delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2013/05/03/11:09:43

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:to:date:subject:message-id:references
:content-type:content-transfer-encoding:mime-version; q=dns; s=
default; b=FfOVKlgDoHCJ5juD5st+fH9AvZBgdBAiTYqxaNbg//IGD+EXbm/hH
30aDRYTEVDK5xv1F4DTqe9bKzZn1tAFrRcodb4bDOVsLbh2RElLxqkSV4kII1MHY
X8WP1ODGYs7E6rQIk85dnD3Q7VzpbYsiYI60g1pFFMbv/GoDWGWhuE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:to:date:subject:message-id:references
:content-type:content-transfer-encoding:mime-version; s=default;
bh=wvhgSTvsVCR9ra8VayhHFgC4qo8=; b=F2AhF7PgnQasnfjDZkYVZfHmCc9P
MM3PP9yoSxnueyEu0jk8BJN38nPxYyL/znT4Y6+kvBgwv7CUQOGKsWSgKapA2QT0
phwfr0obwN+x87XB1WSlYN+Ieu1MiIgXgUXR9GaSM9D54sK/jSb14Rxe3nR9uTJF
bCLIdtou6yIMezw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,KHOP_THREADED,RP_MATCHES_RCVD,SPF_PASS,TW_YG,T_FILL_THIS_FORM_SHORT autolearn=ham version=3.3.1
From: "Johnson, Matt" <MattJohnson AT pcci DOT edu>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date: Fri, 3 May 2013 10:08:41 -0500
Subject: RE: Sshd cannot be manually restarted
Message-ID: <C91D1A45D873B145BF9EB5577C334053F4CC6A5AEB@EXCHANGE01.pcci.int>
References: <C91D1A45D873B145BF9EB5577C334053F4CC6A58EA AT EXCHANGE01 DOT pcci DOT int> <51828D00 DOT 7030303 AT cygwin DOT com>
MIME-Version: 1.0
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id r43F9aX4009646

I used ssh-host-config to set up the sshd service and provided different options to the queries. In between variations of input to ssh-host-config, I completely removed Cygwin and reinstalled it.

To provide a clear problem description, I started from a fresh install and used the attached install.bat.txt script (my mail client removed the previous script because it was a batch file) to install Cygwin and configure sshd. Everything works fine in the script except for the final command which attempts to start the service and results in the output below. Attached is also the cygcheck output after the installation.
---- Output ----
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.
---- End Output ----

So after the clean install, the service does not start. But I rebooted the machine and the service is running once I get logged in to the machine (ssh-host-config sets the start mode to auto):
---- Output ----
C:\>sc query sshd

SERVICE_NAME: sshd
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
---- End Output ----
I can connect to the machine remotely using PuTTY. Looking in the Windows Application event log, I see three logged events related to sshd:
sshd: PID 1616: `sshd' service started
sshd: PID 1952: Server listening on :: port 22.
sshd: PID 1952: Server listening on 0.0.0.0 port 22.
/var/log/sshd.log is present but empty because log entries are going to the Windows event log.

This all looks normal as compared to other working machines. However, if I stop the service and try to start it again, it fails:
---- Output ----
C:\>net stop sshd
The CYGWIN sshd service is stopping.
The CYGWIN sshd service was stopped successfully.

C:\>net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.
---- End Output ----

One last piece of information that might be helpful comes from turning on process auditing on the problem machine. It shows the following two audit entries right next to each other with an abnormal exit code from cygrunsrv.exe:
-------------------------------------------------
A new process has been created.

Subject:
	Security ID:		SYSTEM
	Account Name:		STREAMINGDEV$
	Account Domain:		PCC
	Logon ID:		0x3e7

Process Information:
	New Process ID:		0xec4
	New Process Name:	C:\cygwin\bin\cygrunsrv.exe
	Token Elevation Type:	TokenElevationTypeDefault (1)
	Creator Process ID:	0x21c
-------------------------------------------------
A process has exited.

Subject:
	Security ID:		PCC\sdoracle
	Account Name:		sdoracle
	Account Domain:		PCC
	Logon ID:		0x1f7d23

Process Information:
	Process ID:	0xec4
	Process Name:	C:\cygwin\bin\cygrunsrv.exe
	Exit Status:	0xc0000005
-------------------------------------------------

Any ideas of what could be preventing the service from being restarted would be appreciated.

-- Matt Johnson


> -----Original Message-----
> From: 
> Sent: Thursday, May 02, 2013 10:58 AM 
> Subject: Re: Sshd cannot be manually restarted
> 
> On 5/2/2013 10:04 AM, Johnson, Matt wrote:
> > I am having difficulty getting the sshd service to run through Cygwin.
> > Attached is the cygcheck output for the server that I am having problems with.
> 
> OK, let's start with this as a backdrop for this discussion.  sshd is
> difficult to configure because of the security restrictions it imposes (by
> definition).  While it's possible to configure it to work in all kinds of
> situations, it requires allot of knowledge, lots of experimentation, or
> both.  To make things easier for the typical usage, ssh-host-config script
> exists.  This has its limitations, of course.  In particular, it makes a
> special local account to run sshd under with the proper permissions to
> support public key authentication for local users (plus general password
> authentication).  From the information you've provided below, you've clearly
> taken a different route to configure your system.  While you are free to
> do so, that puts you in fairly uncharted territory.  So let's proceed with
> this as a basis of understanding.
> 
> > Attached is a batch file which I initially used to install Cygwin and
> > configure sshd (used this script because it worked on 2 other servers).
> 
> Oops.  No script attached.  This is both a red flag (use of some unknown
> and unsupported script) and a pointer to a possible solution for you.  If
> you've used this script successfully on 2 other servers, you have a basis
> for comparison between non-working and working servers to find what's
> getting in your way here.
> 
> > Everything worked fine until trying to start the service. Odd behavior is
> > that rebooting the machine results in the service running fine (it is set to
> > automatic startup). Stopping the service and trying to start it again
> > results in the failures below. I can run /usr/sbin/sshd -D from a Cygwin
> > prompt and it works fine.
> 
> OK, generally speaking, starting sshd from the command line as your user is
> a big 'no-no', assuming you care about public key authentication at least.
> You may not care or you may have set your account up with all the necessary
> permissions to do this (even domain-wide).  Either one of these courses of
> action is fine so long as you understand the limits and/or what needs to be
> done to achieve success.  But if what I've just said puts you outside of
> your comfort zone, it's best to stop right here and reassess what you're
> trying to do.
> 
> > Starting from the Services snap-in results in "Windows could not start
> > the  CYGWIN sshd service on Local Computer. Error 1067: The process
> terminated
> > unexpectedly." There are no entries in the Application event log related to
> > (Cygwin) sshd. Entry in System event log: " The CYGWIN sshd service
> > terminated unexpectedly. It has done this 26 time(s)."
> 
> You may find more useful information in /var/log/sshd/log.  Based on your
> cygcheck output, I would expect that you will find all sorts of log info
> there, since you're running a debug session of sshd (good!).  So there will
> be all sorts of log info that you can look at and will likely provide some
> insight.  Keep in mind, running sshd as debug, while very helpful in for
> diagnostics, means that each disconnected session will terminate the sshd
> service.
> 
> > Admin command prompt:
> > ---- Output ----
> > C:\>net start sshd
> > The CYGWIN sshd service is starting.
> > The CYGWIN sshd service could not be started.
> >
> > A system error has occurred.
> >
> > System error 1067 has occurred.
> >
> > The process terminated unexpectedly.
> >
> > C:\>C:\cygwin\Cygwin.bat
> >
> > sdoracle AT STREAMINGDEV ~
> > $ cygrunsrv -S sshd
> > cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1062:
> > The service has not been started.
> >
> >
> > sdoracle AT STREAMINGDEV ~
> > $
> > ---- End Output ----
> >
> > Things I have tried:
> > Used a local privileged user to run the service
> > Used a different domain user that successfully runs the sshd service on a
> different machine
> > Created a fresh domain account to run the sshd service
> > Searched for duplicate cygwin1.dll's - none found
> > Applied full control to SYSTEM to C:\cygwin, C:\cygwin\var, and
> C:\cygwin\var\log
> 
> I'd be careful about setting permissions, especially globally.  Unless
> you're going to turn off permission checking for sshd, it's going to be
> pretty picky about what it expects where.  Setting things globally usually
> results in, frankly, wrong permissions in spots where it counts.  Remember
> sshd is trying to maintain some amount of security so it's not only looking
> for access in certain areas but also lack of access to groups and others.
> See ssh-host-config for details here.
> 
> > Removed local group policy object and rebooted machine
> > Compared Local Security options and User Rights to working servers (identical
> except for administrator account name)
> > Turned Windows firewall on and off
> 
> Sounds like your best bet is to review ssh-host-config comparing
> permissions it sets for files and directories with those that
> you have on the non-working and working servers.  Also, I'd
> recommend carefully going through the sshd.log from your debug
> session.  Separately or in combination, I think these two
> avenues will help you allot.
> 
> --
> Larry
> 
> _________________________________________________________________
> ____
> 
> A: Yes.
>  > Q: Are you sure?
>  >> A: Because it reverses the logical flow of conversation.
>  >>> Q: Why is top posting annoying in email?
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019