Re: sshd under Cygwin
pedal2metal wrote: [...] I'm running Windows 2000 Pro SP4 & using a February 25,2004 archive of the redhat mirror for the Cygwin install. This is ten month old and no longer supported, try to update to a recent version of Cygwin and tools. Gerrit -- =^..^= -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: sshd under Cygwin
Hello, After using the following references: http://ist.uwaterloo.ca/~kscully/SSH/CygwinSSHD_W2K3.html http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html /usr/share/doc/Cygwin/openssh.README /usr/bin/ssh-host-config /usr/bin/ssh-user-config & plenty of T&E (trial & error), I was able to get RSA SSH2 keys to work properly. In conclusion, change the _user to instead of 'system' in both of the above scripts. I installed the sshd service manually but that was mainly due to the debug/analysis nature of the work. Shouldn't be necessary if the _user variable is changed in both scripts. Anyhow, this does bring up another question: How would one get RSA SSH2 keys to work with multiple user logins since the cygrunsrv/sshd process can only run as 1 user? It would appear the answer is "Not possible" based on my T&E results. thanks & best regards, eric rose email: [EMAIL PROTECTED] -Original Message- From: pedal2metal [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 1:37 AM To: cygwin@cygwin.com Subject: sshd under Cygwin Hello, Ok, I installed all of Cygwin & then attempted to get sshd running. I did this about 1.5 years ago & it didn't seem too hard so I thought I try again. Anyhow, this time, I've grown a bit & use the RSA keys of SSH Protocol 2 as my standard method so I wanted to do that this time. Well I ran ssh-host-config & everything looked good but only password authentication worked. After lots of mistakes, false starts, I figured out my /home/ directory rights were wrong & ran ssh-user-config to fix them which removed write priveleges for group/world. Still no RSA keys allowed. Anyhow, now I'm afraid I've made a total mess of things. I read the /usr/share/doc/Cygwin/openssh.README file which is how I got this email address. I ended up trying to "reset" things. I deleted my .ssh directory. I removed the "sshd" service via regedit. I removed the "sshd" user also via Control Panel. I then ran ssh-user-config, regenerated my RSA SSH Protocol 2 keys, then ran ssh-host-config & said yes to everything & I have CYGWIN='ntsec tty'. Still no luck. I can only connect by using my password. I'm using the "ssh 127.0.0.1" test as my reference. I'm guessing this whole process is a "do-once" & once you screw it up, it can't be undone short of a complete Cygwin re-install and/or Windows re-install, although honestly, I have no clue. I've done Google, read tons of emails, threads, read the /usr/share/doc area, etc... still no fundamental clue on the deterministic process to get RSA2 keys working reliably with sshd under Cygwin. I'm running Windows 2000 Pro SP4 & using a February 25,2004 archive of the redhat mirror for the Cygwin install. I am operational since I can use my password but I'm completely baffled by why the RSA2 keys don't work since I use them on my other systems which I use SSH for. thanks & best regards, Eric Rose -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: sshd under Cygwin
Hello, I forgot to mention that I had to add all the editrights priveleges within ssh-host-config to my User account which is already a member of Administrators except for the "SeDeny*" priveleges which I left out. So a total of 4 priveleges were added & verbatim per the ssh-host-config script. Also I discovered that I had to add the server on the command line using single-quotes around the password because my password had special characters in it. The script uses double-quotes which can cause issues depending upon the special characters embedded. At least this is the case if you try & use the script cygrunsrv command line verbatim on the shell command line. Lastly, permissions on all the noted files/directories within ssh_host_config/ssh_user_config are important & all the parent directories as well. A note about priveleges beyond the noted directories/files through all parent directories up to & including '/' in openssh.README & in the scripts would be a helpful reminder. thanks & best regards, eric -Original Message- From: pedal2metal [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 6:45 AM To: cygwin@cygwin.com Subject: RE: sshd under Cygwin Hello, After using the following references: http://ist.uwaterloo.ca/~kscully/SSH/CygwinSSHD_W2K3.html http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html /usr/share/doc/Cygwin/openssh.README /usr/bin/ssh-host-config /usr/bin/ssh-user-config & plenty of T&E (trial & error), I was able to get RSA SSH2 keys to work properly. In conclusion, change the _user to instead of 'system' in both of the above scripts. I installed the sshd service manually but that was mainly due to the debug/analysis nature of the work. Shouldn't be necessary if the _user variable is changed in both scripts. Anyhow, this does bring up another question: How would one get RSA SSH2 keys to work with multiple user logins since the cygrunsrv/sshd process can only run as 1 user? It would appear the answer is "Not possible" based on my T&E results. thanks & best regards, eric rose email: [EMAIL PROTECTED] -Original Message- From: pedal2metal [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 1:37 AM To: cygwin@cygwin.com Subject: sshd under Cygwin Hello, Ok, I installed all of Cygwin & then attempted to get sshd running. I did this about 1.5 years ago & it didn't seem too hard so I thought I try again. Anyhow, this time, I've grown a bit & use the RSA keys of SSH Protocol 2 as my standard method so I wanted to do that this time. Well I ran ssh-host-config & everything