Mail Archives: cygwin/2000/08/08/05:48:13
Corinna Vinschen <vinschen AT cygnus DOT com> wrote:
> norbert DOT bladt AT usa DOT net wrote:
> > > Change your /etc/passwd file on the client box so that the
> > > administrator (or your favorite admins member name) has uid 0.
> > > This should allow that admin to use a privileged port when
> > > starting ssh.
> > Works ad advertised, i.e. after changing the uid of the
> > administrator on the client side to 0 it works.
> > Because that was the only change in /etc/passwd I did,
> > the user on the server side is reported as "everyone" because
> > this user is first in the /etc/passwd on the client side and
> > has the uid 0 - as created by mkpasswd.
> This prevents everyone one the server side machine to use privileged
> ports, including the admin. But that's no problem anymore since I
> updated the OpenSSH port on ftp.franken.de as announced yesterday.
I think there is a misunderstanding here.
My /etc/passwd on the client side contains (among other lines)
the following lines in this order
everyone:*:0:0 ...
administrator:xyz:0:513: ...
So the client reports to the server side that the remote (client)
username is "everyone" instead of administrator.
That's it.
Removing the everyone from /etc/passwd on the client side will solve
this small annoyance.
> > Thanks for this "solution".
> > I thought about the other "fix" you mentioned in your
> > previous E-Mail. But this seems to be a better way of doing
> > it, because we don't have to maintain another derivative of
> > a derivative of a derivative of the original OpenBSD sources ;-)
> I assume I missed the point here. There's only one port of
> OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de.
> I changed it yesterday to ignore the uid when trying to use an
> explicit port and to fix a bug in scp. The last one is a more important
> problem so I suggest using that 2.1.1p4-2 version, nevertheless.
I was talking about a fix you announced on this mailing
list wrt. rhosts but you didn't implement it, at that time.
But now, it is in the official port done by you.
> BTW: It has the "open pid file in binmode" fix as well...
This is very much appreciated !
[...]
> > Will this work for other users with uid 0, too ?
> > I don't think so, but you know a lot more about NT
> > security than me.
> It works for each `normal' user on NT now since NT doesn't restrict
> well known port access to a privileged sort of user. And it works
> for each Cygwin uid now ;-)
However, it doesn't work for me. How do you specify an "explicit"
local port to use ?
For me it looks like the same as yesterday, i.e. as soon as
I use the uid 0 it allocates a port lower than 1024 but
if I have the uid to 500 for the administrator it still uses
a port above 1023 and the (new) sshd.exe still does reject
the connection.
I just replaced the ssh on the client side and the sshd on
the server side. Is that sufficient for the test ?
Or is there something else I need to do or I am doing
wrong ?
Thanks again for your support in bringing OpenSSH
to NT.
Norbert.
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
- Raw text -