Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<4356C85C.130BF479@dessent.net>
Date:	Wed, 19 Oct 2005 15:27:40 -0700
From:	Brian Dessent <brian AT dessent DOT net>
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: sshd refuses ssh connections
References:	<BAYC1-PASMTP02C22AFAD2B236E5F46775C6700 AT CEZ DOT ICE> <435684E8 DOT 4040800 AT equate DOT dyndns DOT org> <BAYC1-PASMTP052431A24A326EC049E659C6700 AT CEZ DOT ICE> <43569987 DOT 7050104 AT equate DOT dyndns DOT org> <4356C583 DOT 4719DB71 AT dessent DOT net>
X-IsSubscribed:	yes
Reply-To:	cygwin AT cygwin DOT com

Brian Dessent wrote:

> No, it's a red herring.  The host keys should be readable only by the
> process that runs sshd.  This must be SYSTEM in order for impersonation
> to work.  Thus they should be readable only by SYSTEM, and that is how
> ssh-host-config sets things up, correctly.  So if you try to run sshd as
> your normal user account, it will not work.  That's why it's a bad idea
> to mess around with running sshd from a regular prompt, because you will
> run into all kinds of permissions/ownership issues unless you know
> precisely what you're doing.

The footnote to this is that if you obtain a shell as the SYSTEM user,
you can run sshd from a prompt in debugging mode without any issues. 
There is a script somewhere in the mailing list archives, I think it's
called "sysbash", that achieves this.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -