delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2007/01/08/15:04:11

X-Spam-Check-By: sourceware.org
Message-ID: <011f01c73360$02559a70$84017ece@jabelxp>
From: "Jay Abel" <jabel AT flex DOT com>
To: <worwor AT bellsouth DOT net>, "cygwin cygwin" <cygwin AT cygwin DOT com>
References: <45A29A07 DOT 70201 AT bellsouth DOT net>
Subject: Re: can't start sshd
Date: Mon, 8 Jan 2007 10:02:59 -1000
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

----- Original Message ----- 
From: "Charles D. Russell"
To: "cygwin cygwin"
Sent: Monday, January 08, 2007 9:22 AM
Subject: Re: can't start sshd


> Windows event log shows only information events (id 0) from sshd, but 
> /var /log/sshd.log showed:
>
> /var/empty must be owned by root and not group or world-writable
>
> Presumably that is my problem, since ls shows:
>
> drwxr-xr-x+  2 cdr None  0 Jan  6 13:48 empty/
>
> The simple hack of disabling privilege separation has given me a 
> working system, which I am not  inclined to monkey with, but if I have 
> problems in the future I'll pursue this track.  Thanks for the advice.
>

It is my experience that 90% of the time, if sshd refuses to start or if 
ssh refuses to connect, there is a file permission problem somewhere. 
Most of the required permissions make sense if you think about them:

1. Host key not writable
2. /var/empty not writable so that sshd cannot be hacked
3. configuration file not writable by just anyone.
4. others, consult SSH documentation

If you cannot connect, check

1. Private key is not readable by others (duh)
2. Authorized keys is not writable (double duh)
3. others, consult SSH documentation

And be sure that you have a configuration which supports file 
permissions.  You may need ntsec and ntea if using FAT, consult your 
documentation for details.

If you set up sshd using the ssh-host-config and ssh-user-config 
scripts, these will all be correct by default, but once you have tweaked 
the configurations, these scripts won't overwrite them by default.

A warning, NEVER let windows touch the permissions on a cygwin tree. 
Many things in unixes depend on permissions being set a certain, 
rational, way.  Trying to fix things by setting permissions on a whole 
tree can make a horrible mess, please resist the temptation to fix 
things this way.  I speak from experience here.

Cygwin works much better if you use ntfs.  Emulating permissions on FAT 
systems will allow things to work, but provides no real security and 
shouldn't be used on a machine accesible from the public network.

Hope this helps.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019