X-Spam-Check-By:	sourceware.org
To:	cygwin AT cygwin DOT com
From:	Andrew DeFaria <Andrew AT DeFaria DOT com>
Subject:	Re: ssh to 2003 server exist immediately
Date:	Wed, 10 May 2006 08:17:19 -0700
Lines:	51
Message-ID:	<e3t060$q2n$1@sea.gmane.org>
References:	<e3s32l$k60$1 AT sea DOT gmane DOT org> <4461FD21 DOT 3050606 AT cygwin DOT com>
Mime-Version:	1.0
User-Agent:	Thunderbird 1.5.0.2 (Windows/20060308)
In-Reply-To:	<4461FD21.3050606@cygwin.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Larry Hall (Cygwin) wrote:
> Andrew DeFaria wrote:
>> I'm trying to set up ssh access to a Windows 2003 server. I am having 
>> a problem in that when I ssh to this server it immediately exits and 
>> I find the following in /var/log/sshd.log:
>>
>>      5 [main] sshd 12912 C:\Cygwin\usr\sbin\sshd.exe: *** fatal error 
>> - could not load ws2_32, Win32 error 0
>>
>> Forgive me I did do some research about setting up ssh on a 2003 
>> server and I believe I've very close to having it set up correctly 
>> but I'm still missing something. I created a local sshd_server user 
>> and added things like "Act as part of the operating system", "Replace 
>> process level token", etc. I did not see a setting for "Increase 
>> quota". Note that I am using a local sshd_server users (i.e. 
>> <machine>\sshd_server) as the logon for the sshd service. I don't 
>> believe I'm using privilege separation.
>>
>> I had to use mmc and a Group Policy editor for the domain to add this 
>> local user into the rights at the domain level before this would 
>> work. Still when I try to ssh in I get a password prompt but after 
>> that the above gets written into the sshd.log and the prompt returns.
>>
>> Note that I also use this local sshd_server user for inetd so that 
>> rsh can and does work. Insecure I know and I'd like to switch this 
>> client over to using all ssh but I gotta get it working for them.
>>
>> Thanks in advance.
> Why not use ssh-host-config to set up sshd?  It will create 
> sshd_server for you in the proper way.
I did! sshd_server would not have been my choice of a username had I 
done this by hand (the user daemon comes to mind). However that was not 
working. This is a domain environment so the sshd_server user could be 
<domain>\sshd_server or <local machine>\sshd_server. I don't think I 
have enough privilege to add a domain user so I made it a local user.

Plus I believe that domain policies did not allow me to modify the user 
rights of this local user. (From memory) I believe I went into mmc and 
added the Group Policy Editor snapin then attempted to add the local 
sshd_server to the users that have say "Act as part of the operating 
system" rights but the add button was grayed out. Last night while 
trying again I noticed I could add Domain Group Policy snapin and much 
to my surprise I was able to add the <local server>\sshd_server user to 
the "Act as part of operating system" and "replace process level token" 
lists. Again I didn't see an "Increase quota". This got inetd and rsh 
working but ssh still produces an error.

Actually, assuming I can create say a domain "daemon" user for use with 
sshd and inetd, etc., would it be better to do this at the domain level. 
I would like to allow others in the domain to set up ssh or inetd with 
the rights to SU...


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -