Mail Archives: cygwin/2003/09/15/15:30:54

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/09/15/15:30:54

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Subject: SSHD, Cygwin and Windows 2003

From: Mark J de Jong <dejongm AT secdog DOT com>

To: cygwin AT cygwin DOT com

Message-Id: <1063654188.1917.126.camel@localhost>

Mime-Version: 1.0

Date: 15 Sep 2003 15:29:48 -0400

X-Spam-Status: No, hits=-101.9 required=4.5

tests=PGP_SIGNATURE_2,RCVD_IN_OSIRUSOFT_COM,USER_IN_WHITELIST

version=2.55

X-Spam-Level:

X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

--=-/H+zSZvfd7iAcyO4cXaw
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,
I've looked and couldn't find decent docs on this so for those of you
who are lookin', this is a quick howto on how to setup the
Cygwin/OpenSSH daemon on M$ Windows 2003. This will fix the passwordless
(ssh key) login issue.

1. Install Cygwin with the openssh binaries....
2. After completing the Cygwin setup, goto the cygwin command prompt and
type 'ssh-host-config'
3. Answer 'y' when asked if you want to sshd with privilege separation.
4. Answer 'y' when asked if user sshd should be created by the script.
5. Answer 'y' when asked if you want sshd to be created as a service.
6. Create a new windows user named "sshdproc" or whatever you wish the
sshd process account username to be. If you happen to notice the sshd
user being disabled, don't enable it!
7. Place the sshdproc user in the "Administrators" group.
8. Give the sshdproc user the following system rights:
	* Create a token object
	* Log on as a service
	* Replace a process level token

	And for security.....
	* Deny log on locally
	* Deny access to this computer from the network

9. Reconfigure the "CYGWIN sshd service" to run as the new "sshdproc"
user.
10. At the cygwin command prompt type 'mkpasswd -l |grep sshdproc >>
/etc/passwd <enter>'
11. Type 'touch /var/log/sshd.log <enter>'
12. Type 'chmod 644 /var/log/sshd.log <enter>'
11. Type 'chown sshdproc /var/empty /var/log/sshd.log /etc/ssh_*
<enter>'
12. Type 'cygrunsrv --start sshd <enter>'

That should be it.. Hope this helps! :)

Best,
Mark J. de Jong



--=-/H+zSZvfd7iAcyO4cXaw
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA/ZhMrkfGSW46CQfURAgiTAKCvKRIcpMlB5TeEbE6lquRE3PR8xQCfRAbD
b3qKj1KC7g8JdTmjlxqAL9Y=
=c6hw
-----END PGP SIGNATURE-----

--=-/H+zSZvfd7iAcyO4cXaw--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Subject:	SSHD, Cygwin and Windows 2003
From:	Mark J de Jong <dejongm AT secdog DOT com>
To:	cygwin AT cygwin DOT com
Message-Id:	<1063654188.1917.126.camel@localhost>
Mime-Version:	1.0
Date:	15 Sep 2003 15:29:48 -0400
X-Spam-Status:	No, hits=-101.9 required=4.5
	tests=PGP_SIGNATURE_2,RCVD_IN_OSIRUSOFT_COM,USER_IN_WHITELIST
	version=2.55
X-Spam-Level:
X-Spam-Checker-Version:	SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)