From: Dan Greenspan <daniel.greenspan@jhuapl.edu>
To: cygwin@cygwin.com
Subject: Re: ssh logon failure
Date: Fri, 25 Oct 2013 02:04:00 -0000 [thread overview]
Message-ID: <loom.20131025T023724-855@post.gmane.org> (raw)
In-Reply-To: <52028508.7000102@cygwin.com>
I experienced the "operation not permitted" problem as many others have.
I had not changed my setup when the error was experienced, but I noticed
that every computer which presented this difficulty was a work machine with
our IT security suite installed. On every PC _without_ an IT security
package, cygwin sshd worked just fine out of the box. On any PC without a
security package which subsequently had one installed, sshd stopped working.
Like at least one other user, I have concluded that my "evil" IT people are
the root cause of the problem. However, they are of no help whatsoever. By
some combination of dumb luck, relentless hacking and bits of help online, I
arrived at the following conslusions and solution:
Problem one: by default, cygwin sshd uses the windows log, which is hard to
read and doesn't contain the desired diagnostic output. Fixing this revealed
useful clues.
Problem two: /var/empty had the incorrect owner.
THE FIX:
1) Setup cygwin's sshd normally by invoking: ssh-host-config -y (If you have
been thrashing about trying to solve this problem and have changed
permissions and config files, just run the script again to ensure that your
setup is reasonable)
2) DON'T START sshd.
3) Issue "chown SYSTEM /var/empty"
4) Uninstall the default sshd service by invoking: cygrunsrv --remove sshd
5) Reinstall the service and make the sshd output go to /var/log/sshd.log by
invoking: cygrunsrv -I sshd -d "Cygwin sshd" -p /usr/sbin/sshd -a '-D -e'
I hope this works for you.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2013-10-25 0:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-06 7:04 marco atzeri
2012-06-06 8:37 ` Corinna Vinschen
2012-06-11 19:52 ` marco atzeri
2012-06-21 8:08 ` marco atzeri
2012-06-21 9:11 ` Corinna Vinschen
2012-08-13 6:03 ` thebardingreen
2012-08-14 14:15 ` marco atzeri
2012-06-07 8:55 ` DakMark
2012-06-07 10:02 ` marco atzeri
2013-08-07 17:15 ` Yuki Ishibashi
2013-08-07 17:34 ` Larry Hall (Cygwin)
2013-10-25 2:04 ` Dan Greenspan [this message]
2013-10-25 2:30 ` Larry Hall (Cygwin)
2013-11-11 23:48 ` greenspan
2013-11-12 14:32 ` George Demmy
2013-11-12 0:23 ` greenspan
2013-11-12 0:54 ` Larry Hall (Cygwin)
2013-11-13 4:16 ` greenspan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=loom.20131025T023724-855@post.gmane.org \
--to=daniel.greenspan@jhuapl.edu \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).