From: L A Walsh <cygwin@tlinx.org>
To: cygwin@cygwin.com
Subject: Re: How to create root account to own /var/empty for ssh?
Date: Sun, 16 Apr 2017 07:55:00 -0000 [thread overview]
Message-ID: <58F2918D.2020703@tlinx.org> (raw)
In-Reply-To: <93276a4b-b80f-b39d-ea16-4975a080c9a3@gmail.com>
Marco Atzeri wrote:
>
>>
>> How am I supposed to make ssh happy?
>>
>> Thanks!
>> -l
>>
>
> user separation ?
>
> $ ls -ld /var/empty
> drwxr-xr-x+ 1 cyg_server Administrators 0 Jan 7 2015 /var/empty
Um, could elaborate? I mean do I just create a user called
cyg_server, and that makes it sshd happy? Or how is user
separation different than having root own the directory?
Also, is it the same separation mentioned in this
deprecation message?:
> /sbin/sshd
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
/var/empty must be owned by root and not group or world-writable.
...or has the option been renamed? FWIW -- this *used* to work on my
machine until the upgrade.
Thanks again!
p.s. -- BTW, found this amusing: the old 'sshd' works still
works and picks up the newer openssl lib::
New sshd:
/sbin> /sbin/sshd -v
sshd: unknown option -- v
OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017
/sbin> /sbin/sshd -4
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
Could not load host key: /etc/ssh_host_ed25519_key
/var/empty must be owned by root and not group or world-writable.
/sbin/
Old sshd:
/sbin.o> ./sshd --version
sshd: unknown option -- -
OpenSSH_6.6.1p1, OpenSSL 1.0.2k 26 Jan 2017
/sbin.o> /sbin.o/sshd -4
Could not load host key: /etc/ssh_host_ed25519_key
/sbin.o> (works)
---------
Wasn't user-separation in 6.6?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2017-04-15 21:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-15 21:33 L A Walsh
2017-04-15 22:07 ` Marco Atzeri
2017-04-16 7:55 ` L A Walsh [this message]
2017-04-16 11:37 ` Marco Atzeri
2017-04-17 16:05 ` L A Walsh
2017-04-18 10:33 ` Andrey Repin
2017-04-19 2:30 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58F2918D.2020703@tlinx.org \
--to=cygwin@tlinx.org \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).