Attached are three small patches to the following files: /bin/ssh-host-config /bin/ssh-user-config /usr/doc/Cygwin/openssh-3.4p1-5.README
to fix some installation issues and better explain using sshd in Windows. The ssh-user-config changes are due to the fact that the default cygwin umask is 000. Maybe a .bash_profile could be created containing umask 022 when the user's home directory is first created. Just a thought. This is the culmination of 6 hours of list perusing, and hair pulling, so it's definitely "field tested". Hope this helps, Ross Smith --- ssh-host-config.orig 2002-07-07 03:07:12.000000000 -0700 +++ ssh-host-config 2002-10-23 16:11:12.000000000 -0700 @@ -164,6 +164,7 @@ if [ $_nt -gt 0 ] then chown system.system /var/empty + chmod 755 /var/empty fi fi --- ssh-user-config.orig 2002-06-21 13:32:33.000000000 -0700 +++ ssh-user-config 2002-10-23 16:15:24.000000000 -0700 @@ -123,6 +123,8 @@ fi fi +chown `whoami` ${pwdhome} + if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] then echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." @@ -139,6 +141,8 @@ fi fi +chmod 755 ${pwdhome}/.ssh + if [ ! -f "${pwdhome}/.ssh/identity" ] then if request "Shall I create an SSH1 RSA identity file for you?" @@ -196,5 +200,8 @@ fi fi +chmod 600 ${pwdhome}/.ssh/* +chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys? + echo echo "Configuration finished. Have fun!" --- openssh-3.4p1-5.README.orig 2002-10-23 15:20:39.000000000 -0700 +++ openssh-3.4p1-5.README 2002-10-23 16:23:03.000000000 -0700 @@ -123,12 +123,53 @@ - If you want to authenticate via RSA and you want to login to that machine to exactly one user account you can do so by running sshd - under that user account. You must change /etc/sshd_config - to contain the following: + under that user account. + + * Change /etc/sshd_config to contain RSAAuthentication yes - Moreover it's possible to use rhosts and/or rhosts with + * Make sure you have executed the following: + + $ ssh-host-config + $ ssh-user-config + + * Due to the fact that cygwin's default umask is 0000, you will need + to execute the following (substituting your user name for USERNAME): + + chown USERNAME ~ + chmod 755 ~ ~/.ssh + chmod 600 ~/.ssh/* + chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys? + + * Reinstall the ssh daemon to run as the user. Execute the following + (substituting your user name for USERNAME, and your password for PASSWORD): + + chmod 666 /var/log/sshd.log /var/empty + rm -fr /var/log/sshd.log /var/empty + touch /var/log/sshd.log + chmod 644 /var/log/sshd.log + chmod 755 /var/empty + chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log + cygrunsrv --stop sshd + cygrunsrv --remove sshd + cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \ + -u USERNAME \ + -w "PASSWORD" \ + -d "sshd" \ + -p /usr/sbin/sshd.exe \ + -1 /var/log/sshd.log \ + -2 /var/log/sshd.log \ + -a "-e -D" + cygrunsrv --start sshd + + * NOTE: The user will not be able to login using their Windows password. + They will only be able to login using RSA authentication. + + Therefore, you will need to copy your identity.pub and id_??a.pub + files into authorized_keys, and authorized_keys2, respectfully. + + Moreover, it's possible to use rhosts and/or rhosts with RSA authentication by setting the following in sshd_config: RhostsAuthentication yes
ssh-host-config.diff
Description: Binary data
ssh-user-config.diff
Description: Binary data
openssh-3.4p1-5.README.diff
Description: Binary data
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/