From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28307 invoked by alias); 3 Sep 2003 01:07:30 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 28272 invoked from network); 3 Sep 2003 01:07:28 -0000 Received: from unknown (HELO ns2.prospeed.net) (12.46.111.140) by sources.redhat.com with SMTP; 3 Sep 2003 01:07:28 -0000 Received: from enterprise-e.cygwin.com ([12.46.110.44]) by ns2.prospeed.net (8.12.8/8.12.8) with ESMTP id h831Chkn031209; Tue, 2 Sep 2003 21:12:44 -0400 Reply-To: Cygwin List Message-Id: <5.1.0.14.0.20030902210000.04675b88@127.0.0.1> X-Sender: Date: Wed, 03 Sep 2003 01:07:00 -0000 To: "Dan Adams" , "'Cygwin List'" From: Larry Hall Subject: RE: sshd setup question In-Reply-To: <003d01c371b6$401c5110$3c00000a@daninfochi> References: <5.1.0.14.0.20030902203138.01f172c0@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-SW-Source: 2003-09/txt/msg00174.txt.bz2 Don't use "root" (I know it mentioned it). Use "SYSTEM". If that doesn't work, send the output of 'getfacl /var/empty'. BTW, you don't need to reply to my address (it's faked anyway). I've redirected all response to me to the list so I'll get it regardless. Larry At 08:56 PM 9/2/2003, Dan Adams you wrote: >Larry, > I have attached those two files. Here is a transcript of my attempt >to set the permissions along with a 'ls -l' command done in the /var >directory. > >--- >dan@dan-infochi ~>cd /var >dan@dan-infochi /var>ls -l >total 0 >drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache >drwxr-xr-x+ 2 dan None 0 Sep 1 14:32 empty >drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log >drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run >drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp >dan@dan-infochi /var>chmod 744 empty >dan@dan-infochi /var>ls -l >total 0 >drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache >drwxr--r--+ 2 dan None 0 Sep 1 14:32 empty >drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log >drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run >drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp >dan@dan-infochi /var>chown root empty >chown: `root': invalid user >dan@dan-infochi /var>ls -l >total 0 >drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache >drwxr--r--+ 2 dan None 0 Sep 1 14:32 empty >drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log >drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run >drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp >----- >Then as before I get >----- >dan@dan-infochi /bin>cygrunsrv -S sshd >cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: >The service has not been started. >----- > >Dan Adams - dan@infochi.com >http://www.infochi.com > > > >-----Original Message----- >From: Larry Hall [mailto:cygwin-lh@cygwin.com] >Sent: Tuesday, September 02, 2003 5:35 PM >To: Dan Adams; cygwin@cygwin.com >Subject: Re: sshd setup question > > >Again, please attach your '/etc/passwd' and '/etc/group' files and show a >transcript of your attempt to set /var/empty persmissions along with the >output from 'ls -l /var'. > >Larry > > >At 11:43 PM 9/1/2003, Dan Adams you wrote: >>I followed both of those suggestions. I retried that script and it >>seems to generate the key files each time it is run now. As far as that >>mySQL thing, I renamed that dll file and will use another program >>temporarily, until I can figure this thing out. >> >>Once I did those two things, I still see an error that looks the same, >>although the contents of the sshd.log file is now: >> /var/empty must be owned by root and not group or world-writable. >> >>My main trouble with this is that I seem to be having trouble getting >>the permissions for that directory like it says, I can get it chmod'ed >>to 744 easily, but I can't seem to get