var |grep empty is as follows
> drwxr-x--x+ 1 cyg_server Administrators 0 Jul 13 13:47 empty.
> What I have noticed that after a period of time the owner changes to SYSTEM
> instead of cyg_server.

Any clue when ?

> So, I just run the following:
> Chmod 700 /var/empty.
> Chown cyg_server /var/empty.
> So I can connect to my server over ssh but with a password not public key.

Did with the public key ever work ?

> Best regards.
> -----Original Message-----
> From: Marco Atzeri [mailto:xxxxxxxxxxxx]

Please instruct your mail program to not show mail address in clear
in the reply. Or remove them manually.


Regards
Marco

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: problem with sshd

[Vasya Pupkin]

On Thu, Dec 23, 2010 at 11:59 AM, Thorsten Kampe
<thorsten@thorstenkampe.de> wrote:
>> I searched and found only one message describing this problem which
>> was left without answer...
>
> <http://search.gmane.org/?query=zombie%20ssh%
> 20bash&group=gmane.os.cygwin>

Thanks, a lot of similar bugreports since 2007 and no single solution.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: problem with sshd

[Thorsten Kampe]

* Vasya Pupkin (Wed, 22 Dec 2010 13:17:11 +0300)
> On Wed, Dec 22, 2010 at 12:41 PM, Thorsten Kampe
> <thorsten@thorstenkampe.de> wrote:
> > * Vasya Pupkin (Wed, 22 Dec 2010 09:26:29 +0300)
> >> I have a problem running cygwin sshd. I often end up with a lot of
> >> bash processes running and eating memory while there are no single
> >> active ssh session. It happens when either connection lost or user
> >> closes connection without logging out, sshd process dies but bash
> >> remains in memory forever. Is it possible to prevent this? In all real
> >> unix environments this never happen, bash always dies when parent sshd
> >> exits.
> >
> > That is (or was) an old problem as far as I remember. Search the mailing
> > list archives to see if it is supposed to be fixed or a workaround is
> > available. Maybe someone else here remembers more than me...
> 
> I searched and found only one message describing this problem which
> was left without answer...

<http://search.gmane.org/?query=zombie%20ssh%
20bash&group=gmane.os.cygwin>

Thorsten


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: problem with sshd

[Vasya Pupkin]

On Wed, Dec 22, 2010 at 9:50 PM, David Sastre <d.sastre.medina@gmail.com> wrote:
>> >> I have a problem running cygwin sshd. I often end up with a lot of
>> >> bash processes running and eating memory while there are no single
>> >> active ssh session. It happens when either connection lost or user
>> >> closes connection without logging out, sshd process dies but bash
>> >> remains in memory forever. Is it possible to prevent this? In all real
>> >> unix environments this never happen, bash always dies when parent sshd
>> >> exits.
>
> You might want to enable TCPKeepAlive. It could, at a very least,
> prevent disconnections without explicit user interaction.

It's enabled. When sshd not receiving keepalives (network issue or
user closed terminal), it dies (which is good) and leaves bash process
running forever (which is not good).

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: problem with sshd

[David Sastre]

[-- Attachment #1: Type: text/plain, Size: 1275 bytes --]

On Wed, Dec 22, 2010 at 01:17:11PM +0300, Vasya Pupkin wrote:
> On Wed, Dec 22, 2010 at 12:41 PM, Thorsten Kampe
> <thorsten@XXXXXXXXXXXXXXX> wrote:
http://cygwin.com/acronyms/#PCYMTNQREAIYR
> > * Vasya Pupkin (Wed, 22 Dec 2010 09:26:29 +0300)
> >> I have a problem running cygwin sshd. I often end up with a lot of
> >> bash processes running and eating memory while there are no single
> >> active ssh session. It happens when either connection lost or user
> >> closes connection without logging out, sshd process dies but bash
> >> remains in memory forever. Is it possible to prevent this? In all real
> >> unix environments this never happen, bash always dies when parent sshd
> >> exits.

You might want to enable TCPKeepAlive. It could, at a very least,
prevent disconnections without explicit user interaction. 

$ grep -i keepalive /etc/ssh*config
/etc/ssh_config:TCPKeepAlive yes
/etc/sshd_config:TCPKeepAlive yes

Despite the man pages for ssh_config and sshd_config stating that it
is enabled by default, I had to explicity declare it to prevent ssh 
connections _from_ a cygwin box to the outside from dying.
This was a while back, though.

Regards.

-- 
Huella de clave primaria: 0FDA C36F F110 54F4 D42B  D0EB 617D 396C 448B 31EB

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: problem with sshd

[Vasya Pupkin]

On Wed, Dec 22, 2010 at 12:41 PM, Thorsten Kampe
<thorsten@thorstenkampe.de> wrote:
> * Vasya Pupkin (Wed, 22 Dec 2010 09:26:29 +0300)
>> I have a problem running cygwin sshd. I often end up with a lot of
>> bash processes running and eating memory while there are no single
>> active ssh session. It happens when either connection lost or user
>> closes connection without logging out, sshd process dies but bash
>> remains in memory forever. Is it possible to prevent this? In all real
>> unix environments this never happen, bash always dies when parent sshd
>> exits.
>
> That is (or was) an old problem as far as I remember. Search the mailing
> list archives to see if it is supposed to be fixed or a workaround is
> available. Maybe someone else here remembers more than me...

I searched and found only one message describing this problem which
was left without answer...

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: problem with sshd

[Thorsten Kampe]

* Vasya Pupkin (Wed, 22 Dec 2010 09:26:29 +0300)
> I have a problem running cygwin sshd. I often end up with a lot of
> bash processes running and eating memory while there are no single
> active ssh session. It happens when either connection lost or user
> closes connection without logging out, sshd process dies but bash
> remains in memory forever. Is it possible to prevent this? In all real
> unix environments this never happen, bash always dies when parent sshd
> exits.

That is (or was) an old problem as far as I remember. Search the mailing 
list archives to see if it is supposed to be fixed or a workaround is 
available. Maybe someone else here remembers more than me...

Thorsten


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

problem with sshd

[Vasya Pupkin]

I have a problem running cygwin sshd. I often end up with a lot of
bash processes running and eating memory while there are no single
active ssh session. It happens when either connection lost or user
closes connection without logging out, sshd process dies but bash
remains in memory forever. Is it possible to prevent this? In all real
unix environments this never happen, bash always dies when parent sshd
exits.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

problem with sshd

[J. David Boyd]

For years, (and I do mean years), I've had sshd setup on my desktop
Vista box, and have been able to access it remotely with no problems at
all.

I moved the box 1 year ago, and went from Brighthouse as an ISP to
Verizon.  Still worked fine.

I just moved it back home, back to Brighthouse, and now, I get a prompt
asking me for my password.

I enter the password I've used for the past few years, and am told
"Permission denied, please try again"


Now, is that the same message, in spirit, as "wrong password"?  Doesn't
seem that way to me.   Do I have some file/directory that has the wrong
permissions to allow me to logon?

I haven't explicitly changed anything, (that I know of :->  )


One thing I find interesting is that when I look in /etc/passwd, I don't
have an entry for myself.

Any ideas/help/suggestions on how to troubleshoot this problem?  I've
been logging onto my home box for the past several years, every day, to
save backups, look up email address/phone numbers, etc, and really rely
on being able to connect to it remotely.

It's not a firewall problem, but something in Cygwin setup.  If I boot
into Mandriva 10.0, I can ssh in without any problem at all.

TIA,

Dave in Largo, FL


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Problem with SSHD

[Zeus Gómez Marmolejo]

These permissions don't solve the problem. I don't know how to deal with 
it. Thanks.

Zeus.

Corinna Vinschen wrote:

>On Mon, May 13, 2002 at 04:34:41PM +0100, Stuart Brady wrote:
>
>>On Mon, 13 May 2002, Corinna Vinschen wrote:
>>
>>>On Mon, May 13, 2002 at 03:08:18PM +0200, Zeus Gómez Marmolejo wrote:
>>>
>>>>Yes, CYGWIN is a system variable, any suggestions?!?
>>>>
>>>Your /etc is writable to everyone.  Change the permissions to 0644.
>>>
>>Either I'm missing something, or... 0755?
>>
>
>Sure.
>
>Thanks,
>Corinna
>



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Zeus Gómez Marmolejo]

These permissions don't solve the problem. I don't know how to deal with 
it. Thanks.

Zeus.

Corinna Vinschen wrote:

>On Mon, May 13, 2002 at 04:34:41PM +0100, Stuart Brady wrote:
>
>>On Mon, 13 May 2002, Corinna Vinschen wrote:
>>
>>>On Mon, May 13, 2002 at 03:08:18PM +0200, Zeus Gómez Marmolejo wrote:
>>>
>>>>Yes, CYGWIN is a system variable, any suggestions?!?
>>>>
>>>Your /etc is writable to everyone.  Change the permissions to 0644.
>>>
>>Either I'm missing something, or... 0755?
>>
>
>Sure.
>
>Thanks,
>Corinna
>



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Corinna Vinschen]

On Mon, May 13, 2002 at 04:34:41PM +0100, Stuart Brady wrote:
> On Mon, 13 May 2002, Corinna Vinschen wrote:
> > On Mon, May 13, 2002 at 03:08:18PM +0200, Zeus Gómez Marmolejo wrote:
> > > Yes, CYGWIN is a system variable, any suggestions?!?
> > 
> > Your /etc is writable to everyone.  Change the permissions to 0644.
> 
> Either I'm missing something, or... 0755?

Sure.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Stuart Brady]

On Mon, 13 May 2002, Corinna Vinschen wrote:
> On Mon, May 13, 2002 at 03:08:18PM +0200, Zeus Gómez Marmolejo wrote:
> > Yes, CYGWIN is a system variable, any suggestions?!?
> 
> Your /etc is writable to everyone.  Change the permissions to 0644.

Either I'm missing something, or... 0755?
-- 
Stuart Brady


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Corinna Vinschen]

On Mon, May 13, 2002 at 03:08:18PM +0200, Zeus Gómez Marmolejo wrote:
> Yes, CYGWIN is a system variable, any suggestions?!?

Your /etc is writable to everyone.  Change the permissions to 0644.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Zeus Gómez Marmolejo]

Yes, CYGWIN is a system variable, any suggestions?!?

Zeus.


Prentis Brooks wrote:

>Just a quick question, is CYGWIN sent globally in your environment.  I
>have seen this problem when CYGWIN is not in SYSTEM's environment with
>ntsec enabled.  Probably not your problem, but at least something to
>verify.
>
>
>On Mon, 13 May 2002, Zeus [ISO-8859-1] Gómez Marmolejo wrote:
>
>>Hi all,
>>
>>I've searched all the historical messages of the list but I haven't find 
>>any solution to my problem. Any help would be appreciated. I've 
>>installed cygwin sshd in a W2k server box but I can't manage to start 
>>it. When I run it as a service, I get the following error:
>>
>>$ cygrunsrv -S sshd
>>cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
>>The service has not been started.
>>
>>Viewing the logs, there's a couple of errors:
>>$ cat /var/log/sshd.log
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>Permissions 0644 for '/etc/ssh_host_key' are too open.
>>It is recommended that your private key files are NOT accessible by others.
>>This private key will be ignored.
>>bad permissions: ignore key: /etc/ssh_host_key
>>Could not load host key: /etc/ssh_host_key
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>Permissions 0644 for '/etc/ssh_host_rsa_key' are too open.
>>It is recommended that your private key files are NOT accessible by others.
>>This private key will be ignored.
>>bad permissions: ignore key: /etc/ssh_host_rsa_key
>>Could not load host key: /etc/ssh_host_rsa_key
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>Permissions 0644 for '/etc/ssh_host_dsa_key' are too open.
>>It is recommended that your private key files are NOT accessible by others.
>>This private key will be ignored.
>>bad permissions: ignore key: /etc/ssh_host_dsa_key
>>Could not load host key: /etc/ssh_host_dsa_key
>>Disabling protocol version 1. Could not load host key
>>Disabling protocol version 2. Could not load host key
>>sshd: no hostkeys available -- exiting.
>>
>>But, in this case when I do an ls of the /etc/ directory I get the 
>>following:
>>$ ls -las /etc
>>total 139
>>   4 drwxrwxrwx    5 Administ None         4096 May 12 10:22 .
>>   4 drwxrwxrwx   10 Administ None         4096 May  9 12:44 ..
>>   1 -rwxrwxrwx    1 Administ None          280 May  9 12:44 group
>>  86 -rwxrwxrwx    1 Administ None        88039 Mar  7 16:50 moduli
>>   1 -rwxrwxrwx    1 Administ None          966 May 12 10:09 passwd
>>   4 drwxrwxrwx    2 Administ None         4096 May  9 12:44 postinstall
>>   0 -rw-r--r--    1 Administ None            0 May 12 10:21 primes
>>   1 -rwxrwxrwx    1 Administ None          386 May  9 12:44 profile
>>   0 drwxrwxrwx    2 Administ None            0 May  9 12:42 profile.d
>>  16 drwxrwxrwx    2 Administ None        16384 May  9 12:43 setup
>>   1 -rw-rw-rw-    1 Administ Administ      955 May  9 12:45 ssh_config
>>   1 -rw-------    1 SYSTEM   SYSTEM        668 May  9 12:45 
>>ssh_host_dsa_key
>>   1 -rw-r--r--    1 Administ Administ      612 May  9 12:45 
>>ssh_host_dsa_key.pub
>>   1 -rw-------    1 SYSTEM   SYSTEM        537 May  9 12:44 ssh_host_key
>>   1 -rw-r--r--    1 Administ Administ      341 May  9 12:44 
>>ssh_host_key.pub
>>   1 -rw-------    1 SYSTEM   SYSTEM        887 May  9 12:45 
>>ssh_host_rsa_key
>>   1 -rw-r--r--    1 Administ Administ      232 May  9 12:45 
>>ssh_host_rsa_key.pub
>>   2 -rw-rw-rw-    1 Administ Administ     1562 May 12 10:22 sshd_config
>>  13 -rwxrwxrwx    1 Administ None        12306 Apr  3 17:11 termcap
>>
>>The ssh_host*_key files have 0600 permissions and the logs are 
>>incorrect. I have tried to change the owner of these files to 
>>Administrator and run the service in the command line (as Administrator):
>>$ /usr/sbin/sshd -D
>>
>>The command succeeds but when I try to login, passwords doesn't match (I 
>>suppose that sshd has to be run as SYSTEM account to authenticate 
>>users). How can I solve this problem?
>>
>>Windows 2000 acls shows that /etc/ssh_host*_key has the Everyone user 
>>but no permissions with it. Can be this problem? I can't remove the 
>>'Everyone' user of the acl because the owner is SYSTEM and I would be 
>>changing the ownership of the files... What should I do?
>>
>>CYGWIN is set to "ntsec tty". Any thanks in advance.
>>
>>
>>Zeus Gómez.
>>
>>
>>--
>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>Bug reporting:         http://cygwin.com/bugs.html
>>Documentation:         http://cygwin.com/docs.html
>>FAQ:                   http://cygwin.com/faq/
>>
>



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Problem with SSHD

[Prentis Brooks]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 5558 bytes --]

Just a quick question, is CYGWIN sent globally in your environment.  I
have seen this problem when CYGWIN is not in SYSTEM's environment with
ntsec enabled.  Probably not your problem, but at least something to
verify.


On Mon, 13 May 2002, Zeus [ISO-8859-1] Gómez Marmolejo wrote:

> Hi all,
> 
> I've searched all the historical messages of the list but I haven't find 
> any solution to my problem. Any help would be appreciated. I've 
> installed cygwin sshd in a W2k server box but I can't manage to start 
> it. When I run it as a service, I get the following error:
> 
> $ cygrunsrv -S sshd
> cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
> The service has not been started.
> 
> Viewing the logs, there's a couple of errors:
> $ cat /var/log/sshd.log
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_rsa_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_rsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_dsa_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_dsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
> 
> But, in this case when I do an ls of the /etc/ directory I get the 
> following:
> $ ls -las /etc
> total 139
>    4 drwxrwxrwx    5 Administ None         4096 May 12 10:22 .
>    4 drwxrwxrwx   10 Administ None         4096 May  9 12:44 ..
>    1 -rwxrwxrwx    1 Administ None          280 May  9 12:44 group
>   86 -rwxrwxrwx    1 Administ None        88039 Mar  7 16:50 moduli
>    1 -rwxrwxrwx    1 Administ None          966 May 12 10:09 passwd
>    4 drwxrwxrwx    2 Administ None         4096 May  9 12:44 postinstall
>    0 -rw-r--r--    1 Administ None            0 May 12 10:21 primes
>    1 -rwxrwxrwx    1 Administ None          386 May  9 12:44 profile
>    0 drwxrwxrwx    2 Administ None            0 May  9 12:42 profile.d
>   16 drwxrwxrwx    2 Administ None        16384 May  9 12:43 setup
>    1 -rw-rw-rw-    1 Administ Administ      955 May  9 12:45 ssh_config
>    1 -rw-------    1 SYSTEM   SYSTEM        668 May  9 12:45 
> ssh_host_dsa_key
>    1 -rw-r--r--    1 Administ Administ      612 May  9 12:45 
> ssh_host_dsa_key.pub
>    1 -rw-------    1 SYSTEM   SYSTEM        537 May  9 12:44 ssh_host_key
>    1 -rw-r--r--    1 Administ Administ      341 May  9 12:44 
> ssh_host_key.pub
>    1 -rw-------    1 SYSTEM   SYSTEM        887 May  9 12:45 
> ssh_host_rsa_key
>    1 -rw-r--r--    1 Administ Administ      232 May  9 12:45 
> ssh_host_rsa_key.pub
>    2 -rw-rw-rw-    1 Administ Administ     1562 May 12 10:22 sshd_config
>   13 -rwxrwxrwx    1 Administ None        12306 Apr  3 17:11 termcap
> 
> The ssh_host*_key files have 0600 permissions and the logs are 
> incorrect. I have tried to change the owner of these files to 
> Administrator and run the service in the command line (as Administrator):
> $ /usr/sbin/sshd -D
> 
> The command succeeds but when I try to login, passwords doesn't match (I 
> suppose that sshd has to be run as SYSTEM account to authenticate 
> users). How can I solve this problem?
> 
> Windows 2000 acls shows that /etc/ssh_host*_key has the Everyone user 
> but no permissions with it. Can be this problem? I can't remove the 
> 'Everyone' user of the acl because the owner is SYSTEM and I would be 
> changing the ownership of the files... What should I do?
> 
> CYGWIN is set to "ntsec tty". Any thanks in advance.
> 
> 
> Zeus Gómez.
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

-- 
Prentis Brooks	| prentis@aol.net | 703-265-0914 | AIM: PrentisBrooks
Senior System Administrator - Web Infrastructure & Security

       A knight is sworn to valor.  His heart knows only virtue.  His blade
       defends the helpless.  His word speaks only truth.  His wrath undoes
       the wicked. - the old code of Bowen, last of the dragonslayers



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Problem with SSHD

[Zeus Gómez Marmolejo]

Hi all,

I've searched all the historical messages of the list but I haven't find 
any solution to my problem. Any help would be appreciated. I've 
installed cygwin sshd in a W2k server box but I can't manage to start 
it. When I run it as a service, I get the following error:

$ cygrunsrv -S sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.

Viewing the logs, there's a couple of errors:
$ cat /var/log/sshd.log
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_dsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

But, in this case when I do an ls of the /etc/ directory I get the 
following:
$ ls -las /etc
total 139
   4 drwxrwxrwx    5 Administ None         4096 May 12 10:22 .
   4 drwxrwxrwx   10 Administ None         4096 May  9 12:44 ..
   1 -rwxrwxrwx    1 Administ None          280 May  9 12:44 group
  86 -rwxrwxrwx    1 Administ None        88039 Mar  7 16:50 moduli
   1 -rwxrwxrwx    1 Administ None          966 May 12 10:09 passwd
   4 drwxrwxrwx    2 Administ None         4096 May  9 12:44 postinstall
   0 -rw-r--r--    1 Administ None            0 May 12 10:21 primes
   1 -rwxrwxrwx    1 Administ None          386 May  9 12:44 profile
   0 drwxrwxrwx    2 Administ None            0 May  9 12:42 profile.d
  16 drwxrwxrwx    2 Administ None        16384 May  9 12:43 setup
   1 -rw-rw-rw-    1 Administ Administ      955 May  9 12:45 ssh_config
   1 -rw-------    1 SYSTEM   SYSTEM        668 May  9 12:45 
ssh_host_dsa_key
   1 -rw-r--r--    1 Administ Administ      612 May  9 12:45 
ssh_host_dsa_key.pub
   1 -rw-------    1 SYSTEM   SYSTEM        537 May  9 12:44 ssh_host_key
   1 -rw-r--r--    1 Administ Administ      341 May  9 12:44 
ssh_host_key.pub
   1 -rw-------    1 SYSTEM   SYSTEM        887 May  9 12:45 
ssh_host_rsa_key
   1 -rw-r--r--    1 Administ Administ      232 May  9 12:45 
ssh_host_rsa_key.pub
   2 -rw-rw-rw-    1 Administ Administ     1562 May 12 10:22 sshd_config
  13 -rwxrwxrwx    1 Administ None        12306 Apr  3 17:11 termcap

The ssh_host*_key files have 0600 permissions and the logs are 
incorrect. I have tried to change the owner of these files to 
Administrator and run the service in the command line (as Administrator):
$ /usr/sbin/sshd -D

The command succeeds but when I try to login, passwords doesn't match (I 
suppose that sshd has to be run as SYSTEM account to authenticate 
users). How can I solve this problem?

Windows 2000 acls shows that /etc/ssh_host*_key has the Everyone user 
but no permissions with it. Can be this problem? I can't remove the 
'Everyone' user of the acl because the owner is SYSTEM and I would be 
changing the ownership of the files... What should I do?

CYGWIN is set to "ntsec tty". Any thanks in advance.


Zeus Gómez.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/