RE: Take 2: Testers for new ssh-*-config scripts wanted!

["Philippe Torche" <philippe.torche@jle.ch>]

Hi,

1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin
2. If password complexity is enabled (yes per default) use a more complex
password : length of 7 min (max 14 to avoid some warning about W2K), lower
case and upper case letters.

Good work, Philippe.

> -----Message d'origine-----
> De : cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] 
> De la part de Corinna Vinschen
> Envoyé : lundi, 3. novembre 2003 17:22
> À : cygwin@cygwin.com
> Objet : Take 2: Testers for new ssh-*-config scripts wanted!
> 
> Hi,
> 
> I'd like to ask for more testing of the new ssh-host-config 
> and ssh-user-config scripts.
> 
> The new thing here is, that the ssh-host-config script now 
> tries to figure out if the machine is a 2003 Server or newer 
> system.  If so, the script asks, if it should create a new 
> account "sshd_server"
> to use as account to run sshd as service under.  If you say 
> "yes" at this point, a bunch of funny new activities is started:
> 
> - The script creates a sshd_server account
> 
> - It adds that account to the administrators group *iff* it's able
>   to figure out the name of that group from the /etc/group file.
>   This means, you must not change the name of the administrators
>   group in /etc/group and the SID (S-1-5-32-544) must be available
>   in that entry.
> 
> - It uses the new editrights utility to add the necessary user rights
>   to the new sshd_server account. 
>   These rights also explicitely deny logon locally and over network
>   and allow logon only as service for security reasons.
> 
> The ssh-user-config script has also been changed.  It tries 
> to figure out if the machine is a 2003 Server or newer and if 
> so, it sets the permissions of the users ~/.ssh directory and 
> the users ~/ssh/authorized_keys file so that the sshd_server 
> account has read permissions on both.  If it's an older 
> system, it does the same for the SYSTEM account.
> 
> Also on 2003, the sshd_server account is used for ownership 
> of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log).
> 
> Further changes:
> - Require bash for both scripts.
> - Use `read -e' in both scripts to enable readline support.
> 
> So, I'd like to ask especially users of a 2003 Server system 
> to test that script.  Users of other systems are of course 
> also welcome since I want to be sure that I haven't broken 
> these systems.
> 
> Attached are both scripts plus the vanilla ssh_config and 
> sshd_config file.  The latter two have to be copied to 
> /etc/defaults/etc.  Please not that the "editrights" tool has 
> to be installed on your system.
> You can find it in the Base category when updating with setup.exe.
> 
> Thanks in advance,
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails 
> regarding Cygwin to
> Cygwin Developer                                
> mailto:cygwin@cygwin.com
> Red Hat, Inc.
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/