Further joys in the realm of sshd...

Further joys in the realm of sshd...

[Prentis Brooks]

And here I thought I had it licked.   Ok, I have a series of 3 user types.

first user -> Master User, used for executing automated scripts, needs
shosts authentication

second user -> Standard Users, shell access to host, password authentication

third user -> Special Guest, shell access, but only read in certain
directories, needs shosts/RSA authentication


My current configuration seems to work for users one and two, no problem
since sshd is run from inetd as the first user with two separate config
files, one for RSA on one port and the second for password on another.

Now to accomplish the third requirement, I need to run sshd on a third port
as that user.  The problem I am encountering is that sshd dies with the
following error:

sshd: no RSA support in libssl and libcrypto -- exiting.  See ssl(8)

I can't find the ssl(8) reference.  The command I am using to get this is:

sshd -p 29 -d

and I do that as the third user, if I execute it as my user (a Domain Admin)
it works... I also tried making the third user a Domain admin to see if it
made a diff, it doesn't.  Any ideas as to why that user can't find the
correct libs when another can.  (NOTE: with exception of home directory,
files are owned by master user and group Domain Users, of which users 2 and
3 are members and since user 2 <> user 1, then it should not be an ownership
problem.)  Also, one other key diff between users 1, 2, and 3 is that of the
3 only #3 does not have the rights to become another user.  But as long as I
am not doing password authentication, he shouldn't need it, right?

Prentis


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: Further joys in the realm of sshd...

[Prentis Brooks]

Even more information:

an strace reveals the following error:

sshd 2039 reg_key:build_reg: failed to create key Cygnus Solutions in the
registry


Ok, now I am confused, everyuser has the ability to modify their registry
hive, is this trying to modify something in the machine hive?  And if so,
why?  Do I have to give this user rights to the hives, if so, which?  Please
don't tell me all.


Prentis

-----Original Message-----
From: cygwin-owner@sourceware.cygnus.com
[ mailto:cygwin-owner@sourceware.cygnus.com]On Behalf Of Prentis Brooks
Sent: Friday, May 26, 2000 10:28 AM
To: Cygwin
Subject: Further joys in the realm of sshd...


And here I thought I had it licked.   Ok, I have a series of 3 user types.

first user -> Master User, used for executing automated scripts, needs
shosts authentication

second user -> Standard Users, shell access to host, password authentication

third user -> Special Guest, shell access, but only read in certain
directories, needs shosts/RSA authentication


My current configuration seems to work for users one and two, no problem
since sshd is run from inetd as the first user with two separate config
files, one for RSA on one port and the second for password on another.

Now to accomplish the third requirement, I need to run sshd on a third port
as that user.  The problem I am encountering is that sshd dies with the
following error:

sshd: no RSA support in libssl and libcrypto -- exiting.  See ssl(8)

I can't find the ssl(8) reference.  The command I am using to get this is:

sshd -p 29 -d

and I do that as the third user, if I execute it as my user (a Domain Admin)
it works... I also tried making the third user a Domain admin to see if it
made a diff, it doesn't.  Any ideas as to why that user can't find the
correct libs when another can.  (NOTE: with exception of home directory,
files are owned by master user and group Domain Users, of which users 2 and
3 are members and since user 2 <> user 1, then it should not be an ownership
problem.)  Also, one other key diff between users 1, 2, and 3 is that of the
3 only #3 does not have the rights to become another user.  But as long as I
am not doing password authentication, he shouldn't need it, right?

Prentis


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: Further joys in the realm of sshd...

[Prentis Brooks]

Just had a thought, testing it, but firing this off to let you all know...
do I need to login to each system on the console with any user I want to run
sshd?  failure seems to be related to environment.

-----Original Message-----
From: cygwin-owner@sourceware.cygnus.com
[ mailto:cygwin-owner@sourceware.cygnus.com]On Behalf Of Prentis Brooks
Sent: Friday, May 26, 2000 11:19 AM
To: Cygwin
Subject: RE: Further joys in the realm of sshd...


Even more information:

an strace reveals the following error:

sshd 2039 reg_key:build_reg: failed to create key Cygnus Solutions in the
registry


Ok, now I am confused, everyuser has the ability to modify their registry
hive, is this trying to modify something in the machine hive?  And if so,
why?  Do I have to give this user rights to the hives, if so, which?  Please
don't tell me all.


Prentis

-----Original Message-----
From: cygwin-owner@sourceware.cygnus.com
[ mailto:cygwin-owner@sourceware.cygnus.com]On Behalf Of Prentis Brooks
Sent: Friday, May 26, 2000 10:28 AM
To: Cygwin
Subject: Further joys in the realm of sshd...


And here I thought I had it licked.   Ok, I have a series of 3 user types.

first user -> Master User, used for executing automated scripts, needs
shosts authentication

second user -> Standard Users, shell access to host, password authentication

third user -> Special Guest, shell access, but only read in certain
directories, needs shosts/RSA authentication


My current configuration seems to work for users one and two, no problem
since sshd is run from inetd as the first user with two separate config
files, one for RSA on one port and the second for password on another.

Now to accomplish the third requirement, I need to run sshd on a third port
as that user.  The problem I am encountering is that sshd dies with the
following error:

sshd: no RSA support in libssl and libcrypto -- exiting.  See ssl(8)

I can't find the ssl(8) reference.  The command I am using to get this is:

sshd -p 29 -d

and I do that as the third user, if I execute it as my user (a Domain Admin)
it works... I also tried making the third user a Domain admin to see if it
made a diff, it doesn't.  Any ideas as to why that user can't find the
correct libs when another can.  (NOTE: with exception of home directory,
files are owned by master user and group Domain Users, of which users 2 and
3 are members and since user 2 <> user 1, then it should not be an ownership
problem.)  Also, one other key diff between users 1, 2, and 3 is that of the
3 only #3 does not have the rights to become another user.  But as long as I
am not doing password authentication, he shouldn't need it, right?

Prentis


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: Further joys in the realm of sshd...

[Corinna Vinschen]

Prentis Brooks wrote:
> [...]
> Now to accomplish the third requirement, I need to run sshd on a third port
> as that user.  The problem I am encountering is that sshd dies with the
> following error:
> 
> sshd: no RSA support in libssl and libcrypto -- exiting.  See ssl(8)
> 
> I can't find the ssl(8) reference.  The command I am using to get this is:

If one didn't log on via normal workstation login to the 
machine, his/her user hive isn't loaded to the registry.
The current implementation of /dev/random calls the Crypto
API so that a user specific key container is used. This
fails if the user hive isn't loaded.

To get rid of that problem, the Crypto API provides a
mechanism to use a so called `machine keyset'. I have
just patched the /dev/random implementation to use that
machine keyset instead of the user specific keyset.

That will be part of the next developer snapshot and
of the next net release.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com