Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
From:	"Mikkel Rostock" <mikkel AT nsales DOT dk>
To:	<cygwin AT cygwin DOT com>
Subject:	RE: Windows hardening and system paths
Date:	Thu, 18 Aug 2005 23:55:09 +0200
Message-ID:	<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA5Mn/gf2eOki1anFw3+Z8M8KAAAAQAAAA+pJRU/rEhkecK8UAUznVHwEAAAAA@nsales.dk>
MIME-Version:	1.0
In-Reply-To:	<43045936.D69BBC8D@dessent.net>

Hello again,

I installed Cygwin using the installer, and after installing the packages -
as I have done at least 10 times before - I ran the ssh-host-config -y (yes
to all). This usually generates the host-keys automatically, and as you
correctly state; it also sets the right permissions per default.

I installed the exact same package on another machine running Windows XP -
to eliminate the possibility of differences in package versions being the
issue here. However, the package that I installed on Windows XP - using the
exact same installation and configuration procedures - started the service
straight away - without any problems and without creating special user
accounts. Maybe I should try and create a special user account, since I am
trying to install on Windows Server 2003 and not XP where it works fine.

Therefore my conclusion is that something must be configured wrong on this
particular Windows Server 2003 - as you hopefully could make from the logs. 

By the way - how do I generate the host keys? This might be the issue since
sshd terminates because of this.

Sorry for all the questions, but I am out of my depths here - I usually have
no problems with Cygwin on any Windows platform... Maybe I'm on my own...

Best Regards
Mikkel Rostock

-----Original Message-----
From: Brian Dessent [mailto:brian AT dessent DOT net] 
Sent: 18. august 2005 11:48
To: cygwin AT cygwin DOT com
Subject: Re: Windows hardening and system paths

Mikkel Rostock wrote:

> > whether you set the permissions and ownership of files correctly
> I haven't changed permissions for any files, since usually when I install
it
> on Windows XP this is not necessary.
> 
> > created the proper user accounts
> The service is set to use LocalSystem account

This will not work.  Under 2k3 you need to create a special user account
and give it extra permissions.  This is explained in
/usr/share/doc/Cygwin/openssh.README.  However, the details are not
important because all the user-creation and permission-setting is done
for you with the ssh-host-config script which I recommend you use. 
Trying to do this by hand can be difficult.

>
----------------------------------------------------------------------------
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
>
----------------------------------------------------------------------------

You have not created the host keys.  This is another task that
ssh-host-config will automate for you.  You probably don't have a
/etc/sshd_config file either.  I recommend that you remove all traces of
whatever you've done by hand to install the sshd service and instead run
the script.

Brian



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -