Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <4356C85C.130BF479@dessent.net>
Date: Wed, 19 Oct 2005 15:27:40 -0700
From: Brian Dessent <brian@dessent.net>
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: sshd refuses ssh connections
References: <BAYC1-PASMTP02C22AFAD2B236E5F46775C6700@CEZ.ICE> <435684E8.4040800@equate.dyndns.org> <BAYC1-PASMTP052431A24A326EC049E659C6700@CEZ.ICE> <43569987.7050104@equate.dyndns.org> <4356C583.4719DB71@dessent.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin@cygwin.com

Brian Dessent wrote:

> No, it's a red herring.  The host keys should be readable only by the
> process that runs sshd.  This must be SYSTEM in order for impersonation
> to work.  Thus they should be readable only by SYSTEM, and that is how
> ssh-host-config sets things up, correctly.  So if you try to run sshd as
> your normal user account, it will not work.  That's why it's a bad idea
> to mess around with running sshd from a regular prompt, because you will
> run into all kinds of permissions/ownership issues unless you know
> precisely what you're doing.

The footnote to this is that if you obtain a shell as the SYSTEM user,
you can run sshd from a prompt in debugging mode without any issues. 
There is a script somewhere in the mailing list archives, I think it's
called "sysbash", that achieves this.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/