Mail Archives: cygwin/2012/05/11/05:06:24
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-SWARE-Spam-Status: | No, hits=1.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_THEBAT,KHOP_THREADED,SPF_SOFTFAIL,TW_MK,TW_UU
|
| X-Spam-Check-By: | sourceware.org
|
| Date: | Fri, 11 May 2012 12:54:26 +0400
|
| From: | Andrey Repin <anrdaemon AT freemail DOT ru>
|
| Reply-To: | Andrey Repin <cygwin AT cygwin DOT com>
|
| Message-ID: | <603694529.20120511125426@mtu-net.ru>
|
| To: | Andre Loker <mail AT andreloker DOT de>, cygwin AT cygwin DOT com
|
| Subject: | Re: [1.7.15-1] Installing sshd fails
|
| In-Reply-To: | <4FACC985.909@andreloker.de>
|
| References: | <4FACC985 DOT 909 AT andreloker DOT de>
|
| MIME-Version: | 1.0
|
| X-IsSubscribed: | yes
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
Greetings, Andre Loker!
> I'm trying to install cygwin 1.7.15-1 on a new Windows Server 2008 R2
> machine. I can't get sshd to install properly.
> When I run ssh-host-config the script says that creation of the user
> sshd has failed:
Do you start it in an elevated console?
> ------------------------------------
> $ ssh-host-config
> *** Info: Generating /etc/ssh_host_key
> *** Info: Generating /etc/ssh_host_rsa_key
> *** Info: Generating /etc/ssh_host_dsa_key
> *** Info: Generating /etc/ssh_host_ecdsa_key
> *** Info: Creating default /etc/ssh_config file
> *** Info: Creating default /etc/sshd_config file
> *** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
> *** Info: However, this requires a non-privileged account called 'sshd'.
> *** Info: For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
> *** Query: Should privilege separation be used? (yes/no) yes
> *** Info: Note that creating a new user requires that the current
> account have
> *** Info: Administrator privileges. Should this script attempt to create a
> *** Query: new local account 'sshd'? (yes/no) yes
> *** Warning: Creating the user 'sshd' failed!
> *** ERROR: Couldn't create user 'sshd'!
> *** ERROR: Privilege separation set to 'no' again!
> *** ERROR: Check your /etc/sshd_config file!
> *** Info: Updating /etc/sshd_config file
> ------------------------------------
> However, the sshd user has in fact been created in Windows. If I re-run
> ssh-host-config now and confirm to overwrite the config files, the
> scripts runs further but fails when creating cyg_server:
> ------------------------------------
> $ ssh-host-config
> *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
> *** Info: Creating default /etc/ssh_config file
> *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> *** Info: Creating default /etc/sshd_config file
> *** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
> *** Info: However, this requires a non-privileged account called 'sshd'.
> *** Info: For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
> *** Query: Should privilege separation be used? (yes/no) yes
> *** Info: Updating /etc/sshd_config file
> *** Query: Do you want to install sshd as a service?
> *** Query: (Say "no" if it is already installed as a service) (yes/no) yes
> *** Query: Enter the value of CYGWIN for the daemon: []
> *** Info: On Windows Server 2003, Windows Vista, and above, the
> *** Info: SYSTEM account cannot setuid to other users -- a capability
> *** Info: sshd requires. You need to have or to create a privileged
> *** Info: account. This script will help you do so.
> *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
> *** Info: or later. On these systems, it's not possible to use the
> LocalSystem
> *** Info: account for services that can change the user id without an
> *** Info: explicit password (such as passwordless logins [e.g. public key
> *** Info: authentication] via sshd).
> *** Info: If you want to enable that functionality, it's required to create
> *** Info: a new account with special privileges (unless a similar account
> *** Info: already exists). This account is then used to run these special
> *** Info: servers.
> *** Info: Note that creating a new user requires that the current account
> *** Info: have Administrator privileges itself.
> *** Info: No privileged account could be found.
> *** Info: This script plans to use 'cyg_server'.
> *** Info: 'cyg_server' will only be used by registered services.
> *** Query: Do you want to use a different name? (yes/no) no
> *** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
> *** Info: Please enter a password for new user cyg_server. Please be sure
> *** Info: that this password matches the password rules given on your
> system.
> *** Info: Entering no password will exit the configuration.
> *** Query: Please enter the password:
> *** Query: Reenter:
> *** Warning: Creating the user 'cyg_server' failed! Reason:
> The user or group account specified cannot be found.
> The user was successfully created but could not be added
> to the USERS local group.
> More help is available by typing NET HELPMSG 3774.
> *** Info: Please enter a password for new user cyg_server. Please be sure
> *** Info: that this password matches the password rules given on your
> system.
> *** Info: Entering no password will exit the configuration.
> *** Query: Please enter the password:
> ------------------------------------
> It then hangs in a loop asking for the password. At this point the
> cyg_server user has been created but is not member of any group.
> If I now manually add cyg_server to Users and Administrators and once
> again rerun the ssh-host-config:
> ------------------------------------
> $ ssh-host-config
> *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
> *** Info: Creating default /etc/ssh_config file
> *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> *** Info: Creating default /etc/sshd_config file
> *** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
> *** Info: However, this requires a non-privileged account called 'sshd'.
> *** Info: For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
> *** Query: Should privilege separation be used? (yes/no) yes
> *** Info: Updating /etc/sshd_config file
> *** Query: Do you want to install sshd as a service?
> *** Query: (Say "no" if it is already installed as a service) (yes/no) yes
> *** Query: Enter the value of CYGWIN for the daemon: []
> *** Info: On Windows Server 2003, Windows Vista, and above, the
> *** Info: SYSTEM account cannot setuid to other users -- a capability
> *** Info: sshd requires. You need to have or to create a privileged
> *** Info: account. This script will help you do so.
> *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
> *** Info: or later. On these systems, it's not possible to use the
> LocalSystem
> *** Info: account for services that can change the user id without an
> *** Info: explicit password (such as passwordless logins [e.g. public key
> *** Info: authentication] via sshd).
> *** Info: If you want to enable that functionality, it's required to create
> *** Info: a new account with special privileges (unless a similar account
> *** Info: already exists). This account is then used to run these special
> *** Info: servers.
> *** Info: Note that creating a new user requires that the current account
> *** Info: have Administrator privileges itself.
> *** Info: The following privileged accounts were found: 'cyg_server' .
> *** Info: This script plans to use 'cyg_server'.
> *** Info: 'cyg_server' will only be used by registered services.
> *** Query: Do you want to use a different name? (yes/no) no
> *** Query: Please enter the password for user 'cyg_server':
> *** Query: Reenter:
> *** Warning: User cyg_server does not appear in /etc/passwd.
> *** Info: The sshd service has been installed under the 'cyg_server'
> *** Info: account. To start the service now, call `net start sshd' or
> *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
> *** Info: after the next reboot.
> *** Warning: Couldn't change owner of /etc/ssh_config!
> *** Warning: Couldn't change owner of /etc/sshd_config!
> *** Warning: Couldn't change owner of /etc/ssh_host_dsa_key!
> *** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key!
> *** Warning: Couldn't change owner of /etc/ssh_host_key!
> *** Warning: Couldn't change owner of /etc/ssh_host_rsa_key!
> *** Warning: Couldn't change owner of /etc/ssh_host_dsa_key.pub!
> *** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key.pub!
> *** Warning: Couldn't change owner of /etc/ssh_host_key.pub!
> *** Warning: Couldn't change owner of /etc/ssh_host_rsa_key.pub!
> *** Warning: Couldn't change owner of /var/empty!
> *** Warning: Couldn't change owner of /var/log/lastlog!
> *** Warning: Couldn't change owner of important files to cyg_server!
> *** Warning: This may cause the sshd service to fail! Please make sure that
> *** Warning: you have suufficient permissions to change the ownership of
> files
> *** Warning: and try to run the ssh-host-config script again.
> *** Warning: Host configuration exited with 12 errors or warnings!
> *** Warning: Make sure that all problems reported are fixed,
> *** Warning: then re-run ssh-host-config.
> ------------------------------------
> Finally: if I update /etc/passwd:
$ mkpasswd -l >> /etc/passwd
> and rerun the script I get:
> ------------------------------------
> $ ssh-host-config
> *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
> *** Info: Creating default /etc/ssh_config file
> *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> *** Info: Creating default /etc/sshd_config file
> *** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
> *** Info: However, this requires a non-privileged account called 'sshd'.
> *** Info: For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
> *** Query: Should privilege separation be used? (yes/no) yes
> *** Info: Updating /etc/sshd_config file
> *** Info: Sshd service is already installed.
> *** Warning: Couldn't determine name of user running sshd service from
> /etc/passwd!
> *** Warning: As a result, this script cannot make sure that the files used
> *** Warning: by the sshd service belong to the user running the service.
> *** Warning: Please re-run the mkpasswd tool to make sure the /etc/passwd
> *** Warning: file is in a good shape.
> *** Warning: Host configuration exited with 1 errors or warnings!
> *** Warning: Make sure that all problems reported are fixed,
> *** Warning: then re-run ssh-host-config.
> ------------------------------------
> I have successfully installed pre 1.7.15 versions on identical machines
> so I assume something has changed in 1.7.15 that causes those errors.
> I'm running the Cygwin Terminal with elevated rights, of course.
> Any help to fix this is much appreciated.
> With kind regards,
> Andre Loker
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--
WBR,
Andrey Repin (anrdaemon AT freemail DOT ru) 11.05.2012, <12:54>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -