X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.4 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_54,J_CHICKENPOX_55,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By:	sourceware.org
To:	cygwin AT cygwin DOT com
From:	Michael Makuch <gmanedotorg AT makuch DOT org>
Subject:	Re: Openssh compatibility problem?
Date:	Sat, 03 Jan 2009 12:20:30 -0600
Lines:	68
Message-ID:	<495FAC6E.90401@makuch.org>
References:	<gjei0c$l4o$1 AT ger DOT gmane DOT org> <495F8758 DOT 9000002 AT makuch DOT org> <495F9091 DOT 9060305 AT cwilson DOT fastmail DOT fm>
Mime-Version:	1.0
User-Agent:	Thunderbird 2.0.0.19 (Windows/20081209)
In-Reply-To:	<495F9091.9060305@cwilson.fastmail.fm>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Charles Wilson wrote:
> Michael Makuch wrote:
>> This is not a compatibility problem between cygwin/openssh versions. I
>> am now seeing the problem just trying to ssh from plum to plum (an XP
>> box). It seems that openssh 5.1 on cygwin is loaded with problems.
>>
>> Anyone have it working? Anyone able to get it working without problems?
>>
> 
> Works fine here. It appears that the issue is the configuration on
> plum's server. Some things to check:
> 
> 1) make sure that you have opened port 22/tcp in plum's firewall
> 
> 2) make sure that /etc/hosts.allow includes the line 'sshd : ALL' (or
> 'sshd : ALL : allow'
> 
> 3) for localhost testing (e.g 'ssh localhost' on plum) add the following
> to /etc/hosts.allow *before* 'all : PARANOID : deny'
> 
> 'all : localhost 127.0.0.1 : allow'
> 
> or 'all : localhost 127.0.0.1 [::1] : allow' if you're using cygwin-1.7.
> 
> 4) You might consider installing the syslogd or syslog-ng service on
> plum.  Shut down sshd, run 'syslog-config' or 'syslog-ng-config', then
> 'cygrunsrv -S syslogd' or 'cygrunsrv -S syslog-ng'.  THEN restart sshd.
> 
> Now, you can try to ssh to plum, and tcp_wrapper errors will be reported
> to plum's /var/log/messages, as well as some other sshd errors.
> 
> --
> Chuck
> 

Mystery solved, mostly. After much agony.

Good to know about syslog for future reference, thanks.

I've been watching for errors in /var/log/sshd.log and was getting
"sshd 17472 child_copy: linked dll data write copy failed" which a
rebaseall seemed to clear up, but still did't let ssh work.

Culprit: /etc/hosts.allow and hosts.deny. Couple issues here.

1) On one occaision I found these with chmod 0;

$ ls -l hosts.allow hosts.deny
----------  1 mkm None 434 Jan  3 11:49 hosts.allow
----------+ 1 mkm None 225 Jan  3 00:38 hosts.deny

I don't know how or why but this was on a fresh cygwin install, latest 
bits DLd yesterday. I just re-confirmed a fresh install of cygwin
leaves these 2 files chmod 0.

Without read perms it appears that sshd will not allow ssh to connect 
from anywhere, local nor remote. With read perms things get better.

2) In some recent release the default hosts.allow has been modified to

ALL : PARANOID : deny
sshd: ALL

I am surmising that PARANOID is a relatively new feature and unsupported 
by openssh 4.5 - I deduce this since when I remove PARANOID I can then 
successfully ssh from openssh 4.5. In essence I would call this a 
"compatibility" issue between this version of Cygwin and the older ones.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -