Mail Archives: cygwin/2002/10/23/19:41:19
------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Attached are three small patches to the following files:
/bin/ssh-host-config
/bin/ssh-user-config
/usr/doc/Cygwin/openssh-3.4p1-5.README
to fix some installation issues and better explain using sshd in Windows.
The ssh-user-config changes are due to the fact that the default cygwin
umask is 000. Maybe a .bash_profile could be created containing umask 022
when the user's home directory is first created. Just a thought.
This is the culmination of 6 hours of list perusing, and hair pulling, so
it's definitely "field tested".
Hope this helps,
Ross Smith
--- ssh-host-config.orig 2002-07-07 03:07:12.000000000 -0700
+++ ssh-host-config 2002-10-23 16:11:12.000000000 -0700
@@ -164,6 +164,7 @@
if [ $_nt -gt 0 ]
then
chown system.system /var/empty
+ chmod 755 /var/empty
fi
fi
--- ssh-user-config.orig 2002-06-21 13:32:33.000000000 -0700
+++ ssh-user-config 2002-10-23 16:15:24.000000000 -0700
@@ -123,6 +123,8 @@
fi
fi
+chown `whoami` ${pwdhome}
+
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user
identity files."
@@ -139,6 +141,8 @@
fi
fi
+chmod 755 ${pwdhome}/.ssh
+
if [ ! -f "${pwdhome}/.ssh/identity" ]
then
if request "Shall I create an SSH1 RSA identity file for you?"
@@ -196,5 +200,8 @@
fi
fi
+chmod 600 ${pwdhome}/.ssh/*
+chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys?
+
echo
echo "Configuration finished. Have fun!"
--- openssh-3.4p1-5.README.orig 2002-10-23 15:20:39.000000000 -0700
+++ openssh-3.4p1-5.README 2002-10-23 16:23:03.000000000 -0700
@@ -123,12 +123,53 @@
- If you want to authenticate via RSA and you want to login to that
machine to exactly one user account you can do so by running sshd
- under that user account. You must change /etc/sshd_config
- to contain the following:
+ under that user account.
+
+ * Change /etc/sshd_config to contain
RSAAuthentication yes
- Moreover it's possible to use rhosts and/or rhosts with
+ * Make sure you have executed the following:
+
+ $ ssh-host-config
+ $ ssh-user-config
+
+ * Due to the fact that cygwin's default umask is 0000, you will need
+ to execute the following (substituting your user name for USERNAME):
+
+ chown USERNAME ~
+ chmod 755 ~ ~/.ssh
+ chmod 600 ~/.ssh/*
+ chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys?
+
+ * Reinstall the ssh daemon to run as the user. Execute the following
+ (substituting your user name for USERNAME, and your password for
PASSWORD):
+
+ chmod 666 /var/log/sshd.log /var/empty
+ rm -fr /var/log/sshd.log /var/empty
+ touch /var/log/sshd.log
+ chmod 644 /var/log/sshd.log
+ chmod 755 /var/empty
+ chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log
+ cygrunsrv --stop sshd
+ cygrunsrv --remove sshd
+ cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \
+ -u USERNAME \
+ -w "PASSWORD" \
+ -d "sshd" \
+ -p /usr/sbin/sshd.exe \
+ -1 /var/log/sshd.log \
+ -2 /var/log/sshd.log \
+ -a "-e -D"
+ cygrunsrv --start sshd
+
+ * NOTE: The user will not be able to login using their Windows password.
+ They will only be able to login using RSA authentication.
+
+ Therefore, you will need to copy your identity.pub and id_??a.pub
+ files into authorized_keys, and authorized_keys2, respectfully.
+
+ Moreover, it's possible to use rhosts and/or rhosts with
RSA authentication by setting the following in sshd_config:
RhostsAuthentication yes
------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
name="ssh-host-config.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="ssh-host-config.diff"
--- ssh-host-config.orig 2002-07-07 03:07:12.000000000 -0700=0A=
+++ ssh-host-config 2002-10-23 16:11:12.000000000 -0700=0A=
@@ -164,6 +164,7 @@=0A=
if [ $_nt -gt 0 ]=0A=
then=0A=
chown system.system /var/empty=0A=
+ chmod 755 /var/empty=0A=
fi=0A=
fi=0A=
=0A=
------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
name="ssh-user-config.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="ssh-user-config.diff"
--- ssh-user-config.orig 2002-06-21 13:32:33.000000000 -0700=0A=
+++ ssh-user-config 2002-10-23 16:15:24.000000000 -0700=0A=
@@ -123,6 +123,8 @@=0A=
fi=0A=
fi=0A=
=0A=
+chown `whoami` ${pwdhome}=0A=
+=0A=
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]=0A=
then=0A=
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create =
user identity files."=0A=
@@ -139,6 +141,8 @@=0A=
fi=0A=
fi=0A=
=0A=
+chmod 755 ${pwdhome}/.ssh=0A=
+=0A=
if [ ! -f "${pwdhome}/.ssh/identity" ]=0A=
then=0A=
if request "Shall I create an SSH1 RSA identity file for you?"=0A=
@@ -196,5 +200,8 @@=0A=
fi=0A=
fi=0A=
=0A=
+chmod 600 ${pwdhome}/.ssh/*=0A=
+chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys?=0A=
+=0A=
echo=0A=
echo "Configuration finished. Have fun!"=0A=
------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
name="openssh-3.4p1-5.README.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="openssh-3.4p1-5.README.diff"
--- openssh-3.4p1-5.README.orig 2002-10-23 15:20:39.000000000 -0700=0A=
+++ openssh-3.4p1-5.README 2002-10-23 16:23:03.000000000 -0700=0A=
@@ -123,12 +123,53 @@=0A=
=0A=
- If you want to authenticate via RSA and you want to login to that=0A=
machine to exactly one user account you can do so by running sshd=0A=
- under that user account. You must change /etc/sshd_config=0A=
- to contain the following:=0A=
+ under that user account.=0A=
+ =0A=
+ * Change /etc/sshd_config to contain=0A=
=0A=
RSAAuthentication yes=0A=
=0A=
- Moreover it's possible to use rhosts and/or rhosts with=0A=
+ * Make sure you have executed the following:=0A=
+ =0A=
+ $ ssh-host-config=0A=
+ $ ssh-user-config=0A=
+=0A=
+ * Due to the fact that cygwin's default umask is 0000, you will need=0A=
+ to execute the following (substituting your user name for USERNAME):=0A=
+ =0A=
+ chown USERNAME ~=0A=
+ chmod 755 ~ ~/.ssh=0A=
+ chmod 600 ~/.ssh/*=0A=
+ chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys?=0A=
+=0A=
+ * Reinstall the ssh daemon to run as the user. Execute the following=0A=
+ (substituting your user name for USERNAME, and your password for =
PASSWORD):=0A=
+ =0A=
+ chmod 666 /var/log/sshd.log /var/empty=0A=
+ rm -fr /var/log/sshd.log /var/empty=0A=
+ touch /var/log/sshd.log=0A=
+ chmod 644 /var/log/sshd.log=0A=
+ chmod 755 /var/empty=0A=
+ chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log =0A=
+ cygrunsrv --stop sshd=0A=
+ cygrunsrv --remove sshd=0A=
+ cygrunsrv --install sshd -e "CYGWIN=3Dglob ntsec binmode" \=0A=
+ -u USERNAME \=0A=
+ -w "PASSWORD" \=0A=
+ -d "sshd" \=0A=
+ -p /usr/sbin/sshd.exe \=0A=
+ -1 /var/log/sshd.log \=0A=
+ -2 /var/log/sshd.log \=0A=
+ -a "-e -D"=0A=
+ cygrunsrv --start sshd=0A=
+=0A=
+ * NOTE: The user will not be able to login using their Windows =
password.=0A=
+ They will only be able to login using RSA authentication.=0A=
+ =0A=
+ Therefore, you will need to copy your identity.pub and id_??a.pub=0A=
+ files into authorized_keys, and authorized_keys2, respectfully.=0A=
+=0A=
+ Moreover, it's possible to use rhosts and/or rhosts with=0A=
RSA authentication by setting the following in sshd_config:=0A=
=0A=
RhostsAuthentication yes=0A=
------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: text/plain; charset=us-ascii
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
------=_NextPart_000_0000_01C27AB2.FBF24080--
- Raw text -