From: "Philippe Torche" <philippe.torche@jle.ch>
To: <cygwin@cygwin.com>
Subject: RE: Take 2: Testers for new ssh-*-config scripts wanted!
Date: Mon, 03 Nov 2003 17:51:00 -0000 [thread overview]
Message-ID: <JLE1BSZipl2mykoumh100000001@jle1.jle.corp> (raw)
In-Reply-To: <20031103162201.GF18706@cygbert.vinschen.de>
Hi,
1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin
2. If password complexity is enabled (yes per default) use a more complex
password : length of 7 min (max 14 to avoid some warning about W2K), lower
case and upper case letters.
Good work, Philippe.
> -----Message d'origine-----
> De : cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com]
> De la part de Corinna Vinschen
> Envoyé : lundi, 3. novembre 2003 17:22
> À : cygwin@cygwin.com
> Objet : Take 2: Testers for new ssh-*-config scripts wanted!
>
> Hi,
>
> I'd like to ask for more testing of the new ssh-host-config
> and ssh-user-config scripts.
>
> The new thing here is, that the ssh-host-config script now
> tries to figure out if the machine is a 2003 Server or newer
> system. If so, the script asks, if it should create a new
> account "sshd_server"
> to use as account to run sshd as service under. If you say
> "yes" at this point, a bunch of funny new activities is started:
>
> - The script creates a sshd_server account
>
> - It adds that account to the administrators group *iff* it's able
> to figure out the name of that group from the /etc/group file.
> This means, you must not change the name of the administrators
> group in /etc/group and the SID (S-1-5-32-544) must be available
> in that entry.
>
> - It uses the new editrights utility to add the necessary user rights
> to the new sshd_server account.
> These rights also explicitely deny logon locally and over network
> and allow logon only as service for security reasons.
>
> The ssh-user-config script has also been changed. It tries
> to figure out if the machine is a 2003 Server or newer and if
> so, it sets the permissions of the users ~/.ssh directory and
> the users ~/ssh/authorized_keys file so that the sshd_server
> account has read permissions on both. If it's an older
> system, it does the same for the SYSTEM account.
>
> Also on 2003, the sshd_server account is used for ownership
> of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log).
>
> Further changes:
> - Require bash for both scripts.
> - Use `read -e' in both scripts to enable readline support.
>
> So, I'd like to ask especially users of a 2003 Server system
> to test that script. Users of other systems are of course
> also welcome since I want to be sure that I haven't broken
> these systems.
>
> Attached are both scripts plus the vanilla ssh_config and
> sshd_config file. The latter two have to be copied to
> /etc/defaults/etc. Please not that the "editrights" tool has
> to be installed on your system.
> You can find it in the Base category when updating with setup.exe.
>
> Thanks in advance,
> Corinna
>
> --
> Corinna Vinschen Please, send mails
> regarding Cygwin to
> Cygwin Developer
> mailto:cygwin@cygwin.com
> Red Hat, Inc.
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2003-11-03 17:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-03 16:22 Corinna Vinschen
2003-11-03 17:51 ` Philippe Torche [this message]
2003-11-03 21:40 ` Corinna Vinschen
2003-11-04 13:03 ` Corinna Vinschen
2003-11-04 7:52 ` Mader, Alexander
[not found] <F67AB1DD14544242BE5BFE94F5939175575F59@E2KMEMMCS1.ftbco.ftn.com >
2003-11-03 22:05 ` DePriest, Jason R.
2003-11-04 2:37 ` Alan Dobkin
2003-11-04 8:33 ` Corinna Vinschen
2003-11-04 8:37 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=JLE1BSZipl2mykoumh100000001@jle1.jle.corp \
--to=philippe.torche@jle.ch \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).