looked good but only password authentication worked. After lots of mistakes, false starts, I figured out my /home/ directory rights were wrong & ran ssh-user-config to fix them which removed write priveleges for group/world. Still no RSA keys allowed. Anyhow, now I'm afraid I've made a total mess of things. I read the /usr/share/doc/Cygwin/openssh.README file which is how I got this email address. I ended up trying to "reset" things. I deleted my .ssh directory. I removed the "sshd" service via regedit. I removed the "sshd" user also via Control Panel. I then ran ssh-user-config, regenerated my RSA SSH Protocol 2 keys, then ran ssh-host-config & said yes to everything & I have CYGWIN='ntsec tty'. Still no luck. I can only connect by using my password. I'm using the "ssh 127.0.0.1" test as my reference. I'm guessing this whole process is a "do-once" & once you screw it up, it can't be undone short of a complete Cygwin re-install and/or Windows re-install, although honestly, I have no clue. I've done Google, read tons of emails, threads, read the /usr/share/doc area, etc... still no fundamental clue on the deterministic process to get RSA2 keys working reliably with sshd under Cygwin. I'm running Windows 2000 Pro SP4 & using a February 25,2004 archive of the redhat mirror for the Cygwin install. I am operational since I can use my password but I'm completely baffled by why the RSA2 keys don't work since I use them on my other systems which I use SSH for. thanks & best regards, Eric Rose -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: sshd under Cygwin
At 07:44 AM 1/2/2005, you wrote: >Hello, > After using the following references: > >http://ist.uwaterloo.ca/~kscully/SSH/CygwinSSHD_W2K3.html >http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html >/usr/share/doc/Cygwin/openssh.README >/usr/bin/ssh-host-config >/usr/bin/ssh-user-config > >& plenty of T&E (trial & error), >I was able to get RSA SSH2 keys to work properly. In conclusion, >change the _user to instead of 'system' in both of the above >scripts. >I installed the sshd service manually but that was mainly due to >the debug/analysis nature of the work. Shouldn't be necessary if the >_user variable is changed in both scripts. > >Anyhow, this does bring up another question: > How would one get RSA SSH2 keys to work with multiple user logins >since the cygrunsrv/sshd process can only run as 1 user? It would >appear the answer is "Not possible" based on my T&E results. If you want to be able to use multiple user's with sshd, then you must start the service as 'SYSTEM' (or 'sshd_server' for W2K3). There's no need to edit any scripts as you suggest above to get this working. My WAG is that you started 'sshd' from the command line once as the user you were logged in as. This will create files like '/var/log/sshd.log' with permissions for your user as the owner, which won't work if you then try to start the 'sshd' as 'SYSTEM'. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: sshd under Cygwin
While I did delete everything when doing a T&E cycle, /var/log/sshd.log /var/empty (dir) /var/run/sshd.pid /etc/ssh* (all keygen, config files) /etc/passwd (removed sshd entry) Removed user (via Control Panel) Removed sshd (via cygrunsrv) .ssh (in User directory) I also verified all Registry entries had no references to ssh after doing this. So I think everytime I did a T&E cycle, it was "clean" from the script's point of view (ssh-host-config). However, there is a subtle acl change that ssh-user-config does to ensure the SYSTEM process can access the user's .ssh contents which I likely did not go back & execute after getting everything to work. This thread seemed particularly relevant: http://www.cygwin.com/ml/cygwin/2003-09/msg00766.html then http://www.cygwin.com/ml/cygwin/2003-09/msg00810.html then http://www.cygwin.com/ml/cygwin/2003-07/msg00684.html Symptomatically, my behavior was identical to http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html which I couldn't find a conclusion for. However, in the "heat of battle" it's easy to skip a step so now I'm trying again to test my luck now that I'm "initiated" into the sshd world :-) & see if I can get multiple users working. thanks & best regards, eric rose email: [EMAIL PROTECTED] -Original Message- From: Larry Hall [mailto:[EMAIL PROTECTED] Sent: Sunday, January 02, 2005 1:26 PM To: pedal2metal; cygwin@cygwin.com Subject: RE: sshd under Cygwin At 07:44 AM 1/2/2005, you wrote: >Hello, > After using the following references: > >http://ist.uwaterloo.ca/~kscully/SSH/CygwinSSHD_W2K3.html >http://sources.redhat.com/ml/cygwin/2001-11/msg00844.html >/usr/share/doc/Cygwin/openssh.README >/usr/bin/ssh-host-config >/usr/bin/ssh-user-config > >& plenty of T&E (trial & error), >I was able to get RSA SSH2 keys to work properly. In conclusion, >change the _user to instead of 'system' in both of the >above scripts. I installed the sshd service manually but that was >mainly due to the debug/analysis nature of the work. Shouldn't be >necessary if the _user variable is changed in both scripts. > >Anyhow, this does bring up another question: > How would one get RSA SSH2 keys to work with multiple user logins >since the cygrunsrv/sshd process can only run as 1 user? It would >appear the answer is "Not possible" based on my T&E results. If you want to be able to use multiple user's with sshd, then you must start the service as 'SYSTEM' (or 'sshd_server' for W2K3). There's no need to edit any scripts as you suggest above to get this working. My WAG is that you started 'sshd' from the command line once as the user you were logged in as. This will create files like '/var/log/sshd.log' with permissions for your user as the owner, which won't work if you then try to start the 'sshd' as 'SYSTEM'. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
