Re: Cygwin sshd doesn't use domain user names on boot up

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Chris Wilson <chwilso3@cisco.com>
To: cygwin@cygwin.com
Subject: Re: Cygwin sshd doesn't use domain user names on boot up
Date: Fri, 08 Dec 2017 08:58:00 -0000	[thread overview]
Message-ID: <67d32ed9-cc36-026c-48dd-730b63417f9b@cisco.com> (raw)
In-Reply-To: <6a47b6c6-032a-37d0-fe56-2ae21e6a5a68@SystematicSw.ab.ca>

On 12/5/17 12:17 PM, Brian Inglis wrote:

> Did you install the service by running ssh-host-config?

Yes.

FYI, I had to run ssh-host-config as a domain user.  When I first ran it 
as a local Administrator, the ssh-host-config script printed the following:

*** Info: User 'cyg_server' has been created with password '<redacted>'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.

passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

> Check service dependencies with:
> $ cygrunsrv -VQ sshd
> Service             : sshd
> Display name        : CYGWIN sshd
> Current State       : Running
> Controls Accepted   : Stop, Preshutdown
> Command             : /usr/sbin/sshd -D
> stdin path          : /dev/null
> stdout path         : /var/log/sshd.log
> stderr path         : /var/log/sshd.log
> Process Type        : Own Process
> Startup             : Manual
> Dependencies        : cygserver, tcpip
> Account             : .\cyg_server 

$ cygrunsrv -VQ sshd
Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Environment         : CYGWIN="ntsec"
Process Type        : Own Process
Startup             : Automatic
Account             : .\cyg_server

> You may have to add an additional dependency on netlogon or other AD services to
> ensure they are available before sshd starts.

I tried adding netlogon as a dependency to sshd, but didn't see any 
change in behavior.

> If your service start is Automatic, you may also want to change it manually to
> Automatic (delayed start), to allow time for network services to be available.

Changing it from "Automatic" to "Automatic (delayed start)" fixed the 
issue.  This is my first time messing with Windows services and didn't 
see this option initially.

Thanks for the suggestion Brian!

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

WARNING: multiple messages have this Message-ID

From: Chris Wilson <chwilso3@cisco.com>
To: cygwin@cygwin.com
Subject: Re: Cygwin sshd doesn't use domain user names on boot up
Date: Fri, 08 Dec 2017 13:39:00 -0000	[thread overview]
Message-ID: <67d32ed9-cc36-026c-48dd-730b63417f9b@cisco.com> (raw)
Message-ID: <20171208133900.kmtYbLxRM1lDE6pizCHU3HPqrJJ58OmlM-jg1FcTL6E@z> (raw)
In-Reply-To: <6a47b6c6-032a-37d0-fe56-2ae21e6a5a68@SystematicSw.ab.ca>

On 12/5/17 12:17 PM, Brian Inglis wrote:

> Did you install the service by running ssh-host-config?

Yes.

FYI, I had to run ssh-host-config as a domain user.  When I first ran it 
as a local Administrator, the ssh-host-config script printed the following:

*** Info: User 'cyg_server' has been created with password '<redacted>'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.

passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

> Check service dependencies with:
> $ cygrunsrv -VQ sshd
> Service             : sshd
> Display name        : CYGWIN sshd
> Current State       : Running
> Controls Accepted   : Stop, Preshutdown
> Command             : /usr/sbin/sshd -D
> stdin path          : /dev/null
> stdout path         : /var/log/sshd.log
> stderr path         : /var/log/sshd.log
> Process Type        : Own Process
> Startup             : Manual
> Dependencies        : cygserver, tcpip
> Account             : .\cyg_server 

$ cygrunsrv -VQ sshd
Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Environment         : CYGWIN="ntsec"
Process Type        : Own Process
Startup             : Automatic
Account             : .\cyg_server

> You may have to add an additional dependency on netlogon or other AD services to
> ensure they are available before sshd starts.

I tried adding netlogon as a dependency to sshd, but didn't see any 
change in behavior.

> If your service start is Automatic, you may also want to change it manually to
> Automatic (delayed start), to allow time for network services to be available.

Changing it from "Automatic" to "Automatic (delayed start)" fixed the 
issue.  This is my first time messing with Windows services and didn't 
see this option initially.

Thanks for the suggestion Brian!

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2017-12-08  0:16 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-05 20:17 Chris Wilson (chwilso3)
2017-12-05 23:52 ` Brian Inglis
2017-12-08  8:58   ` Chris Wilson [this message]
2017-12-08 13:39     ` Chris Wilson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67d32ed9-cc36-026c-48dd-730b63417f9b@cisco.com \
    --to=chwilso3@cisco.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).