X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: Andrew DeFaria <Andrew@DeFaria.com>
Subject:  Re: ssh to 2003 server exist immediately
Date:  Tue, 16 May 2006 07:37:20 -0700
Lines: 85
Message-ID: <e4co30$mk2$1@sea.gmane.org>
References:  <e3s32l$k60$1@sea.gmane.org> <4461FD21.3050606@cygwin.com>    <e3t060$q2n$1@sea.gmane.org> <44622D6F.2090303@cygwin.com>    <e3u80a$vbr$1@sea.gmane.org> <e3ubdt$cdt$1@sea.gmane.org>    <446542EF.8080204@cygwin.com> <e46840$87e$1@sea.gmane.org>  <2e59e6970605150645k138117d8m82c1ab0048b1d58c@mail.gmail.com>  <e4bq5c$cce$1@sea.gmane.org> <Pine.GSO.4.63.0605160902200.29567@access1.cims.nyu.edu>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
In-Reply-To: <Pine.GSO.4.63.0605160902200.29567@access1.cims.nyu.edu>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Igor Peshansky wrote:
>> Meantime I edited sshd_server's rights so I could do a "runas 
>> /user:sshd_server cmd". From here I started bash --login -i then did 
>> an "strace /usr/sbin/sshd -d > /tmp/sshd.strace.log 2>&1" (attached). 
>> The "relevant" part seems to be here:
>>
>> 277 3957121 [main] sshd 1404 C:\Cygwin\usr\sbin\sshd.exe: *** fatal 
>> error - could not load ws2_32, Win32 error 0
> Your mailer wrapped the strace snippet, but this definitely seems 
> relevant.  What does "getfacl /cygdrive/c/WINDOWS/system32/ws2_32.dll" 
> say?
The above is essentially the same as message as that which was written 
to /var/log/sshd.log that I reported originally. In any event a getfacl 
returns:

$ ls -l /dev/c/WINDOW/system32/ws2_32.dll
-rwxrwxr--+ 1 Administrators ???????? 83968 Mar 24  2005 
/dev/c/WINDOWS/system32/ws2_32.dll*
$ getfacl /dev/c/WINDOWS/system32/ws2_32.dll
# file: /dev/c/WINDOWS/system32/ws2_32.dll
# owner: Administrators
# group: ????????
user::rwx
group::rwx
group:SYSTEM:rwx
mask:rwx
other:r--

Neither Cygwin nor I have cause to twiddle the security or ACL bits on 
this obvious Windows dll. Does the above look correct for Windows 2003?
>> I'd appreciate any pointers (guesses) at this point?
> As Richard (or "* *") pointed out, your sshd_server user probably 
> doesn't have access to ws2_32.dll.
By "access" I assume you mean what Richard hinted at - execute access. 
Well above other is set to r--. I checked ws2_32.dll on my other server, 
which is, unfortunately Windows 2000 not Windows 2003, and I see:

$ ll /dev/c/WINNT/system32/ws2_32.dll
-rwxrwxr-x    1 Administ SYSTEM      69904 Jun 19  2003 
/dev/c/WINNT/system32/ws2_32.dll*
$ getfacl /dev/c/WINNT/system32/ws2_32.dll
# file: /dev/c/WINNT/system32/ws2_32.dll
# owner: Administrators
# group: SYSTEM
user::rwx
group::rwx
mask:rwx
other:r-x

Interesting to see other set to r-x. Checked my desktop (Windows XP) and 
it has other set to --- (!) for this dll with no problems running ssh. 
Did a chmod 775 on ws2_32.dll and checked it with getfacl (Could have 
sworn I tried this before... Perhaps some Windows "protection" reverted 
it?) and restarted sshd. Tried ssh - still failed - same way.

Perhaps somebody with a working sshd on Windows 2003 could give me the 
particulars about his ws2_32.dll to compare against mine. Here's the 
info I can see:

* The above ls -l and getfacl output

Looking at the file: properties version info:

File version: 5.2.3790.1830 (srv03_sp1_rtm 050324-1447)
Description: WIndows Socket 2.0 32-bit DLL
File Size: 82.0 Kb (83,968 bytes)

Security from file: properties

sons-sc-cc\Administrators: Modify, Read & Execute, Read, Write, Special 
Permissions (greyed)
Everyone: Read & Execute, Read
sons-sc-cc\Power Users: Read & Execute, Read
SYSTEM: Full control, Modify, Read & Execute, Read, Write
sons-ss-sc\Users: Read & Execute, Read

Hmmm... Noticed on my XP Desktop that Administrators had Full Control so 
I toggled it on on the Windows 2003 server. Received an error dialog 
stating "You are about to change the permissions settings on system 
folders which can result in unexpected problems and reduce security. Do 
you want to continue?". Continued, restarted sshd and tried an ssh - 
still failed! Same way. Argh...
-- 
You have to stay in shape. My mother started walking five miles a day 
when she was 60. She's 97 now and we have no idea where she is.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/