Mailing-List: contact cygwin-help@sourceware.cygnus.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@sources.redhat.com>
List-Help: <mailto:cygwin-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@sources.redhat.com
Delivered-To: mailing list cygwin@sources.redhat.com
Message-ID: <3A1AA990.D6E736BF@redhat.com>
Date: Tue, 21 Nov 2000 17:57:52 +0100
From: Corinna Vinschen <vinschen@redhat.com>
Reply-To: cygwin <cygwin@cygwin.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.14-SMP i686)
X-Accept-Language: de, en
MIME-Version: 1.0
To: cygwin <cygwin@cygwin.com>
Subject: Re: SSHD setup
References: <033701c053a5$34b302b0$f7c723cb@lifelesswks>
	 <033701c053a5$34b302b0$f7c723cb@lifelesswks> <5.0.0.25.2.20001121093042.02df5500@mail.prefres.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Matt Minnis wrote:
> Ok,
> 
> I have beat my head against this too much now.
> What are the permissions for '/usr/local/etc/ssh_host_key'?

Take a look into your /etc/sshd_config file. It seems to be
an older version which contains "HostKey /usr/local/etc/ssh_host_key"
by mistake. Change the value to the "HostKey /etc/ssh_host_key"
or comment it by prepending a `#' character.

> What about '/etc/ssh_host_dsa_key'?
> If they are too open it says that this is bad, but when they are more
> secure, then it can't load it because it is not allowed.
> what chmod values do I need?
> 
> /source/NT_Admin >sshd -d
> debug1: sshd version OpenSSH_2.3.0p1
> debug1: Seeding random number generator
> error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> error: Bad ownership or mode(0600) for '/usr/local/etc/ssh_host_key'.

The ownership has to be either the user which starts sshd or the
user with Cygwin uid 0. If you have read the ntsec documentation
you know that the Cygwin uid need not to be the same as the WinNT
RID.

The above mode is ok: 0600 = -rw------- which is recommended. So I
assume the ownership isn't correct.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@redhat.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com