From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14385 invoked by alias); 3 May 2004 21:50:16 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 14377 invoked from network); 3 May 2004 21:50:15 -0000 Received: from unknown (HELO mailgw2.sdsu.edu) (130.191.100.16) by sources.redhat.com with SMTP; 3 May 2004 21:50:15 -0000 Received: from mail.sdsu.edu (mail.sdsu.edu [130.191.100.10]) by mailgw2.sdsu.edu (8.12.10/8.12.10) with ESMTP id i43Lo6LB022927 for ; Mon, 3 May 2004 14:50:07 -0700 (PDT) Received: from WIDGET.sdsu.edu (widget.sdsu.edu [130.191.107.35]) by mail.sdsu.edu (8.11.7/8.11.7) with ESMTP id i43Lo6I23431 for ; Mon, 3 May 2004 14:50:06 -0700 (PDT) Message-Id: <6.0.3.0.2.20040503144204.05e5d818@mail.sdsu.edu> Date: Mon, 03 May 2004 21:50:00 -0000 To: Cygwin List From: Stephen Treger Subject: Windows 2003 and sshd In-Reply-To: <6.1.0.6.0.20040503112607.03090a50@127.0.0.1> References: <200405031601.12828.mauro.migliorati@uniroma1.it> <6.1.0.6.0.20040503112607.03090a50@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-MailScanner-Information: http://security.sdsu.edu/ X-TNS-MailScanner: Found to be clean (mailgw2) X-MailScanner-SpamCheck: X-IsSubscribed: yes X-SW-Source: 2004-05/txt/msg00070.txt.bz2 Hello, I had a RedHat box, the sole purpose was to be the intermediate between a secure host and public for moving data files in/out. Obviously this was done solely upon ssh (scp/sftp). For numerous reasons we decided to reconfigure as Windows 2003 Server with CygWin and openssh. I took a XP workstation, loaded CygWin with the required openssh and openssl components, populated the passwd and group files from our AD using the -d options on mkpasswd and mkgroup respectively and then installed sshd as a service. It was the coolest thing, I would ssh in as a user listed in the passwd file, but never having logged into the box before, and it automatically created a home directory and populated it with the skeleton files. First login produced some warnings, but after that the directory was set up properly and everything worked. So I duplicate on the Windows 2003 box. Hmm, if I don't create the home directories manually users are instantly rejected. Some users out there claimed I must run a script (fixperms.sh) for it all to work properly and securely; I did and now am worse off than before. I get errors reprting no rights to the shell (though the user does have rx to the various shells). So I thought I would start over with CygWin on the 2003 box, but when I deleted and reinstalled all the weird permissions still existed. Anybody got a really good HOW-TO on this? I need multiple users to have their own secure home directories, a couple of additional logins that are in a "admin" group and can control those directories. If I need to jail them, how do you do that under cygwin and is it feasible? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/