* bash -l not sourcing /etc/profile? (minor annoyance)
@ 2017-03-09 22:54 Daniel Santos
2017-03-10 0:21 ` Brian Inglis
0 siblings, 1 reply; 4+ messages in thread
From: Daniel Santos @ 2017-03-09 22:54 UTC (permalink / raw)
To: cygwin
This is just a minor annoyance. When I start a mintty session and even
if I type bash -l or basy -li, I don't get my /etc/profile sourced and I
have to manually do it each time I log in. Any idea what's causing that?
Possibly related, sshd doesn't seem to be reading my
~/.ssh/authorized_keys because I have to type my password every time I
ssh in.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: bash -l not sourcing /etc/profile? (minor annoyance)
2017-03-09 22:54 bash -l not sourcing /etc/profile? (minor annoyance) Daniel Santos
@ 2017-03-10 0:21 ` Brian Inglis
2017-03-12 3:47 ` Daniel Santos
0 siblings, 1 reply; 4+ messages in thread
From: Brian Inglis @ 2017-03-10 0:21 UTC (permalink / raw)
To: cygwin
On 2017-03-09 15:58, Daniel Santos wrote:
> This is just a minor annoyance. When I start a mintty session and
> even if I type bash -l or basy -li, I don't get my /etc/profile
> sourced and I have to manually do it each time I log in. Any idea
> what's causing that?
Cygwin/bash/mintty shortcut properties or command line should have
"-" at end e.g.
"C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
Otherwise does it have Windows line endings or permissions too open?
> Possibly related, sshd doesn't seem to be reading my
> ~/.ssh/authorized_keys because I have to type my password every time
> I ssh in.
Windows line endings or permissions too open on directory
(s/b drwx------) or private key files, config, known_hosts,
authorized_keys (s/b _rw-------)?
Could sshd config have disabled allowing personal config files
(common on corporate servers - have to talk to admins)?
If you have a passphrase on your key, you could use ssh-agent
and ssh-add to avoid reverifying credentials on each connection.
Do you also need host keys in /etc/ssh_known_hosts or
~/.ssh/known_hosts as well as your PPK pair?
If you are using a native Windows ssh client you may need to use
something like Putty/Pageant/Plink to support SSH2 connections,
or client or server could have limited crypto support requiring
a specific PPK pair to be used to match both sides support.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: bash -l not sourcing /etc/profile? (minor annoyance)
2017-03-10 0:21 ` Brian Inglis
@ 2017-03-12 3:47 ` Daniel Santos
2017-03-12 20:02 ` Brian Inglis
0 siblings, 1 reply; 4+ messages in thread
From: Daniel Santos @ 2017-03-12 3:47 UTC (permalink / raw)
To: cygwin
First off, thanks for your response and I apologize for my late reply.
On 03/09/2017 06:21 PM, Brian Inglis wrote:
> On 2017-03-09 15:58, Daniel Santos wrote:
>> This is just a minor annoyance. When I start a mintty session and
>> even if I type bash -l or basy -li, I don't get my /etc/profile
>> sourced and I have to manually do it each time I log in. Any idea
>> what's causing that?
> Cygwin/bash/mintty shortcut properties or command line should have
> "-" at end e.g.
>
> "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
Yes, I have verified that.
> Otherwise does it have Windows line endings or permissions too open?
Windows line endings where? Also, please be a little more specific
about permissions. On what file(s) are you referring to? How could
this happen if they are "too open"? Usually, permissions being too open
just results in a big security hole. Does Cygwin do some type of
detection of this and crap out w/o a proper error message if some
permissions are too open?
>> Possibly related, sshd doesn't seem to be reading my
>> ~/.ssh/authorized_keys because I have to type my password every time
>> I ssh in.
> Windows line endings or permissions too open on directory
> (s/b drwx------) or private key files, config, known_hosts,
> authorized_keys (s/b _rw-------)?
Again, permissions too open w/o an error message? I did not explicitly
modify the permissions and the .ssh directory was created by
ssh-keygen. I did try to modify the permissions in Windows explorer,
but I only seemed to bungle things up and now I have the "properties"
dialogue for the .ssh directory stuck open (cannot close it) and I can't
reboot yet because I'm running tests, so this may have to wait a little bit.
Also, the sshd server does need to access my .ssh directory and my
id_rsa.pub, but I don't seem to understand nt security anymore.
> Could sshd config have disabled allowing personal config files
> (common on corporate servers - have to talk to admins)?
This is a fresh install of Cygwin on a freshly installed Windows 7.
> If you have a passphrase on your key, you could use ssh-agent
> and ssh-add to avoid reverifying credentials on each connection.
I did not use a passphrase.
> Do you also need host keys in /etc/ssh_known_hosts or
> ~/.ssh/known_hosts as well as your PPK pair?
Well, known_hosts doesn't matter on the server side and I have already
added the Windows 7 key to my known_hosts file on my GNU/Linux client.
I'm not using Putty, et. al., so I don't have a PPK file.
I suppose I can live with the inconvenience for now. Thanks for your tips.
Daniel
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: bash -l not sourcing /etc/profile? (minor annoyance)
2017-03-12 3:47 ` Daniel Santos
@ 2017-03-12 20:02 ` Brian Inglis
0 siblings, 0 replies; 4+ messages in thread
From: Brian Inglis @ 2017-03-12 20:02 UTC (permalink / raw)
To: cygwin
On 2017-03-11 20:51, Daniel Santos wrote:
> First off, thanks for your response and I apologize for my late reply.
>
> On 03/09/2017 06:21 PM, Brian Inglis wrote:
>> On 2017-03-09 15:58, Daniel Santos wrote:
>>> This is just a minor annoyance. When I start a mintty session and
>>> even if I type bash -l or basy -li, I don't get my /etc/profile
>>> sourced and I have to manually do it each time I log in. Any idea
>>> what's causing that?
>> Cygwin/bash/mintty shortcut properties or command line should have
>> "-" at end e.g.
>>
>> "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
>
> Yes, I have verified that.
>
>> Otherwise does it have Windows line endings or permissions too open?
>
> Windows line endings where? Also, please be a little more specific
> about permissions. On what file(s) are you referring to? How could
> this happen if they are "too open"? Usually, permissions being too
> open just results in a big security hole. Does Cygwin do some type of
> detection of this and crap out w/o a proper error message if some
> permissions are too open?
/etc/profile ~/.profile ...
Run file on profiles and check they don't say with CRLF... as various
utilities have been unpatched to work like native Unix by opening files
in binary mode and barfing if they don't like CRs.
Run dos2unix/d2u to fix.
Some utilities are now more aware of security holes and may now be
checking for no wide write permissions on files they will execute,
as have security related utilities.
They may not complain about permissions any more than they would
complain if a profile did not exist - would be nice of them.
>>> Possibly related, sshd doesn't seem to be reading my
>>> ~/.ssh/authorized_keys because I have to type my password every time
>>> I ssh in.
>> Windows line endings or permissions too open on directory
>> (s/b drwx------) or private key files, config, known_hosts,
>> authorized_keys (s/b _rw-------)?
>
> Again, permissions too open w/o an error message? I did not
> explicitly modify the permissions and the .ssh directory was created
> by ssh-keygen. I did try to modify the permissions in Windows
> explorer, but I only seemed to bungle things up and now I have the
> "properties" dialogue for the .ssh directory stuck open (cannot
> close it) and I can't reboot yet because I'm running tests, so this
> may have to wait a little bit.
SSH et al are normally explicit about permissions problems.
Cygwin getfacl and setfacl are your friends - setfacl -bk ...
on Cygwin directories and files strips most Windows ACLs down
to POSIX compatibility and allows ch{mod,own,grp} to do their
things without side effects.
If your account is a local admin, have a backup admin account
on the system, just in case.
> Also, the sshd server does need to access my .ssh directory and my
> id_rsa.pub, but I don't seem to understand nt security anymore.
Start cygserver and sshd using cygrunsrv from an elevated/admin
account or Scheduled Task so they run as SYSTEM and can impersonate.
See https://cygwin.com/cygwin-ug-net/ntsec.html for the best anyone
can understand POSIX security and ACLs under Windows, and especially
Switching the user context section for daemons like sshd; for
cygserver https://cygwin.com/cygwin-ug-net/using-cygserver.html
>> Could sshd config have disabled allowing personal config files
>> (common on corporate servers - have to talk to admins)?
>
> This is a fresh install of Cygwin on a freshly installed Windows 7.
>
>> If you have a passphrase on your key, you could use ssh-agent
>> and ssh-add to avoid reverifying credentials on each connection.
>
> I did not use a passphrase.
>
>> Do you also need host keys in /etc/ssh_known_hosts or
>> ~/.ssh/known_hosts as well as your PPK pair?
>
> Well, known_hosts doesn't matter on the server side and I have
> already added the Windows 7 key to my known_hosts file on my
> GNU/Linux client. I'm not using Putty, et. al., so I don't have a
> PPK file.
Meant PPK generically - like the .ssh/id... files without the .pub
suffix.
> I suppose I can live with the inconvenience for now. Thanks for your
> tips.
ssh is just one of the hoops we all have to jump thru to get to do work.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-12 20:02 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-09 22:54 bash -l not sourcing /etc/profile? (minor annoyance) Daniel Santos
2017-03-10 0:21 ` Brian Inglis
2017-03-12 3:47 ` Daniel Santos
2017-03-12 20:02 ` Brian Inglis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).