Re: How to create root account to own /var/empty for ssh?

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: L A Walsh <cygwin@tlinx.org>
To: cygwin@cygwin.com
Subject: Re: How to create root account to own /var/empty for ssh?
Date: Sun, 16 Apr 2017 07:55:00 -0000	[thread overview]
Message-ID: <58F2918D.2020703@tlinx.org> (raw)
In-Reply-To: <93276a4b-b80f-b39d-ea16-4975a080c9a3@gmail.com>

Marco Atzeri wrote:
>
>>
>> How am I supposed to make ssh happy?
>>
>> Thanks!
>> -l
>>
>
> user separation ?
>
> $ ls -ld /var/empty
> drwxr-xr-x+ 1 cyg_server Administrators 0 Jan  7  2015 /var/empty

Um, could elaborate?  I mean do I just create a user called
cyg_server, and that makes it sshd happy?  Or how is user
separation different than having root own the directory?

Also, is it the same separation mentioned in this
deprecation message?:

>  /sbin/sshd
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
/var/empty must be owned by root and not group or world-writable.

...or has the option been renamed?  FWIW -- this *used* to work on my
machine until the upgrade.

Thanks again!

p.s. -- BTW, found this amusing: the old 'sshd' works still
works and picks up the newer openssl lib::

New sshd:
/sbin> /sbin/sshd -v
sshd: unknown option -- v
OpenSSH_7.5p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin> /sbin/sshd  -4
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
Could not load host key: /etc/ssh_host_ed25519_key
/var/empty must be owned by root and not group or world-writable.
/sbin/

Old sshd:
/sbin.o> ./sshd --version
sshd: unknown option -- -
OpenSSH_6.6.1p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin.o> /sbin.o/sshd  -4   
Could not load host key: /etc/ssh_host_ed25519_key
/sbin.o> (works)

---------
Wasn't user-separation in 6.6?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2017-04-15 21:33 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-15 21:33 L A Walsh
2017-04-15 22:07 ` Marco Atzeri
2017-04-16  7:55   ` L A Walsh [this message]
2017-04-16 11:37     ` Marco Atzeri
2017-04-17 16:05       ` L A Walsh
2017-04-18 10:33         ` Andrey Repin
2017-04-19  2:30 ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=58F2918D.2020703@tlinx.org \
    --to=cygwin@tlinx.org \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).