its ownership to root or system >>either one. I am using a windows 2000 machine, although that may have >>been in my cygcheck file that I sent. Does anyone have a suggestion on >>how to get this permission thing set. >> >>Dan >> >> >>"Larry Hall" wrote in message >>news:5.1.0.14.0.20030901223001.01f810c8@127.0.0.1... >>> ssh-host-config creates /etc/ssh_host_key*. >>> >>> From your cygcheck output: >>> >>> 653k 2003/07/22 C:\Program Files\mysql\bin\cygwinb19.dll - os=4.0 >>img=1.0 sys=4.0 >>> "cygwinb19.dll" v0.0 ts=1998/7/15 18:50 >>> >>> This will is trouble waiting to happen. Get rid of this DLL and >>> update mysql as required. >>> >>> Larry >>> >>> >>> At 10:25 PM 9/1/2003, Dan Adams you wrote: >>> >>> >>> >>> >I am guessing this questioning might shift a little with my latest >>finding. >>> >Also, I have attached the cygcheck file thing that was requested at >>> >that website. >>> > >>> >My latest finding is: >>> >Could not load host key: /etc/ssh_host_key >>> >Could not load host key: /etc/ssh_host_rsa_key >>> >Could not load host key: /etc/ssh_host_dsa_key >>> >Disabling protocol version 1. Could not load host key Disabling >>> >protocol version 2. Could not load host key >>> > >>> >I found this when looking in the sshd.log file that is in that >>> >directory. Relating to the permissions that that gentleman mentioned >>> >in his post on this list, those directories (this may not be good >>> >though) have the permissions for the system account. Is there >>> >anything that speaks about >>how >>> >to create these keys? >>> > >>> >Dan >>> > >>> >"Larry Hall" wrote in message >>> >news:5.1.0.14.0.20030901214533.01f6a988@127.0.0.1... >>> >> OK, I'm not sure my efforts are paying off here. I'd recommend >>> >> again >>that >>> >> you visit . It's hard to figure >>things >>> >> without a basis of information. However, you'll probably find >>> >> looking in the email archives helpful. For instance, I found this >>> >> with a >>simple >>> >> search: >>> >> >>> >> >>> >> >>> >> Seems to describe your situation to a tee, complete with solution. >>Just >>> >> one more reason not to use tech.erdelynet.com. Seems your problem >>> >> is a common one when following the directions at this site. >>> >> >>> >> If this doesn't solve your problem, I suggest uninstalling ssh and >>> >> reinstalling. Then, stay away from tech.erdelynet.com and just >>> >> set things up as the Cygwin doc suggests. Otherwise, bug >>tech.erdelynet.com >>> >> about it if you insist on using their advice. >>> >> >>> >> Larry >>> >> >>> >> >>> >> At 09:40 PM 9/1/2003, Dan Adams you wrote: >>> >> >The error it gives me when I try to start the service, after >>> >> >using the ssh-host-config command to make the service, and using >>> >> >the >>cygrunsrv -S >>> >sshd >>> >> >command is: >>> >> >cygrunsrv: Error starting a service: QueryServiceStatus: Win32 >>> >> >error >>> >1062: >>> >> >The service has not been started. >>> >> >I am not sure if this will help at all, but I figured it might. >>> >> > >>> >> > >>> >> >-- >>> >> >Dan Adams - dan@infochi.com >>> >> >http://www.infochi.com >>> >> > >>> >> > >>> >> >"Dan Adams" wrote in message >>> >> >news:bj0ruq$thn$1@sea.gmane.org... >>> >> >> You mentioned that it is not reaching the server through ssh, >>> >> >> is >>there >>> >any >>> >> >> way I can find out where the problem occurs at? I am using a >>> >> >> command >>> >line >>> >> >of >>> >> >> : >>> >> >> ssh -p 422 localhost >>> >> >> to do this, I am not sure where in the networking the problem >>> >> >> might >>lie >>> >> >at, >>> >> >> is there any way that I can find out, or assist you in finding >>> >> >> out? >>> >> >> >>> >> >> The reason I was trying it with inetd, partly because it >>> >> >> mentioned >>it >>> >on >>> >> >the >>> >> >> website of yours, is because I have it working correctly for a >>couple >>> >of >>> >> >> other services that are part of cygwin. >>> >> >> >>> >> >> One discrepancy I found between the website and the >>> >> >> ssh-host-config >>> >file >>> >> >> that was installed on my machine is >>> >> >> file: >>> >> >> chown system.system /var/empty >>> >> >> website >>> >> >> chown system:system /var/empty >>> >> >> >>> >> >> How should this be? If you notice the website has a colon on >>> >> >> that >>line, >>> >> >the >>> >> >> file has a period on that line. >>> >> >> >>> >> >> The website I am referring to is: >>> >> >http://tech.erdelynet.com/cygwin-sshd.html >>> >> >> >>> >> >> -- >>> >> >> Dan Adams - dan@infochi.com >>> >> >> http://www.infochi.com >>> >> >> >>> >> >> >>> >> >> "Larry Hall" wrote in message >>> >> >> news:5.1.0.14.0.20030901200938.01f7e0c0@127.0.0.1... >>> >> >> > You're not reaching the server. The read of the basic >>> >> >> > version >>> >> >> identification >>> >> >> > is failing. If the client and the server can't understand >>> >> >> > what >>> >version >>> >> >of >>> >> >> > ssh is running on either end, they don't talk. So you're not >>> >reaching >>> >> >the >>> >> >> > server through ssh. >>> >> >> > >>> >> >> > Sorry I don't know much about setting up ssh under inetd. Is >>there a >>> >> >> reason >>> >> >> > not to set it up as the documentation suggests? I can vouch >>> >> >> > for >>> >things >>> >> >> > working that way. >>> >> >> > >>> >> >> > Larry >>> >> >> > >>> >> >> > >>> >> >> > At 06:38 PM 9/1/2003, Dan Adams you wrote: >>> >> >> > >Thanks for the comment about cygrunsrv and the method of >>> >> >> > >removing >>> >> >service >>> >> >> > >from win2k That worked well >>> >> >> > > >>> >> >> > >Since I have inetd working well. I have a telnet server and >>> >> >> > >also >>a >>> >FTP >>> >> >> > >server, but neither is available outside of my firewall. I >>thought >>> >that >>> >> >I >>> >> >> > >would try and see if I could use the sshd server that I just >>setup >>> >via >>> >> >> the >>> >> >> > >inetd thing. When I did this, I got an error message of: >>> >> >> > > >>> >> >> > >ssh_exchange_identification: read: Connection reset by peer >>> >> >> > > >>> >> >> > >What would this mean? This is the only error message that I >>> >> >> > >have >>> >been >>> >> >> > >getting from the ssh deamon when I try and connect, and even >>before >>> >I >>> >> >ran >>> >> >> > >that setup script. >>> >> >> > > >>> >> >> > >Dan Adams - dan@infochi.com >>> >> >> > >http://www.infochi.com >>> >> >> > > >>> >> >> > > >>> >> >> > >"Larry Hall" wrote in message >>> >> >> > >news:5.1.0.14.0.20030901180444.01f69c90@127.0.0.1... >>> >> >> > >> OK, visit and provide >>> >> >> > >> the >>> >requested >>> >> >> > >info. >>> >> >> > >> Also, send along (attached too) your /etc/passwd and >>> >> >> > >> /etc/group >>> >> >files. >>> >> >> > >The >>> >> >> > >> actual transcript of your attempt to run chown would be >>> >> >> > >> helpful >>> >too. >>> >> >> > >> >>> >> >> > >> cygrunsrv -E followed by cygrunsrv -R >>> >> >> > >> >> >name> >>> >> >> will >>> >> >> > >> stop and remove a service. >>> >> >> > >> >>> >> >> > >> Larry >>> >> >> > >> >>> >> >> > >> >>> >> >> > >> At 06:04 PM 9/1/2003, Dan Adams you wrote: >>> >> >> > >> >I tried the directions at the site, and when it did the >>> >> >> > >> >chown >>> >> >> > >system.system >>> >> >> > >> >/var/empty command. It errors out, saying that the user >>> >> >> > >> >is >>> >unknown. >>> >> >It >>> >> >> > >seems >>> >> >> > >> >to not want to start the service after that point. Any >>> >> >> > >> >more >>> >> >> suggestions. >>> >> >> > >> >Also does anyone know how to remove a service from the >>> >> >> > >> >listong >>in >>> >> >> Win2k >>> >> >> > >once >>> >> >> > >> >it is no longer desired. I am hoping to change from >>> >> >> > >> >telnet/ftp >>to >>> >> >ssh >>> >> >> > >access >>> >> >> > >> >which means I would be able to get rid of the service of >>> >> >> > >> >inetd >>> >that >>> >> >is >>> >> >> in >>> >> >> > >my >>> >> >> > >> >win2k control panel thing. >>> >> >> > >> > >>> >> >> > >> >Dan Adams - dan@infochi.com http://www.infochi.com >>> >> >> > >> > >>> >> >> > >> > >>> >> >> > >> >"Larry Hall" wrote in message >>> >> >> > >> >news:5.1.0.14.0.20030901172200.01f49928@127.0.0.1... >>> >> >> > >> >> At 05:28 PM 9/1/2003, Krzysztof Duleba you wrote: >>> >> >> > >> >> >Dan Adams" wrote >>> >> >> > >> >> > >>> >> >> > >> >> >> Does anyone know if there is either a script that >>> >> >> > >> >> >> will >>> >automate >>> >> >> the >>> >> >> > >> >> >process >>> >> >> > >> >> >> of setting up an ssh server? Or is there a tutorial >>> >> >> > >> >> >> setup >>> >page? >>> >> >> > >> >> > >>> >> >> > >> >> >http://tech.erdelynet.com/cygwin-sshd.html >>> >> >> > >> >> >>> >> >> > >> >> >>> >> >> > >> >> And please follow-up with any questions generated from >>> >following >>> >> >the >>> >> >> > >> >> directions at this site with tech.erdelynet.com. The >>supported >>> >> >> > >> >information >>> >> >> > >> >> for setting up Cygwin's OpenSSH distribution is >>> >> >> > >> >> /usr/doc/Cygwin/openssh-*.README. It's the only source >>> >> >> > >> >> of >>> >> >> information >>> >> >> > >> >this >>> >> >> > >> >> list will entertain questions about. >>> >> >> > >> >> >>> >> >> > >> >> Thanks, >>> >> >> > >> >> >>> >> >> > >> >> >>> >> >> > >> >> Larry Hall http://www.rfk.com >>> >> >> > >> >> RFK Partners, Inc. (508) 893-9779 - >RFK >>> >> >Office >>> >> >> > >> >> 838 Washington Street (508) 893-9889 - >FAX >>> >> >> > >> >> Holliston, MA 01746 >>> >> >> > >> >> >>> >> >> > >> >> >>> >> >> > >> > >>> >> >> > >> > >>> >> >> > >> > >>> >> >> > >> > >>> >> >> > >> >-- >>> >> >> > >> >Unsubscribe info: >>http://cygwin.com/ml/#unsubscribe-simple >>> >> >> > >> >Problem reports: http://cygwin.com/problems.html >>> >> >> > >> >Documentation: http://cygwin.com/docs.html >>> >> >> > >> >FAQ: http://cygwin.com/faq/ >>> >> >> > >> >>> >> >> > >> >>> >> >> > > >>> >> >> > > >>> >> >> > > >>> >> >> > > >>> >> >> > >-- >>> >> >> > >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>> >> >> > >Problem reports: http://cygwin.com/problems.html >>> >> >> > >Documentation: http://cygwin.com/docs.html >>> >> >> > >FAQ: http://cygwin.com/faq/ >>> >> >> > >>> >> >> > -- >>> >> >> > Larry Hall http://www.rfk.com >>> >> >> > RFK Partners, Inc. (508) 893-9779 - RFK >>Office >>> >> >> > 838 Washington Street (508) 893-9889 - FAX >>> >> >> > Holliston, MA 01746 >>> >> >> > >>> >> >> > >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> > >>> >> > >>> >> > >>> >> > >>> >> >-- >>> >> >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>> >> >Problem reports: http://cygwin.com/problems.html >>> >> >Documentation: http://cygwin.com/docs.html >>> >> >FAQ: http://cygwin.com/faq/ >>> >> >>> >> >>> > >>> > >>> > >>> > >>> > >>> > >>> >-- >>> >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>> >Problem reports: http://cygwin.com/problems.html >>> >Documentation: http://cygwin.com/docs.html >>> >FAQ: http://cygwin.com/faq/ >>> >>> -- >>> Larry Hall http://www.rfk.com >>> RFK Partners, Inc. (508) 893-9779 - RFK Office >>> 838 Washington Street (508) 893-9889 - FAX >>> Holliston, MA 01746 >>> >>> >> >> >> >> >>-- >>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>Problem reports: http://cygwin.com/problems.html >>Documentation: http://cygwin.com/docs.html >>FAQ: http://cygwin.com/faq/ > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/