Mail Archives: cygwin/2006/05/16/09:09:37
On Mon, 15 May 2006, Andrew DeFaria wrote:
> * * wrote:
> > You might try reconfiguring with "privilege separation" turned on.
> > Also, turn on auditing of failed file access, and/or run sysInternals
> > RegMon and FileMon.
>
> Reconfigured with privilege separation turned on. Same problem.
> Interesting note: I removed /var/empty so that the ssh-host-config would
> recreate it. It does, but it's owned by my user. Starting sshd yields
> the following in /var/log/sshd.log:
>
> /var/empty must be owned by root and not group or world-writable.
>
> At first I did chown SYSTEM:SYSTEM /var/empty but that didn't help. It
> was not until I did a chown sshd_server /var/empty that I was able to
> start sshd. It was not apparent to me that, in this context, "root" ==
> "sshd_server" nor that ssh-host-config, knowing that I'm running on 2003
> and needing to create a local sshd_server user and using privilege
> separation, would not know to do a chown sshd_server on /var/empty. Bug?
Perhaps. We'll need more info on this. FWIW, I used ssh-host-config to
setup sshd with privilege separation, and everything "just worked" (tm).
> > I think your sshd_server user doesn't have permission to execute
> > Winsock2 which is %SYSTEMROOT%\System32\ws2_32.dll or one of it's
> > dependencies. Did you also check the Application Event Log?
>
> Again, whenever I go to view the Application log in the Event Viewer
> after trying an ssh it's corrupted. I can right click on the Application
> log and Clear All Events, thus creating a new Application log, which
> works. But if I do an ssh and go back to the Event Viewer it says the
> Application log is corrupted!
Ouch! That's not good, and most likely isn't Cygwin-related. However,
you can get sshd to write somewhere other than to the event log, by
setting up and starting the syslogd service -- then any events sshd
produces will go to syslog. Then you'll be able to actually see them,
invalid characters (if any) and all.
> Meantime I edited sshd_server's rights so I could do a "runas
> /user:sshd_server cmd". From here I started bash --login -i then did an
> "strace /usr/sbin/sshd -d > /tmp/sshd.strace.log 2>&1" (attached). The
> "relevant" part seems to be here:
>
> 277 3957121 [main] sshd 1404 C:\Cygwin\usr\sbin\sshd.exe: *** fatal error - could not load ws2_32, Win32 error 0
Your mailer wrapped the strace snippet, but this definitely seems
relevant. What does "getfacl /cygdrive/c/WINDOWS/system32/ws2_32.dll"
say?
> I'd appreciate any pointers (guesses) at this point?
As Richard (or "* *") pointed out, your sshd_server user probably doesn't
have access to ws2_32.dll.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -