Mail Archives: cygwin/2020/08/19/12:33:50

Stephen Carrier <carrier AT berkeley DOT edu> · Wed, 19 Aug 2020 09:32:42 -0700

On Sun, Aug 16, 2020 at 11:36:10AM +0200, Marco Atzeri via Cygwin wrote:
> On 16.08.2020 10:17, Subramanya Narayanaswamy via Cygwin wrote:
> > Hi Team,
> > 
> > I'm facing below issue while trying to start CYGSSHD server. I'm running the below command as an Administrator but not sure why cygsshd is not starting. Any help?
> > --------------------------------------------------------------
> > $ net start cygsshd
> > The CYGWIN cygsshd service is starting.
> > The CYGWIN cygsshd service could not be started.
> > 
> > The service did not report an error.
> > 
> > More help is available by typing NET HELPMSG 3534.
> > 
> > Subramanya
> > 
> 
> I saw the same problem.
> The /var/log/sshd.log gave me the hint:
> -----------------------------------------------
> Permissions 0640 for '/etc/ssh_host_rsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ecdsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ed25519_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> sshd: no hostkeys available -- exiting.
> ------------------------------------------------

/var/log/sshd.config may provide helpful clues even if the issue is
different from loose permissions on the private keys.  Let us know what
you find there if you are still having trouble.

> from the Admin account
> 
>  $ cd /etc
>  $ chmod 600 ssh*
> 
> solved the problem

It may have but ... There is no need to restrict permissions on the
public keys and restricting permissions on /etc/ssh_config may interfere
with ssh client use by non-Administrator users.  Moreover, I don't think
/etc/sshd_config needs to be restricted though that could be a judgement
call.

Perhaps

$ chmod 600 ssh_host_*_key

is enough to fix the private key permissions, if in fact that is the problem.

>  $ cygrunsrv -Q cygsshd
....

"cygrunsrv -V -Q cygsshd" will reveal even more information.

--Stephen
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org C5347386F822
Authentication-Results:	sourceware.org;
	dmarc=none (p=none dis=none) header.from=berkeley.edu
Authentication-Results:	sourceware.org;
	spf=pass smtp.mailfrom=carrier AT berkeley DOT edu
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=berkeley-edu.20150623.gappssmtp.com; s=20150623;
	h=from:date:to:cc:subject:message-id:references:mime-version
	:content-disposition:in-reply-to:user-agent;
	bh=PskYnsAMv2TTXr4zzTzRW4tEalv9W3s1jSw/oVsTOEw=;
	b=pzDEg+ihnqBMkOSFrcUT9PUwan/K3xOULnFxNlzhn5F0J7vCWNkEDEs8GSlJPagRgh
	g048QUoUNTmBGjl5+dBxWVUVI0xnplvWx70wmNGFO4fIKeD/Lgv8mIvCmqLmHeVbIAzS
	2yGhYduoDU8ya75XieAzdB+97WcIa0P8hbtHVhHduS9BgPngaoVPa9oyYgq7kWup+bKu
	Gm3YRg6TaffjyAtWpnvt42aNAJNgLpDiF2yaRVLUGiSuIQHRzn9AhOrWa816YVAEHDRO
	bUNh99ktnYbwQA1IlhsP5t/PUwsMWEUSKEwylb0zsa1nelyzMahu+LAJWb9fkT7qcyfp
	mhwQ==
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:date:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=PskYnsAMv2TTXr4zzTzRW4tEalv9W3s1jSw/oVsTOEw=;
	b=JMyPNtVInxkmLG6Nh/0JPOfzl8X4qNeD0x9F3TO3xBTTak42heIYt2V0Ll55c1QkAU
	hFVHf7Q68GK+vgZ1tQo6r0HxfM4bhyn86MoT6jIA6sLvaiVzoIGlmoQeNSMF4GFET6jx
	i3Dqkv5aGwW7hn3M3mpKEkdVku9NkFgQnvX2R6NItd7VxCgc8hUuUTRlYavj5R5GdRqQ
	UyjBxX70VV6E6oxpk2dELdSHIxBMclKkJa3YTAi7QWQqIRQU5cq4mP48yDJAUAP1XxDJ
	4aG2h8Rw9M8WNkIyUtuzLzH70Sdg6GyfquC8mHZU2M+1erzu+eVBBOYd0ejzOOQ3gGp7
	fFgg==
X-Gm-Message-State:	AOAM533qD+KhXLUhKCmG2OJ8H2MWiAFm1DMmwi7p6t0Q+6vLNGCyJEfY
	7HuuJu1RefEv9uJx4YrOXxWWqkE9RdXOYA==
X-Google-Smtp-Source:	ABdhPJxbW+B56zH9k/D2w6oPANoSZPfhVLCAHuxDVTQFeURx0iffk57Fmeoa777BzfzyvHZK+7rsJQ==
X-Received:	by 2002:a17:90a:fa11:: with SMTP id
	cm17mr4849091pjb.153.1597854764311;
	Wed, 19 Aug 2020 09:32:44 -0700 (PDT)
From:	Stephen Carrier <carrier AT berkeley DOT edu>
X-Google-Original-From:	Stephen Carrier <carrier AT Berkeley DOT EDU>
Date:	Wed, 19 Aug 2020 09:32:42 -0700
To:	Subramanya Narayanaswamy <subramanya DOT narayanswamy AT oracle DOT com>
Subject:	Re: Need information on creating service user to connect from the
	Agent server to Windows hosts for installing agents on remote
Message-ID:	<20200819163242.GA7219@iguana.crashland.org>
References:	<6c46c572-6678-45ea-91db-54d02e0c3bcd AT default>
	<402804355 DOT 20200811013821 AT yandex DOT ru>
	<1dbc09c8-07ad-4f42-8c7e-0aff2fbe68cc AT default>
	<4910065414 DOT 20200812022520 AT yandex DOT ru>
	<b2c0ef06-11ab-496e-b277-a98624db2abf AT default>
	<20200812155859 DOT GA9165 AT iguana DOT crashland DOT org>
	<a80e26ba-4406-4012-a42d-8fc6659ce656 AT default>
	<cb2c0f2f-55e8-75da-ad7f-2838e203ef78 AT gmail DOT com>
MIME-Version:	1.0
In-Reply-To:	<cb2c0f2f-55e8-75da-ad7f-2838e203ef78@gmail.com>
User-Agent:	Mutt/1.12.2 (2019-09-21)
X-Spam-Status:	No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, KAM_ASCII_DIVIDERS, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Cc:	cygwin AT cygwin DOT com
Errors-To:	cygwin-bounces AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019