Mail Archives: cygwin/2007/12/23/07:48:52
Just another thing that I have noticed:
$ /usr/sbin/sshd -d -d -d -D
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 210
debug2: parse_server_config: config /etc/sshd_config len 210
debug3: /etc/sshd_config:13 setting Port 22
debug3: /etc/sshd_config:21 setting Protocol 2
debug3: /etc/sshd_config:42 setting StrictModes no
debug3: /etc/sshd_config:96 setting UsePrivilegeSeparation yes
debug3: /etc/sshd_config:110 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_4.7p1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
/var/empty must be owned by root and not group or world-writable.
Who should be the owner of /var/empty. Right now I have:
drwxr-xr-x+ 2 SYSTEM SYSTEM 0 Dec 22 22:40 empty
On Dec 23, 2007 4:22 AM, Kevin Hilton <kevhilton AT gmail DOT com> wrote:
> Where to start??
>
> I attempting to setup the sshd within Windows Vista. For this OS
> documentation seems scant.
> openssh version OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
>
> At this point I dont care about priviledge separation. I can use it,
> or not. I attempted to setup the daemon using ssh-host-config and
> answered yes to using privledge separation.
> Now Im stuck since I cant undo the process.
>
> Im find the /usr/share/doc/openssh/README.privsep file not to be all
> that helpful
>
>
> Currently Im getting the following:
> $ net start sshd
> System error 1069 has occurred.
>
> The service did not start due to a logon failure.
>
> With /var/log/sshd.log Im finding:
> Privilege separation user sshd does not exist
>
> Here is my setup:
> $ ssh-host-config
> Overwrite existing /etc/ssh_config file? (yes/no) yes
> Generating /etc/ssh_config file
> Overwrite existing /etc/sshd_config file? (yes/no) yes
> Privilege separation is set to yes by default since OpenSSH 3.3.
> However, this requires a non-privileged account called 'sshd'.
> For more info on privilege separation read /usr/share/doc/openssh/README.privsep
> .
>
> Should privilege separation be used? (yes/no) yes
> Generating /etc/sshd_config file
>
> Host configuration finished. Have fun!
>
> $ more /etc/passwd
> SYSTEM:*:18:544:,S-1-5-18::
> Administrators:*:544:544:,S-1-5-32-544::
> Administrator:unused_by_nt/2000/xp:500:513:U-Darien\Administrator,S-1-5-21-22494
> 56148-3830241392-4138796912-500:/home/Administrator:/bin/bash
> Guest:unused_by_nt/2000/xp:501:513:U-Darien\Guest,S-1-5-21-2249456148-3830241392
> -4138796912-501:/home/Guest:/bin/bash
> IUSR_NMPR:unused_by_nt/2000/xp:1000:513:IUSR_NMPR,U-Darien\IUSR_NMPR,S-1-5-21-22
> 49456148-3830241392-4138796912-1000:/home/IUSR_NMPR:/bin/bash
> klal:unused_by_nt/2000/xp:1001:513:U-Darien\klal,S-1-5-21-2249456148-3830241392-
> 4138796912-500:/home/klal:/bin/bash
> sshd:unused_by_nt/2000/xp:1002:513:sshd privsep,U-Darien\sshd,S-1-5-21-224945614
> 8-3830241392-4138796912-1002:/var/empty:/bin/false
>
> Its obvious I need to do something more with the sshd user?? What do I do?
>
--
Kevin Hilton
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -