Mail Archives: cygwin/2006/05/10/14:15:05
Andrew DeFaria wrote:
> Larry Hall (Cygwin) wrote:
>> Andrew DeFaria wrote:
>>> I'm trying to set up ssh access to a Windows 2003 server. I am having
>>> a problem in that when I ssh to this server it immediately exits and
>>> I find the following in /var/log/sshd.log:
>>>
>>> 5 [main] sshd 12912 C:\Cygwin\usr\sbin\sshd.exe: *** fatal error
>>> - could not load ws2_32, Win32 error 0
>>>
>>> Forgive me I did do some research about setting up ssh on a 2003
>>> server and I believe I've very close to having it set up correctly
>>> but I'm still missing something. I created a local sshd_server user
>>> and added things like "Act as part of the operating system", "Replace
>>> process level token", etc. I did not see a setting for "Increase
>>> quota". Note that I am using a local sshd_server users (i.e.
>>> <machine>\sshd_server) as the logon for the sshd service. I don't
>>> believe I'm using privilege separation.
>>>
>>> I had to use mmc and a Group Policy editor for the domain to add this
>>> local user into the rights at the domain level before this would
>>> work. Still when I try to ssh in I get a password prompt but after
>>> that the above gets written into the sshd.log and the prompt returns.
>>>
>>> Note that I also use this local sshd_server user for inetd so that
>>> rsh can and does work. Insecure I know and I'd like to switch this
>>> client over to using all ssh but I gotta get it working for them.
>>>
>>> Thanks in advance.
>> Why not use ssh-host-config to set up sshd? It will create
>> sshd_server for you in the proper way.
> I did! sshd_server would not have been my choice of a username had I
> done this by hand (the user daemon comes to mind). However that was not
> working. This is a domain environment so the sshd_server user could be
> <domain>\sshd_server or <local machine>\sshd_server. I don't think I
> have enough privilege to add a domain user so I made it a local user.
>
> Plus I believe that domain policies did not allow me to modify the user
> rights of this local user. (From memory) I believe I went into mmc and
> added the Group Policy Editor snapin then attempted to add the local
> sshd_server to the users that have say "Act as part of the operating
> system" rights but the add button was grayed out. Last night while
> trying again I noticed I could add Domain Group Policy snapin and much
> to my surprise I was able to add the <local server>\sshd_server user to
> the "Act as part of operating system" and "replace process level token"
> lists. Again I didn't see an "Increase quota". This got inetd and rsh
> working but ssh still produces an error.
>
> Actually, assuming I can create say a domain "daemon" user for use with
> sshd and inetd, etc., would it be better to do this at the domain level.
> I would like to allow others in the domain to set up ssh or inetd with
> the rights to SU...
No tweaking of the permissions for sshd_server is necessary and it's not
required to add sshd_server to any other users to get things to work.
sshd_server is a local user created to run the service and nothing else.
To login via 'ssh' with a domain user, just make sure the domain user is
in your '/etc/passwd' file and your '/etc/group' file contains the proper
domain groups. See 'man mkpasswd' and 'man mkgroup' if these users and
groups are not already in these files.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -