Mail Archives: cygwin/2005/01/04/13:12:44
Thanks for this record. It should be useful for others.
Larry
At 10:37 AM 1/4/2005, you wrote:
>Hi Folks,
> Here's the conclusion to my sshd journey. Larry was correct.
>When installed properly, sshd should "just work", even using keys & with
>multiple users.
>Here's an exact record of the process I used for those considering embarking
>on this journey
>for themselves. :-)
>
>thanks & best regards,
>eric
>
>LOG:
>0. Format Hard Drive w/NTFS.
>1. Windows 2K, SP4 Fresh Install. Install all critical updates.
>2. Install Cygwin. Make sure openSSH package is selected as it is not
>selected by Default.
>3. Set CYGWIN=ntsec tty in System Environment Variables via
>Settings->Control Panel->System->Advanced->Environment Variables->System
>Variables New Button.
>4. Restart Win2K/SP4 machine.
>5. Check SYSTEM user rights. Check myself and a non-existent user as
>references.
> Eric@<HOSTNAME> ~
> $ ./testrights.csh SYSTEM
> SeAssignPrimaryTokenPrivilege 2
> SeCreateTokenPrivilege 2
> SeDenyInteractiveLogonRight 2
> SeDenyNetworkLogonRight 2
> SeDenyRemoteInteractiveLogonRight 2
> SeIncreaseQuotaPrivilege 2
> SeServiceLogonRight 2
>
> Eric@<HOSTNAME> ~
> $ ./testrights.csh Eric
> SeAssignPrimaryTokenPrivilege 2
> SeCreateTokenPrivilege 2
> SeDenyInteractiveLogonRight 2
> SeDenyNetworkLogonRight 2
> SeDenyRemoteInteractiveLogonRight 2
> SeIncreaseQuotaPrivilege 0
> SeServiceLogonRight 2
>
> Eric@<HOSTNAME> ~
> $
>
> Eric@<HOSTNAME> ~
> $ ./testrights.csh Dummy
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeAssignPrimaryTokenPrivilege 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeCreateTokenPrivilege 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeDenyInteractiveLogonRight 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeDenyNetworkLogonRight 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeDenyRemoteInteractiveLogonRight 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeIncreaseQuotaPrivilege 1
> Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
> SeServiceLogonRight 1
>
> Eric@<HOSTNAME> ~
> $
>6. Execute ssh-host-config.
> Eric@<HOSTNAME> ~
> $ ssh-host-config -p <PORT> -c 'ntsec tty'
> Generating /etc/ssh_host_key
> Generating /etc/ssh_host_rsa_key
> Generating /etc/ssh_host_dsa_key
> Generating /etc/ssh_config file
> Privilege separation is set to yes by default since OpenSSH 3.3.
> However, this requires a non-privileged account called 'sshd'.
> For more info on privilege separation read
>/usr/share/doc/openssh/README.privsep.
>
> Should privilege separation be used? (yes/no) yes
> Warning: The following function requires administrator privileges!
> Should this script create a local user 'sshd' on this machine? (yes/no)
>yes
> Generating /etc/sshd_config file
> Added ssh to C:\WINNT\system32\drivers\etc\services
> Added ssh to /etc/inetd.conf
>
>
> Warning: The following functions require administrator privileges!
>
> Do you want to install sshd as service?
> (Say "no" if it's already installed as service) (yes/no) yes
>
> The service has been installed under LocalSystem account.
> To start the service, call `net start sshd' or `cygrunsrv -S sshd'.
>
> Host configuration finished. Have fun!
>
> Eric@<HOSTNAME> ~
> $
>7. Execute ssh-user-config.
> Eric@<HOSTNAME> ~
> $ ssh-user-config
>
> WARNING: group and other have been revoked write permission to your home
> directory /home/Eric.
> This is required by OpenSSH to allow public key authentication
>using
> the key files stored in your .ssh subdirectory.
> Revert this change ONLY if you know what you are doing!
>
> Shall I create an SSH1 RSA identity file for you? (yes/no) no
> Shall I create an SSH2 RSA identity file for you? (yes/no) (yes/no) yes
> Generating /home/Eric/.ssh/id_rsa
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Do you want to use this identity to login to this machine? (yes/no) yes
> Adding to /home/Eric/.ssh/authorized_keys
> Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) no
>
> Configuration finished. Have fun!
>
> Eric@<HOSTNAME> ~
> $
>8. Restart Win2K/SP4 machine.
>9. Confirm cygrunsrv/sshd processes are running via Windows Task Manager.
>10. Execute 'ssh -p <PORT> 127.0.0.1'.
> Eric@<HOSTNAME> ~
> $ ssh -p <PORT> 127.0.0.1
> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
> RSA key fingerprint is 67:8b:8e:2e:2c:93:a3:85:70:15:a6:ef:11:20:d9:f3.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
> Fanfare!!!
> You are successfully logged in to this server!!!
>
> Eric@<HOSTNAME> ~
> $
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -