Mail Archives: cygwin/2005/10/19/19:30:15
ok, start over...
stop the sshd
cygrunsrv --stop sshd
Delete /etc/ssh*
p4-3000:marcj:{/etc}322 % ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.
Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file
Host configuration finished. Have fun!
-rwxr-xr-x 1 marcj None 1159 Oct 19 18:52 ssh_config
-rw------- 1 marcj None 672 Oct 19 18:52 ssh_host_dsa_key
-rw-r--r-- 1 marcj None 603 Oct 19 18:52 ssh_host_dsa_key.pub
-rw------- 1 marcj None 528 Oct 19 18:52 ssh_host_key
-rw-r--r-- 1 marcj None 332 Oct 19 18:52 ssh_host_key.pub
-rw------- 1 marcj None 887 Oct 19 18:52 ssh_host_rsa_key
-rw-r--r-- 1 marcj None 223 Oct 19 18:52 ssh_host_rsa_key.pub
-rw-r--r-- 1 marcj None 2807 Oct 19 18:52 sshd_config
cygrunsrv --start sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
from /var/log/sshd.log:
Could not load host key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
chown SYSTEM ssh*
-rwxr-xr-x 1 SYSTEM None 1159 Oct 19 18:52 ssh_config
-rw------- 1 SYSTEM None 672 Oct 19 18:52 ssh_host_dsa_key
-rw-r--r-- 1 SYSTEM None 603 Oct 19 18:52 ssh_host_dsa_key.pub
-rw------- 1 SYSTEM None 528 Oct 19 18:52 ssh_host_key
-rw-r--r-- 1 SYSTEM None 332 Oct 19 18:52 ssh_host_key.pub
-rw------- 1 SYSTEM None 887 Oct 19 18:52 ssh_host_rsa_key
-rw-r--r-- 1 SYSTEM None 223 Oct 19 18:52 ssh_host_rsa_key.pub
-rw-r--r-- 1 SYSTEM None 2807 Oct 19 18:52 sshd_config
Now able to start sshd
ps -ef
SYSTEM 904 1 ? 19:00:05 /usr/bin/cygrunsrv
SYSTEM 2544 904 ? 19:00:05 /usr/sbin/sshd
netstat -an | grep 22
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING
I still have keys in /home/marcj/.ssh
p4-3000:marcj:{/home/marcj/.ssh}192 % ls -l
-rw-r--r-- 1 marcj None 29 Oct 19 16:55 _config
-rw-------+ 1 marcj None 1158 Oct 19 18:15 authorized_keys
-rwxr--r-- 1 marcj None 603 Oct 19 16:36 authorized_keys2
-rw------- 1 marcj None 668 Oct 19 18:15 id_dsa
-rw-r--r-- 1 marcj None 603 Oct 19 18:15 id_dsa.pub
-rw------- 1 marcj None 883 Oct 19 18:14 id_rsa
-rw-r--r-- 1 marcj None 223 Oct 19 18:14 id_rsa.pub
-rw------- 1 marcj None 528 Oct 19 18:14 identity
-rw-r--r-- 1 marcj None 332 Oct 19 18:14 identity.pub
-rw-r--r-- 1 marcj None 232 Oct 19 19:02 known_hosts
ssh -v marcj AT p4-3000
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to p4-3000 [192.168.1.204] port 22.
debug1: Connection established.
debug1: identity file /home/marcj/.ssh/identity type 0
debug1: identity file /home/marcj/.ssh/id_rsa type 1
debug1: identity file /home/marcj/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'p4-3000' is known and matches the RSA host key.
debug1: Found key in /home/marcj/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/marcj/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Wed Oct 19 19:02:01 2005 from p4-3000
seems to be working now!
p4-3000:marcj:{/}325 % ssh marcj AT p4-3000
Last login: Wed Oct 19 19:05:19 2005 from p4-3000
p4-3000:marcj:{/home/marcj}193 %
---------------------------------------------------------------------------
Also, I can get in from my laptop at the command line and using winSCP:
p4m-2000:marcj:{/etc}211 % ssh marcj AT p4-3000
marcj AT p4-3000's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Wed Oct 19 19:19:16 2005 from p4-3000
---------------------------------------------------------------------------
restart zonealarm, see if still works
p4-3000:marcj:{/var/log}329 % ssh marcj AT p4-3000
Last login: Wed Oct 19 19:08:36 2005 from p4m-2000
p4-3000:marcj:{/home/marcj}193 %
WinSCP still works from laptop!
Marc
----- Original Message -----
From: "Brian Dessent" <brian AT dessent DOT net>
To: <cygwin AT cygwin DOT com>
Sent: Wednesday, October 19, 2005 6:15 PM
Subject: Re: sshd refuses ssh connections
> Chris Taylor wrote:
>
> > >>>i followed all instructions from:
> > >>>http://pigtail.net/LRP/printsrv/cygwin-sshd.html
>
> You should ask the administrator of pigtail.net for help then. We don't
> support other sites here.
>
> > >>>The process is running:
> > >>>p4-3000:marcj:{/home/marcj}160 % ps -ef
> > >>>...
> > >>> SYSTEM 480 728 ? 00:48:33 /usr/sbin/sshd
> > >>>
> > >>>
> > >>>and the port 22 is listening:
> > >>>p4-3000:marcj:{/etc}183 % netstat -an
> > >>>
> > >>>Active Connections
> > >>>
> > >>> Proto Local Address Foreign Address State
> > >>> TCP 0.0.0.0:22 0.0.0.0:0 LISTENING
>
> It looks like a firewall problem then.
>
> > >>Could you stop the service, as described on the page you mention, and
> > >>then start it manually by doing the following:
> > >>
> > >>sshd -D -dd
>
> This is bad advice. Don't try running sshd from a non-SYSTEM account
> unless you know what you're doing.
>
> > > Disabling protocol version 1. Could not load host key
> > > Disabling protocol version 2. Could not load host key
> > > sshd: no hostkeys available -- exiting.
> >
> > Well, this is definitely why it's not working.
>
> No, it's a red herring. The host keys should be readable only by the
> process that runs sshd. This must be SYSTEM in order for impersonation
> to work. Thus they should be readable only by SYSTEM, and that is how
> ssh-host-config sets things up, correctly. So if you try to run sshd as
> your normal user account, it will not work. That's why it's a bad idea
> to mess around with running sshd from a regular prompt, because you will
> run into all kinds of permissions/ownership issues unless you know
> precisely what you're doing.
>
> To the original poster:
>
> Start over. Forget anything you read on pigtail.net. Delete all traces
> of whatever you've tried to do so far. Now run ssh-host-config and let
> it do everything. Start the service. Do not even think about trying to
> run sshd directly from a prompt. If the service is running, and the
> process is listening on the port, and you still get "Connection refused"
> then it's a firewall or winsock issue. Look at the event log and
> /var/log/sshd.log for any messages.
>
> Brian
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -