Hi, 1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin 2. If password complexity is enabled (yes per default) use a more complex password : length of 7 min (max 14 to avoid some warning about W2K), lower case and upper case letters.
Good work, Philippe. > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > De la part de Corinna Vinschen > Envoyé : lundi, 3. novembre 2003 17:22 > À : [EMAIL PROTECTED] > Objet : Take 2: Testers for new ssh-*-config scripts wanted! > > Hi, > > I'd like to ask for more testing of the new ssh-host-config > and ssh-user-config scripts. > > The new thing here is, that the ssh-host-config script now > tries to figure out if the machine is a 2003 Server or newer > system. If so, the script asks, if it should create a new > account "sshd_server" > to use as account to run sshd as service under. If you say > "yes" at this point, a bunch of funny new activities is started: > > - The script creates a sshd_server account > > - It adds that account to the administrators group *iff* it's able > to figure out the name of that group from the /etc/group file. > This means, you must not change the name of the administrators > group in /etc/group and the SID (S-1-5-32-544) must be available > in that entry. > > - It uses the new editrights utility to add the necessary user rights > to the new sshd_server account. > These rights also explicitely deny logon locally and over network > and allow logon only as service for security reasons. > > The ssh-user-config script has also been changed. It tries > to figure out if the machine is a 2003 Server or newer and if > so, it sets the permissions of the users ~/.ssh directory and > the users ~/ssh/authorized_keys file so that the sshd_server > account has read permissions on both. If it's an older > system, it does the same for the SYSTEM account. > > Also on 2003, the sshd_server account is used for ownership > of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log). > > Further changes: > - Require bash for both scripts. > - Use `read -e' in both scripts to enable readline support. > > So, I'd like to ask especially users of a 2003 Server system > to test that script. Users of other systems are of course > also welcome since I want to be sure that I haven't broken > these systems. > > Attached are both scripts plus the vanilla ssh_config and > sshd_config file. The latter two have to be copied to > /etc/defaults/etc. Please not that the "editrights" tool has > to be installed on your system. > You can find it in the Base category when updating with setup.exe. > > Thanks in advance, > Corinna > > -- > Corinna Vinschen Please, send mails > regarding Cygwin to > Cygwin Developer > mailto:[EMAIL PROTECTED] > Red Hat, Inc. > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/