Mail Archives: cygwin/2014/03/19/11:54:36

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/03/19/11:54:36

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

q=dns; s=default; b=mxF55s/9nk73QV3l1hrUKcl3VI0pZKiAklRH3gGxi1W

SCc2LAcvRr4aAsPykalaA8+RZviGlGyoXe7HySgyldEcXINafHb0NcR31Fg7ZA7R

KRZaSHBKwzJNhJzRh0mQ/nGI0753qSCbul9JGs3TqCDzSzVbtl7AmK+6Yu9+ySIs

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

s=default; bh=n2f6kTL99rd2O/hp3MS4nniYHMI=; b=O+P5pkO7DRgYLbXvN

3RQFhecmm4cCEcu6BSTMVM9NOLyLoO4vY7ArgjDfLmOqio/nOyBr6hbhYHgSaQoi

7KBe8CHxhfI5baGwSLY65PoNhLiRxQnJxuapXKy13Re2L2E0TyrxuOG5Is7W6j4d

ltoUfVBvRndhI8EOmwBtvMSGx8=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: Yes, score=6.7 required=5.0 tests=AWL,BAYES_50,SCAM_SUBJECT,T_RP_MATCHES_RCVD,URI_HEX autolearn=no version=3.3.2

X-HELO: bronze.cs.yorku.ca

Message-ID: <5329BDA5.8060507@cse.yorku.ca>

Date: Wed, 19 Mar 2014 11:54:13 -0400

From: Paul Griffith <paulg AT cse DOT yorku DOT ca>

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: Silently configure sshd fails via system account

References: <5307BB89 DOT 80405 AT cse DOT yorku DOT ca> <1395192297365-107203 DOT post AT n5 DOT nabble DOT com>

In-Reply-To: <1395192297365-107203.post@n5.nabble.com>

X-Spam-Score: -1.0

X-Spam-Report: Content preview: On 03/18/2014 09:24 PM, PolarStorm wrote: > Paul Griffith wrote >> ... >> /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd blah >> ... > > Just a few things... > > 1) Don't do that (manually). > First of all, "ntsec" is deprecated. Second, there are a lot of strange > issues when > using "--yes", just answer the questions manually, especially since you > don't need > all those keys just to have ssh work. > > 2) Make sure you run the ssh-host-config from an "administrator: cygwin > shell. > > 3) Check your /etc/sshd-config for: "UsePrivilegeSeparation sandbox" which > is > the new default. The ssh-host-config script has a bug on line 169 that > attempts > to set this to "no", but where the regex fails. (I told people in THIS > <http://cygwin.1069669.n5.nabble.com/CSIH-SSH-setup-script-problems-on-W81-64-tp106953.html> > nabble post, but I > don't think it ever reached the main mailing list.) > > 4) The sshd user pas-wor-d is set to expire by default after 42 days, in > Windows 8.1. > Fix it if you're using that. > [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SHORTCIRCUIT Not all rules were run, due to a shortcircuited rule -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP

X-IsSubscribed: yes

On 03/18/2014 09:24 PM, PolarStorm wrote:
> Paul Griffith wrote
>> ...
>> /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd blah
>> ...
> 
> Just a few things...
> 
> 1) Don't do that (manually).
> First of all, "ntsec" is deprecated. Second, there are a lot of strange
> issues when
> using "--yes", just answer the questions manually, especially since you
> don't need
> all those keys just to have ssh work.
> 
> 2) Make sure you run the ssh-host-config from an "administrator: cygwin
> shell.
> 
> 3) Check your /etc/sshd-config for: "UsePrivilegeSeparation sandbox" which
> is
> the new default. The ssh-host-config script has a bug on line 169 that
> attempts
> to set this to "no", but where the regex fails. (I told people in  THIS
> <http://cygwin.1069669.n5.nabble.com/CSIH-SSH-setup-script-problems-on-W81-64-tp106953.html>
> nabble post, but I
> don't think it ever reached the main mailing list.)
> 
> 4) The sshd user pas-wor-d is set to expire by default after 42 days, in
> Windows 8.1.
> Fix it if you're using that.
> 


Thanks Gene for the heads up, it will help me fine tune my setup!  I need to use the "--yes" option because I am building a automated installation for Windows 7.

Cheers,
Paul


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	q=dns; s=default; b=mxF55s/9nk73QV3l1hrUKcl3VI0pZKiAklRH3gGxi1W
	SCc2LAcvRr4aAsPykalaA8+RZviGlGyoXe7HySgyldEcXINafHb0NcR31Fg7ZA7R
	KRZaSHBKwzJNhJzRh0mQ/nGI0753qSCbul9JGs3TqCDzSzVbtl7AmK+6Yu9+ySIs
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	s=default; bh=n2f6kTL99rd2O/hp3MS4nniYHMI=; b=O+P5pkO7DRgYLbXvN
	3RQFhecmm4cCEcu6BSTMVM9NOLyLoO4vY7ArgjDfLmOqio/nOyBr6hbhYHgSaQoi
	7KBe8CHxhfI5baGwSLY65PoNhLiRxQnJxuapXKy13Re2L2E0TyrxuOG5Is7W6j4d
	ltoUfVBvRndhI8EOmwBtvMSGx8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	Yes, score=6.7 required=5.0 tests=AWL,BAYES_50,SCAM_SUBJECT,T_RP_MATCHES_RCVD,URI_HEX autolearn=no version=3.3.2
X-HELO:	bronze.cs.yorku.ca
Message-ID:	<5329BDA5.8060507@cse.yorku.ca>
Date:	Wed, 19 Mar 2014 11:54:13 -0400
From:	Paul Griffith <paulg AT cse DOT yorku DOT ca>
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: Silently configure sshd fails via system account
References:	<5307BB89 DOT 80405 AT cse DOT yorku DOT ca> <1395192297365-107203 DOT post AT n5 DOT nabble DOT com>
In-Reply-To:	<1395192297365-107203.post@n5.nabble.com>
X-Spam-Score:	-1.0
X-Spam-Report:	Content preview: On 03/18/2014 09:24 PM, PolarStorm wrote: > Paul Griffith wrote >> ... >> /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd blah >> ... > > Just a few things... > > 1) Don't do that (manually). > First of all, "ntsec" is deprecated. Second, there are a lot of strange > issues when > using "--yes", just answer the questions manually, especially since you > don't need > all those keys just to have ssh work. > > 2) Make sure you run the ssh-host-config from an "administrator: cygwin > shell. > > 3) Check your /etc/sshd-config for: "UsePrivilegeSeparation sandbox" which > is > the new default. The ssh-host-config script has a bug on line 169 that > attempts > to set this to "no", but where the regex fails. (I told people in THIS > <http://cygwin.1069669.n5.nabble.com/CSIH-SSH-setup-script-problems-on-W81-64-tp106953.html> > nabble post, but I > don't think it ever reached the main mailing list.) > > 4) The sshd user pas-wor-d is set to expire by default after 42 days, in > Windows 8.1. > Fix it if you're using that. > [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SHORTCIRCUIT Not all rules were run, due to a shortcircuited rule -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-IsSubscribed:	yes