Re: SSHD/

Re: SSHD/

[Marco.Rottigni]

>From: "Max Bowsher" <maxb@ukf.net>
>Date: 05/02/2003 18.04.07
>Subject: Re: SSHD/
>
>Marco.Rottigni@stonesoft.com wrote:
>> $ ssh-host-config -y
>> chmod: changing permissions of `/var/empty': Permission denied
>
>Worth investigating this.
$ ls -l /var
total 0
drwxr-xr-x+   2 SYSTEM   SYSTEM          0 Feb  4 17:02 empty

Permissions are already OK.

>
>> Privilege separation is set to yes by default since OpenSSH 3.3.
>> However, this requires a non-privileged account called 'sshd'.
>
>Does such an account exist? (In Windows and in /etc/passwd).
marco@hki-mar-2000 ~
$ less /etc/passwd|grep sshd
sshd:unused_by_nt/2000/xp:1004:513:sshd 
privsep,U-HKI-MAR-2000\sshd,S-1-5-21-1614895754-507921405-839522115-1004:/var/empty:/bin/false


User sshd exists also in Control Panel - Users and Passwords and has been 
installed by the CygWin script as a Restricted User (Win2000 definition is 
"Users can operate the computer and save documents, but cannot install 
programs or make potentially damaging changes to the system files and 
settings")

>
>
>
>Max.
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSHD/

[Max Bowsher]

Marco.Rottigni@stonesoft.com wrote:
> $ ssh-host-config -y
> chmod: changing permissions of `/var/empty': Permission denied

Worth investigating this.

> Privilege separation is set to yes by default since OpenSSH 3.3.
> However, this requires a non-privileged account called 'sshd'.

Does such an account exist? (In Windows and in /etc/passwd).



Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSHD/

[Olaf Foellinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Feb 05, 2003 at 11:46:36AM +0100, Marco.Rottigni@stonesoft.com wrote:
> Hi all.
> 
> I'm a great user/fan of this fantastic CygWin allowing the freedom of *nix 
> on Win (in a world without fences, who needs Gates?), but I recently tried 
> to use sshd and got some problems.
> 
> Since I haven't been able to solve them by reading the tons of messages 
> and howto I found on the 'Net, I'm trying with this e-mail.

Are your mounts "system" or "user" ? What's the output of 

$ mount

Gruss Olaf Föllinger

- -- 
Olaf Föllinger
Berater 
S.E.S.A. Software und Systeme AG

Alt-Moabit 91a
D-10559 Berlin
Germany
Tel:   +49 30 390722 -291
Fax:   +49 30 390722 -222
Mobil: +49 173 6227080
http://www.sesa.de
mailto: Olaf.Foellinger@sesa.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Cygwin)

iD8DBQE+QPV7QhZYH/dN/jsRAjghAJ0f9bsp/7aMq9+V0x42eevGLRSiTwCcCTWY
MwV02pfon1BIEeyP25O5UtA=
=6tGX
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: SSHD/

[Vince Hoffman]

Can you check the contents of /var/log/sshd.log that sometimes holds the
answer.
I also tend to have /etc/ssh_config and /etc/sshd_config as -rw-rw-r-
(although i'm not sure that would stop the sshd starting, i forget.) 
Maybe check your mounts are system mounts (type mount and if you get
something like 
h:\cygwin\bin on /usr/bin type system (binmode)
(the system bit being the important bit,) then you should be ok. 


> -----Original Message-----
> From: Marco.Rottigni@stonesoft.com 
> [mailto:Marco.Rottigni@stonesoft.com]
> Sent: 05 February 2003 10:47
> To: cygwin@cygwin.com
> Subject: SSHD/
> 
> 
> Hi all.
> 
> I'm a great user/fan of this fantastic CygWin allowing the 
> freedom of *nix 
> on Win (in a world without fences, who needs Gates?), but I 
> recently tried 
> to use sshd and got some problems.
> 
> Since I haven't been able to solve them by reading the tons 
> of messages 
> and howto I found on the 'Net, I'm trying with this e-mail.
> 
> On my Win 2000 Pro SP3 box, I am a user with Administrators 
> rights but 
> authenticated on a domain.
> Typing "id" on prompt shows:
> uid=400(marco) gid=401(mkgroup) 
> groups=544(Administrators),545(Users),401(mkgroup)
> 
> I ran ssh-host config apparently correctly:
> $ ssh-host-config -y
> chmod: changing permissions of `/var/empty': Permission denied
> Generating /etc/ssh_config file
> Privilege separation is set to yes by default since OpenSSH 3.3.
> However, this requires a non-privileged account called 'sshd'.
> For more info on privilege separation read 
> /usr/doc/openssh/README.privsep.
> 
> Generating /etc/sshd_config file
> 
> Do you want to install sshd as service?
> 
> Which value should the environment variable CYGWIN have when
> sshd starts? It's recommended to set at least "ntsec" to be
> able to change user context without password.
> Default is "binmode ntsec tty".  CYGWIN="binmode ntsec tty"
> 
> The service has been installed under LocalSystem account.
> 
> Host configuration finished. Have fun!
> 
> When I start it using "cygrunsrv -S sshd" I see 
> $ cygrunsrv.exe -S sshd
> cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 
> 1062:
> The service has not been started.
> 
> ...and in the event viewer an error like:
> Event Type:     Error
> Event Source:   sshd
> Event Category: None
> Event ID:       0
> Date:           05/02/2003
> Time:           10.15.25
> User:           NT AUTHORITY\SYSTEM
> Computer:       HKI-MAR-2000
> Description:
> The description for Event ID ( 0 ) in Source ( sshd ) cannot 
> be found. The 
> local computer may not have the necessary registry 
> information or message 
> DLL files to display messages from a remote computer. The following 
> information is part of the event: sshd : Win32 Process Id = 
> 0x4EC : Cygwin 
> Process Id = 0x4EC : starting service `sshd' failed: execv: 
> 255, error 
> 255.
> 
> If I type "less /etc/passwd|grep marco" I see:
> marco:unused_by_nt/2000/xp:400:401:U-STONESOFT\marco:/home/mar
> co:/bin/bash
> 
> About permissions on files ( I read about them in some 
> mailing list msgs), 
> the most important look like:
> marco@hki-mar-2000 /var
> $ ls -la /var/empty
> total 0
> drwxr-xr-x+   2 SYSTEM   SYSTEM          0 Feb  4 17:02 .
> drwxrwxrwx+   7 SYSTEM   SYSTEM          0 Feb  4 17:02 ..
> 
> marco@hki-mar-2000 /var
> $ ls -la /etc/ssh*
> -rw-rw-rw-    1 SYSTEM   mkgroup      1049 Feb  5 10:14 
> /etc/ssh_config
> -rw-rw-rw-    1 SYSTEM   mkgroup      1049 Feb  4 18:38 
> /etc/ssh_config.orig
> -rw-------    1 SYSTEM   SYSTEM        668 Feb  4 19:45 
> /etc/ssh_host_dsa_key
> -rw-r--r--    1 SYSTEM   SYSTEM        608 Feb  4 19:45 
> /etc/ssh_host_dsa_key.pu
> b
> -rw-------    1 SYSTEM   SYSTEM        533 Feb  4 19:45 
> /etc/ssh_host_key
> -rw-r--r--    1 SYSTEM   SYSTEM        337 Feb  4 19:45 
> /etc/ssh_host_key.pub
> -rw-------    1 SYSTEM   SYSTEM        883 Feb  4 19:45 
> /etc/ssh_host_rsa_key
> -rw-r--r--    1 SYSTEM   SYSTEM        228 Feb  4 19:45 
> /etc/ssh_host_rsa_key.pu
> b
> -rw-rw-rw-    1 SYSTEM   mkgroup      2142 Feb  5 10:14 
> /etc/sshd_config
> -rw-rw-rw-    1 SYSTEM   mkgroup      2142 Feb  4 18:38 
> /etc/sshd_config.orig
> 
> CYGWIN is set as a system variable 
> marco@hki-mar-2000 /
> $ echo $CYGWIN
> binmode ntsec tty
> 
> What's wrong?
> 
> Thanks in advance.
> 
>         Marco ;-)
> 
> -----
> 
> "We can be what we give ourselves the power to be"
>          A Cherokee Feast of Days
> 
> Marco Rottigni
> Senior Technical Consultant
> Stonesoft Italia
> Tel:     +39 039 6083 385 
> Fax:    +39 039 6082 721 
> GSM:  +39 348 8591791
> http://www.stonesoft.com
> Email: marco.rottigni@stonesoft.com
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

SSHD/

[Marco.Rottigni]

Hi all.

I'm a great user/fan of this fantastic CygWin allowing the freedom of *nix 
on Win (in a world without fences, who needs Gates?), but I recently tried 
to use sshd and got some problems.

Since I haven't been able to solve them by reading the tons of messages 
and howto I found on the 'Net, I'm trying with this e-mail.

On my Win 2000 Pro SP3 box, I am a user with Administrators rights but 
authenticated on a domain.
Typing "id" on prompt shows:
uid=400(marco) gid=401(mkgroup) 
groups=544(Administrators),545(Users),401(mkgroup)

I ran ssh-host config apparently correctly:
$ ssh-host-config -y
chmod: changing permissions of `/var/empty': Permission denied
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read 
/usr/doc/openssh/README.privsep.

Generating /etc/sshd_config file

Do you want to install sshd as service?

Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "binmode ntsec tty".  CYGWIN="binmode ntsec tty"

The service has been installed under LocalSystem account.

Host configuration finished. Have fun!

When I start it using "cygrunsrv -S sshd" I see 
$ cygrunsrv.exe -S sshd
cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 
1062:
The service has not been started.

...and in the event viewer an error like:
Event Type:     Error
Event Source:   sshd
Event Category: None
Event ID:       0
Date:           05/02/2003
Time:           10.15.25
User:           NT AUTHORITY\SYSTEM
Computer:       HKI-MAR-2000
Description:
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The 
local computer may not have the necessary registry information or message 
DLL files to display messages from a remote computer. The following 
information is part of the event: sshd : Win32 Process Id = 0x4EC : Cygwin 
Process Id = 0x4EC : starting service `sshd' failed: execv: 255, error 
255.

If I type "less /etc/passwd|grep marco" I see:
marco:unused_by_nt/2000/xp:400:401:U-STONESOFT\marco:/home/marco:/bin/bash

About permissions on files ( I read about them in some mailing list msgs), 
the most important look like:
marco@hki-mar-2000 /var
$ ls -la /var/empty
total 0
drwxr-xr-x+   2 SYSTEM   SYSTEM          0 Feb  4 17:02 .
drwxrwxrwx+   7 SYSTEM   SYSTEM          0 Feb  4 17:02 ..

marco@hki-mar-2000 /var
$ ls -la /etc/ssh*
-rw-rw-rw-    1 SYSTEM   mkgroup      1049 Feb  5 10:14 /etc/ssh_config
-rw-rw-rw-    1 SYSTEM   mkgroup      1049 Feb  4 18:38 
/etc/ssh_config.orig
-rw-------    1 SYSTEM   SYSTEM        668 Feb  4 19:45 
/etc/ssh_host_dsa_key
-rw-r--r--    1 SYSTEM   SYSTEM        608 Feb  4 19:45 
/etc/ssh_host_dsa_key.pu
b
-rw-------    1 SYSTEM   SYSTEM        533 Feb  4 19:45 /etc/ssh_host_key
-rw-r--r--    1 SYSTEM   SYSTEM        337 Feb  4 19:45 
/etc/ssh_host_key.pub
-rw-------    1 SYSTEM   SYSTEM        883 Feb  4 19:45 
/etc/ssh_host_rsa_key
-rw-r--r--    1 SYSTEM   SYSTEM        228 Feb  4 19:45 
/etc/ssh_host_rsa_key.pu
b
-rw-rw-rw-    1 SYSTEM   mkgroup      2142 Feb  5 10:14 /etc/sshd_config
-rw-rw-rw-    1 SYSTEM   mkgroup      2142 Feb  4 18:38 
/etc/sshd_config.orig

CYGWIN is set as a system variable 
marco@hki-mar-2000 /
$ echo $CYGWIN
binmode ntsec tty

What's wrong?

Thanks in advance.

        Marco ;-)

-----

"We can be what we give ourselves the power to be"
         A Cherokee Feast of Days

Marco Rottigni
Senior Technical Consultant
Stonesoft Italia
Tel:     +39 039 6083 385 
Fax:    +39 039 6082 721 
GSM:  +39 348 8591791
http://www.stonesoft.com
Email: marco.rottigni@stonesoft.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/