Mail Archives: cygwin/2014/04/01/04:35:22

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/04/01/04:35:22

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=M93PGqWzE1Xmaa+BJGp/ix34OLmmmtUXfPbefDk4ByLEdaLfPQjt7

miaIuK8xzn5LT/dc7z+5KZLU/d6pQScSCyyToL7skusy9QrUfQelni5KcdDHwEnW

TSXIabPJIu/3VdaWLykhv+qBd2Uaic1HOWClHAYeZjpIBey6i32ZdY=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=TOyk+23mXX4405MUPShCfVrmOR4=; b=bPaXrUqlqqlqUhCObP62cnn0DrZf

+u9rJjLhxT5Zq3wBHQ/97peGHI6rrrqvUP3eATxRVsfKSDY6R+nFYQs3RAdUNZQn

l2WdmjD0eENs71FgNBFXPILJLIDEkBu7Fr0XzhEjlAxiIOwSOCylAf5yQ/kgf2Q0

8meFaJIYvu2vuZo=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,SCAM_SUBJECT,URI_HEX autolearn=no version=3.3.2

X-HELO: calimero.vinschen.de

Date: Tue, 1 Apr 2014 10:34:58 +0200

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Silently configure sshd fails via system account

Message-ID: <20140401083458.GA13005@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <5307BB89 DOT 80405 AT cse DOT yorku DOT ca> <1395192297365-107203 DOT post AT n5 DOT nabble DOT com> <5329BDA5 DOT 8060507 AT cse DOT yorku DOT ca> <20140319165724 DOT GE2715 AT calimero DOT vinschen DOT de>

MIME-Version: 1.0

In-Reply-To: <20140319165724.GE2715@calimero.vinschen.de>

User-Agent: Mutt/1.5.21 (2010-09-15)

--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 19 17:57, Corinna Vinschen wrote:
> On Mar 19 11:54, Paul Griffith wrote:
> > On 03/18/2014 09:24 PM, PolarStorm wrote:
> > > Paul Griffith wrote
> > >> ...
> > >> /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pw=
d blah
> > >> ...
> > >=20
> > > Just a few things...
> > >=20
> > > 1) Don't do that (manually).
> > > First of all, "ntsec" is deprecated. Second, there are a lot of stran=
ge
> > > issues when
> > > using "--yes", just answer the questions manually, especially since y=
ou
> > > don't need
> > > all those keys just to have ssh work.
> > >=20
> > > 2) Make sure you run the ssh-host-config from an "administrator: cygw=
in
> > > shell.
> > >=20
> > > 3) Check your /etc/sshd-config for: "UsePrivilegeSeparation sandbox" =
which
> > > is
> > > the new default. The ssh-host-config script has a bug on line 169 that
> > > attempts
> > > to set this to "no", but where the regex fails. (I told people in  TH=
IS
> > > <http://cygwin.1069669.n5.nabble.com/CSIH-SSH-setup-script-problems-o=
n-W81-64-tp106953.html>
> > > nabble post, but I
> > > don't think it ever reached the main mailing list.)
> > >=20
> > > 4) The sshd user pas-wor-d is set to expire by default after 42 days,=
 in
> > > Windows 8.1.
> > > Fix it if you're using that.
> > >=20
> >=20
> >=20
> > Thanks Gene for the heads up, it will help me fine tune my setup!  I ne=
ed to use the "--yes" option because I am building a automated installation=
 for Windows 7.
>=20
> I attached a new incarnation of the ssh-host-config script to this
> mail.

Anybody?


> Would interested parties be so kind to test this new script?
>=20
> Changes compared to the released version from the openssh package:
>=20
> - The "StrictModes" setting in /etc/sshd_config is now asked for, rather =
than
>   setting it always to "no".
>=20=20=20
>   The background is that "StrictModes yes" is the more secure setting.
>   "StrictModes no" is only required for users with home directories on a
>   "noacl" mount or on FAT/FAT32 partitions, so I think the administrator
>   should have a choice here.
>=20
> - The "UsePrivilegeSeparation" setting in /etc/sshd_config now takes into
>   account that the default setting is "sandbox", which doesn't make
>   sense on Cygwin.
>=20
> - Changes to /etc/sshd_config are now only written to the file, if the fi=
le
>   has been just generated or if the question
>=20
>     "Overwrite existing /etc/sshd_config file?"
>=20
>   has been answered with "yes".
>=20
> I also tweaked the script slightly to support the new passwd/group code
> I'm working on, but that's not yet finished.
>=20
>=20
Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTOnoyAAoJEPU2Bp2uRE+gCccP/1b/bAPw8uAAkmWpooxQteiI
zxAtIxkoicc42ytBSJ3jUu6yJ/NzbAAp4IopW2oQQEeTyFUEazkW8WgdtlxUuerU
QCkE10tv+yoyltEchSiGuun+bx6ChAIo61EvRXZmQtMfysWDC6ME7XztQsxfRMir
Rxd/2uG+wXOb9IG9cySh+5tnAmSRvuDl7Cg9a8HzWSBlrslTu0hDrIPxYe5BmypD
qvjZX4zPcjRt9ggg/LknL7JoGpMZ9AxaGlOa80W6V+zbkjY0LEbxXNmySB2mDqcf
wVN0XiTgDSWW6DTT2IHtPV+WlF5A8vqB/fE26YHkFzBXw76e248TSsUfXdU/OI+8
CwIXbpPS6SeAxhbh7BaUGCgv34W/DWTHiuaD6KOf+CrT8qboeb384NxBrCJWUza3
JvNaqJEbo5u7bHQaUqmV5DNlUJXSDzuqIjQaGFfux3MWDspC+UYIncwyhBJ/DjJu
luo3u+8IBMbrZBjM6okZWCHNLpPrvxjh7012TTHKh0LIp398IlWov9VT2/qZ1M2D
IcbAFa1QpO37qWO3mu/VnNH2g1cd4iJ6yuKQS1SF0/jxAuqhqVjWw+3EBMYCJDHD
Bn0aLgd++IvgqHaI76oJl3juJplUBCymmzrRxSM+DjG5tIKBi96JaaUOEFP33l6y
8/5k/GtFhfRqh1bfRqAL
=KljU
-----END PGP SIGNATURE-----

--MGYHOYXEY6WxJCY8--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=M93PGqWzE1Xmaa+BJGp/ix34OLmmmtUXfPbefDk4ByLEdaLfPQjt7
	miaIuK8xzn5LT/dc7z+5KZLU/d6pQScSCyyToL7skusy9QrUfQelni5KcdDHwEnW
	TSXIabPJIu/3VdaWLykhv+qBd2Uaic1HOWClHAYeZjpIBey6i32ZdY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=TOyk+23mXX4405MUPShCfVrmOR4=; b=bPaXrUqlqqlqUhCObP62cnn0DrZf
	+u9rJjLhxT5Zq3wBHQ/97peGHI6rrrqvUP3eATxRVsfKSDY6R+nFYQs3RAdUNZQn
	l2WdmjD0eENs71FgNBFXPILJLIDEkBu7Fr0XzhEjlAxiIOwSOCylAf5yQ/kgf2Q0
	8meFaJIYvu2vuZo=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.4 required=5.0 tests=AWL,BAYES_00,SCAM_SUBJECT,URI_HEX autolearn=no version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Tue, 1 Apr 2014 10:34:58 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Silently configure sshd fails via system account
Message-ID:	<20140401083458.GA13005@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<5307BB89 DOT 80405 AT cse DOT yorku DOT ca> <1395192297365-107203 DOT post AT n5 DOT nabble DOT com> <5329BDA5 DOT 8060507 AT cse DOT yorku DOT ca> <20140319165724 DOT GE2715 AT calimero DOT vinschen DOT de>
MIME-Version:	1.0
In-Reply-To:	<20140319165724.GE2715@calimero.vinschen.de>
User-Agent:	Mutt/1.5.21 (2010-09-15)