X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; q=dns; s=default; b=B3uaXv4XRWkPlDwBYEfrc/7YKNV0T Vcw863f1w5jh0H952HztOufezOY3HV5WW0YvWklm14Iqw1MA/A2Lsmj8zvNtGrmW zgTdDRtd65xPffiNPNL4ZK8EevA8WR+wteAEzSMRMdjGvoiJ0rPxebisMc0b/Ejd 1GcTytW5vQ0Qoo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; s=default; bh=UchjmwBRJ5fkAlu7M2IVd+xikjI=; b=x7H Mt6p/KKdDkbzavhoeFL6G5HAPUNMZ97z+cpTZ4d4SiGP4zFFA4uoTXdHcMffK9AI VrELC1/i0lu+4nyVTanmn9qWPCf5uvKYRPhT3jGxygvBlPHWZBzh5oSjzN4bHjs7 /C7KFV+8G6rUW+EegnCu8cFNxNIppvuKTFPs+oNs= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=passwd, folders, Seconds, inbound X-HELO: mail-it0-f41.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zDzJTtqty3wn6zzlvy8WMriTCIgqkm6/mvBqTSiwqF4=; b=XLyMjj0/RftyIBB1LO7q/j+8KBVaXHHdWWe/rZGm5e0MDBTbQF5dsoLS81dbyGEHg2 BqSpQdj9G7OpKOeAfSRPVcxi2rnefygKLxp20PZufk11qXbbc39RxcDFHp29y4/8587w qEvZjGRjFpIb7U9xFvhMuabBoNanqkRWc3QlfZ+05+GtbLYnfxc4+4FA13RsAevNNvOb Rq1Mn+6lnDVFHOJbtXOmtv7fkQrm/3mIWc0bo/R8JM3T2Nexsso5xJ8iAFxYiI5nTNSk yCdSOcCx3SUNdxieyxxRysSK5szeaTdQyz+VArnD7bv+avCkiKmGB94O+/Lqe1FYrCV0 AjFA== X-Gm-Message-State: AA6/9RnMDKXzNg6LnYg8jE2sUVQ94s367vAVJHvSiPY8iig5bf588YCX67fP2uJtLZq7yNPtNo4Plb08Elgj9g== X-Received: by 10.36.130.135 with SMTP id t129mr3052206itd.31.1475568944511; Tue, 04 Oct 2016 01:15:44 -0700 (PDT) MIME-Version: 1.0 From: =?UTF-8?B?TmljbyBNw7xsbGVy?= Date: Tue, 4 Oct 2016 10:15:44 +0200 Message-ID: Subject: Automated Cygwin installation on a Google VM To: cygwin@cygwin.com Content-Type: text/plain; charset=UTF-8 Hey everyone! We are trying to set up an automated Cygwin install on a Windows Server 2012 R2 VM in the Google cloud. The idea is to build a script that makes sure Icinga is able to connect to the server via SSH, for monitoring reasons. Here is what we came up with: --- # Cygwin installation + SSH setup $file = "setup-x86_64.exe" $url = "gs://cygwin/2.5.2/$($file)" $output = "C:\Users\Public\Downloads\$($file)" $localdir = "C:\cygwin_packages" $rootdir = "C:\cygwin" $mirror = "http://mirrors.kernel.org/sourceware/cygwin" $packages = "openssh,vim,cygrunsrv" $cyg_bash = "C:\cygwin\bin\bash.exe" $cyg_pw_url = "xxx" $cyg_password = Invoke-WebRequest -Uri $cyg_pw_url -UseBasicParsing $cyg_password | Out-File "C:\Users\Public\cyg_server_password.txt" $username = "icingaremote" $ici_pw_url = "xxx" $ici_password = Invoke-WebRequest -Uri $ici_pw_url -UseBasicParsing $ici_password | Out-File "C:\Users\Public\icingaremote_password.txt" $group = "Administrators" $ssh_folder = "/home/$($username)/.ssh" $key = "xxx" $start_time = Get-Date if (Test-Path $output) { Write-Output "Cygwin installer $($output) already exists" } else { gsutil cp $url $output Write-Output "Installing Cygwin..." Start-Process -FilePath $($output) -ArgumentList "-q -D -L -d -g -o -s $($mirror) -l $($localdir) -R $($rootdir) -C Base -P $($packages)" -Wait -PassThru Write-Host "Creating folders for SSH login..." Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c 'mkpasswd -l > /etc/passwd; mkdir -p $($ssh_folder); echo $($key) > $($ssh_folder)/authorized_keys; chmod 700 $($ssh_folder); chmod 600 $($ssh_folder)/authorized_keys; chown -R $($username) /home/$($username)/'" -Wait -PassThru Write-Output "Starting SSH configuration..." Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c 'ssh-host-config --yes --pwd $($cyg_password)'" -Wait $sshd_config_file = "C:\cygwin\etc\sshd_config" $acl = Get-Acl $sshd_config_file $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule("$($group)", "Modify", "None", "None", "Allow") $acl.AddAccessRule($rule) Set-Acl $sshd_config_file $acl $sshd_config = Get-Content $sshd_config_file $sshd_config.Replace('#PasswordAuthentication yes', 'PasswordAuthentication no').Replace('#PubkeyAuthentication yes', 'PubkeyAuthentication yes') | Out-File -Encoding ascii -FilePath $sshd_config_file -Force Start-Process -FilePath $($cyg_bash) -ArgumentList "--login -c 'cygrunsrv -S sshd'" -Wait Write-Output "Total time taken: $((Get-Date).Subtract($start_time).Seconds) second(s)" } # Add Firewall exception for SSH New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH -Program "C:\cygwin\usr\sbin\sshd.exe" --- Which works fine, if you run it as a local administrator, but fails to start the SSHD service properly, if you run it as a startup script, because startup scripts are run as the local system user. The file permissions end up in a very messed up state, if the script is run as the local system user. Seeing that the Google cloud and Icinga are nothing too exotic, is there anyone, who tried the same setup and had success setting this up or has some general hints on this matter? Regards -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple