Mail Archives: cygwin/2003/11/03/12:51:22
Hi,
1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin
2. If password complexity is enabled (yes per default) use a more complex
password : length of 7 min (max 14 to avoid some warning about W2K), lower
case and upper case letters.
Good work, Philippe.
> -----Message d'origine-----
> De : cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com]
> De la part de Corinna Vinschen
> Envoyé : lundi, 3. novembre 2003 17:22
> À : cygwin AT cygwin DOT com
> Objet : Take 2: Testers for new ssh-*-config scripts wanted!
>
> Hi,
>
> I'd like to ask for more testing of the new ssh-host-config
> and ssh-user-config scripts.
>
> The new thing here is, that the ssh-host-config script now
> tries to figure out if the machine is a 2003 Server or newer
> system. If so, the script asks, if it should create a new
> account "sshd_server"
> to use as account to run sshd as service under. If you say
> "yes" at this point, a bunch of funny new activities is started:
>
> - The script creates a sshd_server account
>
> - It adds that account to the administrators group *iff* it's able
> to figure out the name of that group from the /etc/group file.
> This means, you must not change the name of the administrators
> group in /etc/group and the SID (S-1-5-32-544) must be available
> in that entry.
>
> - It uses the new editrights utility to add the necessary user rights
> to the new sshd_server account.
> These rights also explicitely deny logon locally and over network
> and allow logon only as service for security reasons.
>
> The ssh-user-config script has also been changed. It tries
> to figure out if the machine is a 2003 Server or newer and if
> so, it sets the permissions of the users ~/.ssh directory and
> the users ~/ssh/authorized_keys file so that the sshd_server
> account has read permissions on both. If it's an older
> system, it does the same for the SYSTEM account.
>
> Also on 2003, the sshd_server account is used for ownership
> of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log).
>
> Further changes:
> - Require bash for both scripts.
> - Use `read -e' in both scripts to enable readline support.
>
> So, I'd like to ask especially users of a 2003 Server system
> to test that script. Users of other systems are of course
> also welcome since I want to be sure that I haven't broken
> these systems.
>
> Attached are both scripts plus the vanilla ssh_config and
> sshd_config file. The latter two have to be copied to
> /etc/defaults/etc. Please not that the "editrights" tool has
> to be installed on your system.
> You can find it in the Base category when updating with setup.exe.
>
> Thanks in advance,
> Corinna
>
> --
> Corinna Vinschen Please, send mails
> regarding Cygwin to
> Cygwin Developer
> mailto:cygwin AT cygwin DOT com
> Red Hat, Inc.
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -