bash -l not sourcing /etc/profile? (minor annoyance)

bash -l not sourcing /etc/profile? (minor annoyance)

[Daniel Santos]

This is just a minor annoyance.  When I start a mintty session and even 
if I type bash -l or basy -li, I don't get my /etc/profile sourced and I 
have to manually do it each time I log in.  Any idea what's causing that?

Possibly related, sshd doesn't seem to be reading my 
~/.ssh/authorized_keys because I have to type my password every time I 
ssh in.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: bash -l not sourcing /etc/profile? (minor annoyance)

[Brian Inglis]

On 2017-03-09 15:58, Daniel Santos wrote:
> This is just a minor annoyance. When I start a mintty session and
> even if I type bash -l or basy -li, I don't get my /etc/profile
> sourced and I have to manually do it each time I log in. Any idea
> what's causing that?

Cygwin/bash/mintty shortcut properties or command line should have 
"-" at end e.g.

	"C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"

Otherwise does it have Windows line endings or permissions too open?

> Possibly related, sshd doesn't seem to be reading my
> ~/.ssh/authorized_keys because I have to type my password every time
> I ssh in.

Windows line endings or permissions too open on directory 
(s/b drwx------) or private key files, config, known_hosts, 
authorized_keys (s/b _rw-------)?

Could sshd config have disabled allowing personal config files 
(common on corporate servers - have to talk to admins)?

If you have a passphrase on your key, you could use ssh-agent 
and ssh-add to avoid reverifying credentials on each connection.

Do you also need host keys in /etc/ssh_known_hosts or 
~/.ssh/known_hosts as well as your PPK pair?

If you are using a native Windows ssh client you may need to use 
something like Putty/Pageant/Plink to support SSH2 connections, 
or client or server could have limited crypto support requiring 
a specific PPK pair to be used to match both sides support.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: bash -l not sourcing /etc/profile? (minor annoyance)

[Daniel Santos]

First off, thanks for your response and I apologize for my late reply.

On 03/09/2017 06:21 PM, Brian Inglis wrote:
> On 2017-03-09 15:58, Daniel Santos wrote:
>> This is just a minor annoyance. When I start a mintty session and
>> even if I type bash -l or basy -li, I don't get my /etc/profile
>> sourced and I have to manually do it each time I log in. Any idea
>> what's causing that?
> Cygwin/bash/mintty shortcut properties or command line should have
> "-" at end e.g.
>
> 	"C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"

Yes, I have verified that.

> Otherwise does it have Windows line endings or permissions too open?

Windows line endings where?  Also, please be a little more specific 
about permissions.  On what file(s) are you referring to?  How could 
this happen if they are "too open"?  Usually, permissions being too open 
just results in a big security hole.  Does Cygwin do some type of 
detection of this and crap out w/o a proper error message if some 
permissions are too open?


>> Possibly related, sshd doesn't seem to be reading my
>> ~/.ssh/authorized_keys because I have to type my password every time
>> I ssh in.
> Windows line endings or permissions too open on directory
> (s/b drwx------) or private key files, config, known_hosts,
> authorized_keys (s/b _rw-------)?

Again, permissions too open w/o an error message?  I did not explicitly 
modify the permissions and the .ssh directory was created by 
ssh-keygen.  I did try to modify the permissions in Windows explorer, 
but I only seemed to bungle things up and now I have the "properties" 
dialogue for the .ssh directory stuck open (cannot close it) and I can't 
reboot yet because I'm running tests, so this may have to wait a little bit.

Also, the sshd server does need to access my .ssh directory and my 
id_rsa.pub, but I don't seem to understand nt security anymore.

> Could sshd config have disabled allowing personal config files
> (common on corporate servers - have to talk to admins)?

This is a fresh install of Cygwin on a freshly installed Windows 7.

> If you have a passphrase on your key, you could use ssh-agent
> and ssh-add to avoid reverifying credentials on each connection.

I did not use a passphrase.

> Do you also need host keys in /etc/ssh_known_hosts or
> ~/.ssh/known_hosts as well as your PPK pair?

Well, known_hosts doesn't matter on the server side and I have already 
added the Windows 7 key to my known_hosts file on my GNU/Linux client.  
I'm not using Putty, et. al., so I don't have a PPK file.

I suppose I can live with the inconvenience for now.  Thanks for your tips.

Daniel


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: bash -l not sourcing /etc/profile? (minor annoyance)

[Brian Inglis]

On 2017-03-11 20:51, Daniel Santos wrote:
> First off, thanks for your response and I apologize for my late reply.
> 
> On 03/09/2017 06:21 PM, Brian Inglis wrote:
>> On 2017-03-09 15:58, Daniel Santos wrote:
>>> This is just a minor annoyance. When I start a mintty session and
>>> even if I type bash -l or basy -li, I don't get my /etc/profile
>>> sourced and I have to manually do it each time I log in. Any idea
>>> what's causing that?
>> Cygwin/bash/mintty shortcut properties or command line should have
>> "-" at end e.g.
>>
>>     "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
> 
> Yes, I have verified that.
> 
>> Otherwise does it have Windows line endings or permissions too open?
> 
> Windows line endings where? Also, please be a little more specific
> about permissions. On what file(s) are you referring to? How could
> this happen if they are "too open"? Usually, permissions being too
> open just results in a big security hole. Does Cygwin do some type of
> detection of this and crap out w/o a proper error message if some
> permissions are too open?

/etc/profile ~/.profile ...

Run file on profiles and check they don't say with CRLF... as various 
utilities have been unpatched to work like native Unix by opening files 
in binary mode and barfing if they don't like CRs.
Run dos2unix/d2u to fix.
Some utilities are now more aware of security holes and may now be 
checking for no wide write permissions on files they will execute, 
as have security related utilities.
They may not complain about permissions any more than they would 
complain if a profile did not exist - would be nice of them.

>>> Possibly related, sshd doesn't seem to be reading my
>>> ~/.ssh/authorized_keys because I have to type my password every time
>>> I ssh in.
>> Windows line endings or permissions too open on directory
>> (s/b drwx------) or private key files, config, known_hosts,
>> authorized_keys (s/b _rw-------)?
> 
> Again, permissions too open w/o an error message? I did not 
> explicitly modify the permissions and the .ssh directory was created 
> by ssh-keygen. I did try to modify the permissions in Windows 
> explorer, but I only seemed to bungle things up and now I have the 
> "properties" dialogue for the .ssh directory stuck open (cannot
> close it) and I can't reboot yet because I'm running tests, so this
> may have to wait a little bit.

SSH et al are normally explicit about permissions problems.
Cygwin getfacl and setfacl are your friends - setfacl -bk ... 
on Cygwin directories and files strips most Windows ACLs down 
to POSIX compatibility and allows ch{mod,own,grp} to do their 
things without side effects.
If your account is a local admin, have a backup admin account 
on the system, just in case.

> Also, the sshd server does need to access my .ssh directory and my
> id_rsa.pub, but I don't seem to understand nt security anymore.

Start cygserver and sshd using cygrunsrv from an elevated/admin 
account or Scheduled Task so they run as SYSTEM and can impersonate.
See https://cygwin.com/cygwin-ug-net/ntsec.html for the best anyone 
can understand POSIX security and ACLs under Windows, and especially  
Switching the user context section for daemons like sshd; for 
cygserver https://cygwin.com/cygwin-ug-net/using-cygserver.html 

>> Could sshd config have disabled allowing personal config files
>> (common on corporate servers - have to talk to admins)?
> 
> This is a fresh install of Cygwin on a freshly installed Windows 7.
> 
>> If you have a passphrase on your key, you could use ssh-agent
>> and ssh-add to avoid reverifying credentials on each connection.
> 
> I did not use a passphrase.
> 
>> Do you also need host keys in /etc/ssh_known_hosts or
>> ~/.ssh/known_hosts as well as your PPK pair?
> 
> Well, known_hosts doesn't matter on the server side and I have 
> already added the Windows 7 key to my known_hosts file on my 
> GNU/Linux client. I'm not using Putty, et. al., so I don't have a
> PPK file.

Meant PPK generically - like the .ssh/id... files without the .pub 
suffix.

> I suppose I can live with the inconvenience for now. Thanks for your 
> tips.

ssh is just one of the hoops we all have to jump thru to get to do work.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple