Mail Archives: cygwin/2004/08/28/01:29:38

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2004/08/28/01:29:38

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <41301832.70404@cox.net>

Date: Fri, 27 Aug 2004 22:29:22 -0700

From: Greg Morgan <drkludge AT cox DOT net>

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

MIME-Version: 1.0

To: colinb AT chameleonnet DOT co DOT uk, cygwin AT cygwin DOT com

Subject: OpenSSH-3.9p1-1, mysterious -r option, and documented steps to resolve "Connection to host closed." message was sshd privilege separation problem

References: <412EAB86 DOT 1060709 AT cox DOT net>

In-Reply-To: <412EAB86.1060709@cox.net>

Greg Morgan wrote:
> Corinna Vinschen wrote:
> ...
>  > Again, as Larry already noted, the most informative thread is
>  > http://cygwin.com/ml/cygwin/2004-08/msg00625.html
>  > Note especially http://cygwin.com/ml/cygwin/2004-08/msg00702.html
> ...
> I can't say that I tried googling for this first.  Thank you for a 
> response and having both a work around and solution already.  I'll try 
> it tomorrow at work.
> 
> Greg
> 

If the subject title of "OpenSSH-3.9p1-1, mysterious -r option, and 
documented steps to resolve "Connection to host closed." message was 
sshd privilege separation problem" did not provide you enough search 
terms here are some more cygwin-1.5.10-3 package
upgrading openssh 3.8.1p1-1 -> 3.9p1-1 breaks privilege separation.

I have tested and documented two ways to solve this problem.  If editing 
files and regular expressions bother you then try the first option.

OPTION 1.)
I ran
ssh-host-config y
at the command prompt just to make sure I had the rest of ssh setup 
correctly.  I performed this step because of all the fooling around I 
tried to resolve the "Connection to host closed." messages without 
knowing what the problem was.

Then I removed the services entry by entering
cygrunsrv -R sshd
at the command prompt.  A harmless error message will be displayed if 
you do not have the service running.

I looked at Cygwin /usr/bin/ssh-host-config configuration script and 
found the command line that I would use:
cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
-a -D -e "CYGWIN=tty ntsec"

I modified it to
cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
-a "-D -r" -e "CYGWIN=tty ntsec"
This was the command line I ran at the command prompt to supply the -r 
option that Corinna said was required.  Please enter the command all on 
one line without the \, or make sure the \, the continuation character, 
is the last character on the line before starting the -a on the second line.

Finally, I started the service by issuing this command at the Cygwin 
command prompt.
cygrunsrv -S sshd

OPTION 2.)
An alternate method is to enter
vim /usr/bin/ssh-host-config
on the command line.  The use vim's search and replace functions to 
change all the sshd -a -D occurrences to sshd -a "-D -r" like so
:%s/sshd -a -D/sshd -a "-D -r"/g

Finally, issue the following commands at the command prompt.
cygrunsrv -R sshd
ssh-host-config -y -c "tty ntsec"
cygrunsrv -S sshd

LOL..I gained some finesse the second time around. ;-)

I successfully sshed into my Cygwin PC with the new ssh package 
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 using both resolution 
procedures above.
More on why I selected "tty ntsec" 
http://tech.erdelynet.com/cygwin-sshd.html.  It has always worked.

I decided on the -r option verses installing a new Cygwin DLL.  It 
sounded like the more conservative repair approach.

If you are looking for the undocumented -r option a brief note can be 
found here http://www.mail-archive.com/cygwin AT cygwin DOT com/msg43331.html. 
  There's nothing that I found in the man page nor on 
http://www.openssh.org about the sshd -r option.

Greg

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<41301832.70404@cox.net>
Date:	Fri, 27 Aug 2004 22:29:22 -0700
From:	Greg Morgan <drkludge AT cox DOT net>
User-Agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510
MIME-Version:	1.0
To:	colinb AT chameleonnet DOT co DOT uk, cygwin AT cygwin DOT com
Subject:	OpenSSH-3.9p1-1, mysterious -r option, and documented steps to resolve "Connection to host closed." message was sshd privilege separation problem
References:	<412EAB86 DOT 1060709 AT cox DOT net>
In-Reply-To:	<412EAB86.1060709@cox.net>