delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2017/04/15/17:33:20

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:message-id:date:from:mime-version:to:subject
:references:in-reply-to:content-type:content-transfer-encoding;
q=dns; s=default; b=MrxtWo3BxMuYMszn6UZThoedKon3AHJxx8gdSLzrO8P
GHZKroRq1sz45Yl53JDvKfNZ+RtkXtyUJtxeg7Kwu99GNLjXGwCm+hSpv5Denkzt
k4bb5ib9E5dhh776HMCCQM9PUMLbMizA/IZU0/PKJkUAqN/XySz+NG2aK7g4MpMU
=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:message-id:date:from:mime-version:to:subject
:references:in-reply-to:content-type:content-transfer-encoding;
s=default; bh=Rf6NXGf0nn6wpSq9iU7dWfgNeoo=; b=Y2qjQRVAyLar6YFNJ
lCq353t4IOTG79LXhUqI9QCPVFQOvov8+uGTpndTxIGQoDzmCtEmDDDGvgWgQw3g
MjE/V23sNLO2SNC606skQ5gicybShXV3UllO23ftc1Xkdfe0A1LmJ6xXhCTnjqsL
9BgQOpW2zmtQAjshZ1jMZyXpdo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.9 required=5.0 tests=BAYES_00,GIT_PATCH_2,RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=H*r:8.14.7, Wasnt, Wasn't
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <58F2918D.2020703@tlinx.org>
Date: Sat, 15 Apr 2017 14:33:01 -0700
From: L A Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: How to create root account to own /var/empty for ssh?
References: <58F24188 DOT 3060503 AT tlinx DOT org> <93276a4b-b80f-b39d-ea16-4975a080c9a3 AT gmail DOT com>
In-Reply-To: <93276a4b-b80f-b39d-ea16-4975a080c9a3@gmail.com>
X-IsSubscribed: yes 

Marco Atzeri wrote:
>
>>
>> How am I supposed to make ssh happy?
>>
>> Thanks!
>> -l
>>
>
> user separation ?
>
> $ ls -ld /var/empty
> drwxr-xr-x+ 1 cyg_server Administrators 0 Jan  7  2015 /var/empty

Um, could elaborate?  I mean do I just create a user called
cyg_server, and that makes it sshd happy?  Or how is user
separation different than having root own the directory?

Also, is it the same separation mentioned in this
deprecation message?:

>  /sbin/sshd
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
/var/empty must be owned by root and not group or world-writable.

...or has the option been renamed?  FWIW -- this *used* to work on my
machine until the upgrade.

Thanks again!



p.s. -- BTW, found this amusing: the old 'sshd' works still
works and picks up the newer openssl lib::

New sshd:
/sbin> /sbin/sshd -v
sshd: unknown option -- v
OpenSSH_7.5p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin> /sbin/sshd  -4
/etc/sshd_config line 105: Deprecated option UsePrivilegeSeparation
Could not load host key: /etc/ssh_host_ed25519_key
/var/empty must be owned by root and not group or world-writable.
/sbin/

Old sshd:
/sbin.o> ./sshd --version
sshd: unknown option -- -
OpenSSH_6.6.1p1, OpenSSL 1.0.2k  26 Jan 2017
/sbin.o> /sbin.o/sshd  -4   
Could not load host key: /etc/ssh_host_ed25519_key
/sbin.o> (works)

---------
Wasn't user-separation in 6.6?




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019