From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 40441 invoked by alias); 6 Feb 2017 09:51:17 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 40430 invoked by uid 89); 6 Feb 2017 09:51:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=U*corinna-cygwin, corinna-cygwin@cygwin.com, corinnacygwincygwincom, sk:corinna X-HELO: mail-vk0-f51.google.com Received: from mail-vk0-f51.google.com (HELO mail-vk0-f51.google.com) (209.85.213.51) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 06 Feb 2017 09:51:06 +0000 Received: by mail-vk0-f51.google.com with SMTP id t8so52142837vke.3 for ; Mon, 06 Feb 2017 01:51:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=U3a+29it8gsVJC6/B/FrQluFKViZFvRFtbYXkZl18o0=; b=R0VEKyFT1rjNsEBKzdJsqBFa6vUDmZoLWfVdS0EzhtTqKURS7qk6NPLfOBS8escK+z bl48l+ubyfAxRKhPY6DXG87GGef874pdKJS8EasQcdt0qXStuCczuKj1gnyyoqQPwWQJ +Qwy0b4XZb1H98IKkjRcfEUq9CDDREYyroQhPeo7zFJ8iM5kIoLZ8iQAJN5j+4Q9v1lG CJ/xFb5XwZ+r+viDMLG0IK/GZHgEj3Tq8mriUlIZGEQTREubI8avlIu3Zwjia+GEmTrO 4lIPaD8G8gMyA6iKJAEn3kupbL/X5t6fkXZTno3MpkmDq1ETuSV7jLcy+OW0TLVYFsBU tZyw== X-Gm-Message-State: AMke39mD80S1YCXIW19LcpEBVw6zA+cfPQrIk+toZ5oRGESttAZt+kvmOZ2W37f88SWz8tBW64l1uZWBc9hUvA== X-Received: by 10.31.28.193 with SMTP id c184mr3984842vkc.173.1486374664724; Mon, 06 Feb 2017 01:51:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.133.147 with HTTP; Mon, 6 Feb 2017 01:51:04 -0800 (PST) In-Reply-To: <20170202130806.GC4310@calimero.vinschen.de> References: <20170202130806.GC4310@calimero.vinschen.de> From: Erik Bray Date: Mon, 06 Feb 2017 09:51:00 -0000 Message-ID: Subject: Re: Problems with ssh-host-config on Windows 10 To: cygwin@cygwin.com Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes X-SW-Source: 2017-02/txt/msg00076.txt.bz2 On Thu, Feb 2, 2017 at 2:08 PM, Corinna Vinschen wrote: > On Feb 2 12:19, Erik Bray wrote: >> Hi all, >> >> I've been trying to get a Cygwin sshd server running on a Windows 10 >> VM, and have found it to be surprisingly tricky without some >> additional fiddling, and it's not clear to me whether that's expected >> or if it's a bug. I've attached the cygcheck output from the VM. >> >> The symptom I've having seems to be the same as in this post: >> >> https://cygwin.com/ml/cygwin/2015-06/msg00265.html >> >> The problem seems to be stemming from some assumptions in: >> /usr/share/csih/cygwin-service-installation-helper.sh >> >> It creates the "privileged user" (in my case with the default name >> cyg_server) with `net user`, including the SAM comment entry: >> >> /comment:'' >> >> Shortly after it calls: >> >> passwd -e "${csih_PRIVILEGED_USERNAME}" >> >> and this fails with: >> >> Warning: Setting password expiry for user 'desktop-mk2koav+cyg_server' failed! >> >> This happens because this is a fresh Cygwin install with all the >> default settings in /etc/nsswitch.conf. In particular, no passwd >> entry is found for the cyg_server user unless I explicitly add "local" >> to db_enum. Furthermore, the SAM comment entry is not read correctly >> without db_home: desc and db_shell: desc. In summary, I had to edit >> /etc/nsswitch.conf to: >> >> passwd db >> db_enum: local >> db_home: desc >> db_shell: desc > > The assumption in ssh-host-config is that your nsswitch.conf settings > are already correct. It's kind of tricky to set up accounts and stuff > in a not yet configured environment. I think that's reasonable, but the question is what is "correct"? Any valid settings for nsswitch.conf could be "correct" for different use cases, whereas the cygwin-service-installation-helper.sh script seems to have some very specific requirements that don't match the default configuration, or even many non-default configurations (especially w.r.t. db_home and db_shell). Best, Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple