Mail Archives: cygwin/2002/05/13/07:49:17
Just a quick question, is CYGWIN sent globally in your environment. I
have seen this problem when CYGWIN is not in SYSTEM's environment with
ntsec enabled. Probably not your problem, but at least something to
verify.
On Mon, 13 May 2002, Zeus [ISO-8859-1] Gómez Marmolejo wrote:
> Hi all,
>
> I've searched all the historical messages of the list but I haven't find
> any solution to my problem. Any help would be appreciated. I've
> installed cygwin sshd in a W2k server box but I can't manage to start
> it. When I run it as a service, I get the following error:
>
> $ cygrunsrv -S sshd
> cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
> The service has not been started.
>
> Viewing the logs, there's a couple of errors:
> $ cat /var/log/sshd.log
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_rsa_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_rsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/etc/ssh_host_dsa_key' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /etc/ssh_host_dsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
>
> But, in this case when I do an ls of the /etc/ directory I get the
> following:
> $ ls -las /etc
> total 139
> 4 drwxrwxrwx 5 Administ None 4096 May 12 10:22 .
> 4 drwxrwxrwx 10 Administ None 4096 May 9 12:44 ..
> 1 -rwxrwxrwx 1 Administ None 280 May 9 12:44 group
> 86 -rwxrwxrwx 1 Administ None 88039 Mar 7 16:50 moduli
> 1 -rwxrwxrwx 1 Administ None 966 May 12 10:09 passwd
> 4 drwxrwxrwx 2 Administ None 4096 May 9 12:44 postinstall
> 0 -rw-r--r-- 1 Administ None 0 May 12 10:21 primes
> 1 -rwxrwxrwx 1 Administ None 386 May 9 12:44 profile
> 0 drwxrwxrwx 2 Administ None 0 May 9 12:42 profile.d
> 16 drwxrwxrwx 2 Administ None 16384 May 9 12:43 setup
> 1 -rw-rw-rw- 1 Administ Administ 955 May 9 12:45 ssh_config
> 1 -rw------- 1 SYSTEM SYSTEM 668 May 9 12:45
> ssh_host_dsa_key
> 1 -rw-r--r-- 1 Administ Administ 612 May 9 12:45
> ssh_host_dsa_key.pub
> 1 -rw------- 1 SYSTEM SYSTEM 537 May 9 12:44 ssh_host_key
> 1 -rw-r--r-- 1 Administ Administ 341 May 9 12:44
> ssh_host_key.pub
> 1 -rw------- 1 SYSTEM SYSTEM 887 May 9 12:45
> ssh_host_rsa_key
> 1 -rw-r--r-- 1 Administ Administ 232 May 9 12:45
> ssh_host_rsa_key.pub
> 2 -rw-rw-rw- 1 Administ Administ 1562 May 12 10:22 sshd_config
> 13 -rwxrwxrwx 1 Administ None 12306 Apr 3 17:11 termcap
>
> The ssh_host*_key files have 0600 permissions and the logs are
> incorrect. I have tried to change the owner of these files to
> Administrator and run the service in the command line (as Administrator):
> $ /usr/sbin/sshd -D
>
> The command succeeds but when I try to login, passwords doesn't match (I
> suppose that sshd has to be run as SYSTEM account to authenticate
> users). How can I solve this problem?
>
> Windows 2000 acls shows that /etc/ssh_host*_key has the Everyone user
> but no permissions with it. Can be this problem? I can't remove the
> 'Everyone' user of the acl because the owner is SYSTEM and I would be
> changing the ownership of the files... What should I do?
>
> CYGWIN is set to "ntsec tty". Any thanks in advance.
>
>
> Zeus Gómez.
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisBrooks
Senior System Administrator - Web Infrastructure & Security
A knight is sworn to valor. His heart knows only virtue. His blade
defends the helpless. His word speaks only truth. His wrath undoes
the wicked. - the old code of Bowen, last of the dragonslayers
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -