Mail Archives: cygwin/2016/10/04/04:16:14

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/10/04/04:16:14

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; q=dns; s=default; b=B3uaXv4XRWkPlDwBYEfrc/7YKNV0T

Vcw863f1w5jh0H952HztOufezOY3HV5WW0YvWklm14Iqw1MA/A2Lsmj8zvNtGrmW

zgTdDRtd65xPffiNPNL4ZK8EevA8WR+wteAEzSMRMdjGvoiJ0rPxebisMc0b/Ejd

1GcTytW5vQ0Qoo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; s=default; bh=UchjmwBRJ5fkAlu7M2IVd+xikjI=; b=x7H

Mt6p/KKdDkbzavhoeFL6G5HAPUNMZ97z+cpTZ4d4SiGP4zFFA4uoTXdHcMffK9AI

VrELC1/i0lu+4nyVTanmn9qWPCf5uvKYRPhT3jGxygvBlPHWZBzh5oSjzN4bHjs7

/C7KFV+8G6rUW+EegnCu8cFNxNIppvuKTFPs+oNs=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=passwd, folders, Seconds, inbound

X-HELO: mail-it0-f41.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zDzJTtqty3wn6zzlvy8WMriTCIgqkm6/mvBqTSiwqF4=; b=XLyMjj0/RftyIBB1LO7q/j+8KBVaXHHdWWe/rZGm5e0MDBTbQF5dsoLS81dbyGEHg2 BqSpQdj9G7OpKOeAfSRPVcxi2rnefygKLxp20PZufk11qXbbc39RxcDFHp29y4/8587w qEvZjGRjFpIb7U9xFvhMuabBoNanqkRWc3QlfZ+05+GtbLYnfxc4+4FA13RsAevNNvOb Rq1Mn+6lnDVFHOJbtXOmtv7fkQrm/3mIWc0bo/R8JM3T2Nexsso5xJ8iAFxYiI5nTNSk yCdSOcCx3SUNdxieyxxRysSK5szeaTdQyz+VArnD7bv+avCkiKmGB94O+/Lqe1FYrCV0 AjFA==

X-Gm-Message-State: AA6/9RnMDKXzNg6LnYg8jE2sUVQ94s367vAVJHvSiPY8iig5bf588YCX67fP2uJtLZq7yNPtNo4Plb08Elgj9g==

X-Received: by 10.36.130.135 with SMTP id t129mr3052206itd.31.1475568944511; Tue, 04 Oct 2016 01:15:44 -0700 (PDT)

MIME-Version: 1.0

From: =?UTF-8?B?TmljbyBNw7xsbGVy?= <nmueller323 AT gmail DOT com>

Date: Tue, 4 Oct 2016 10:15:44 +0200

Message-ID: <CAGEt87yir-7CtKpk=sGw8kYtTDwEOOQe0t4ga7a3TZitFGmueg@mail.gmail.com>

Subject: Automated Cygwin installation on a Google VM

To: cygwin AT cygwin DOT com

Hey everyone!

We are trying to set up an automated Cygwin install on a Windows
Server 2012 R2 VM in the Google cloud. The idea is to build a script
that makes sure Icinga is able to connect to the server via SSH, for
monitoring reasons.

Here is what we came up with:

---

# Cygwin installation + SSH setup
$file = "setup-x86_64.exe"
$url = "gs://cygwin/2.5.2/$($file)"
$output = "C:\Users\Public\Downloads\$($file)"

$localdir = "C:\cygwin_packages"
$rootdir = "C:\cygwin"
$mirror = "http://mirrors.kernel.org/sourceware/cygwin"
$packages = "openssh,vim,cygrunsrv"
$cyg_bash = "C:\cygwin\bin\bash.exe"

$cyg_pw_url = "xxx"
$cyg_password = Invoke-WebRequest -Uri $cyg_pw_url -UseBasicParsing
$cyg_password | Out-File "C:\Users\Public\cyg_server_password.txt"

$username = "icingaremote"
$ici_pw_url = "xxx"
$ici_password = Invoke-WebRequest -Uri $ici_pw_url -UseBasicParsing
$ici_password | Out-File "C:\Users\Public\icingaremote_password.txt"
$group = "Administrators"
$ssh_folder = "/home/$($username)/.ssh"
$key = "xxx"
$start_time = Get-Date

if (Test-Path $output) {
    Write-Output "Cygwin installer $($output) already exists"
}
else {
    gsutil cp $url $output
    Write-Output "Installing Cygwin..."
    Start-Process -FilePath $($output) -ArgumentList "-q -D -L -d -g
-o -s $($mirror) -l $($localdir) -R $($rootdir) -C Base -P
$($packages)" -Wait -PassThru

    Write-Host "Creating folders for SSH login..."
    Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c
'mkpasswd -l > /etc/passwd; mkdir -p $($ssh_folder); echo $($key) >
$($ssh_folder)/authorized_keys; chmod 700 $($ssh_folder); chmod 600
$($ssh_folder)/authorized_keys; chown -R $($username)
/home/$($username)/'" -Wait -PassThru

    Write-Output "Starting SSH configuration..."
    Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c
'ssh-host-config --yes --pwd $($cyg_password)'" -Wait

    $sshd_config_file = "C:\cygwin\etc\sshd_config"
    $acl = Get-Acl $sshd_config_file

    $rule = New-Object -TypeName
System.Security.AccessControl.FileSystemAccessRule("$($group)",
"Modify", "None", "None", "Allow")
    $acl.AddAccessRule($rule)
    Set-Acl $sshd_config_file $acl

    $sshd_config = Get-Content $sshd_config_file
    $sshd_config.Replace('#PasswordAuthentication yes',
'PasswordAuthentication no').Replace('#PubkeyAuthentication yes',
'PubkeyAuthentication yes') | Out-File -Encoding ascii -FilePath
$sshd_config_file -Force

    Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c
'cygrunsrv -S sshd'" -Wait

    Write-Output "Total time taken:
$((Get-Date).Subtract($start_time).Seconds) second(s)"
}

# Add Firewall exception for SSH
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound
-Action Allow -DisplayName SSH -Program "C:\cygwin\usr\sbin\sshd.exe"

---

Which works fine, if you run it as a local administrator, but fails to
start the SSHD service properly, if you run it as a startup script,
because startup scripts are run as the local system user. The file
permissions end up in a very messed up state, if the script is run as
the local system user.

Seeing that the Google cloud and Icinga are nothing too exotic, is
there anyone, who tried the same setup and had success setting this up
or has some general hints on this matter?

Regards

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=B3uaXv4XRWkPlDwBYEfrc/7YKNV0T
	Vcw863f1w5jh0H952HztOufezOY3HV5WW0YvWklm14Iqw1MA/A2Lsmj8zvNtGrmW
	zgTdDRtd65xPffiNPNL4ZK8EevA8WR+wteAEzSMRMdjGvoiJ0rPxebisMc0b/Ejd
	1GcTytW5vQ0Qoo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=UchjmwBRJ5fkAlu7M2IVd+xikjI=; b=x7H
	Mt6p/KKdDkbzavhoeFL6G5HAPUNMZ97z+cpTZ4d4SiGP4zFFA4uoTXdHcMffK9AI
	VrELC1/i0lu+4nyVTanmn9qWPCf5uvKYRPhT3jGxygvBlPHWZBzh5oSjzN4bHjs7
	/C7KFV+8G6rUW+EegnCu8cFNxNIppvuKTFPs+oNs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=passwd, folders, Seconds, inbound
X-HELO:	mail-it0-f41.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zDzJTtqty3wn6zzlvy8WMriTCIgqkm6/mvBqTSiwqF4=; b=XLyMjj0/RftyIBB1LO7q/j+8KBVaXHHdWWe/rZGm5e0MDBTbQF5dsoLS81dbyGEHg2 BqSpQdj9G7OpKOeAfSRPVcxi2rnefygKLxp20PZufk11qXbbc39RxcDFHp29y4/8587w qEvZjGRjFpIb7U9xFvhMuabBoNanqkRWc3QlfZ+05+GtbLYnfxc4+4FA13RsAevNNvOb Rq1Mn+6lnDVFHOJbtXOmtv7fkQrm/3mIWc0bo/R8JM3T2Nexsso5xJ8iAFxYiI5nTNSk yCdSOcCx3SUNdxieyxxRysSK5szeaTdQyz+VArnD7bv+avCkiKmGB94O+/Lqe1FYrCV0 AjFA==
X-Gm-Message-State:	AA6/9RnMDKXzNg6LnYg8jE2sUVQ94s367vAVJHvSiPY8iig5bf588YCX67fP2uJtLZq7yNPtNo4Plb08Elgj9g==
X-Received:	by 10.36.130.135 with SMTP id t129mr3052206itd.31.1475568944511; Tue, 04 Oct 2016 01:15:44 -0700 (PDT)
MIME-Version:	1.0
From:	=?UTF-8?B?TmljbyBNw7xsbGVy?= <nmueller323 AT gmail DOT com>
Date:	Tue, 4 Oct 2016 10:15:44 +0200
Message-ID:	<CAGEt87yir-7CtKpk=sGw8kYtTDwEOOQe0t4ga7a3TZitFGmueg@mail.gmail.com>
Subject:	Automated Cygwin installation on a Google VM
To:	cygwin AT cygwin DOT com