Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <39882CBF.B7C9C0F5@bigfoot.com>
Date: Wed, 02 Aug 2000 09:14:23 -0500
From: James Dumser <dumser AT bigfoot DOT com>
Organization: Ericsson North America Inc.
X-Mailer: Mozilla 4.73 [en] (X11; I; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: cygwin AT sources DOT redhat DOT com
Subject: Re: [ANNOUNCEMENT] OpenSSH-2.1.1p4 for Cygwin 1.1.3
References: <200008020035 DOT UAA19954 AT rtl DOT cygnus DOT com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I installed OpenSSH on an NT box (CYGWIN_NT-4.0 ROW2PC 1.1.3(0.24/3/2)
2000-07-27 10:59 i686 unknown) but haven't gotten it to work correctly
yet.

First, I thought the security stuff was settled so OpenSSH and friends
could live on sources.redhat.com. Am I misremembering or is there
another reason your publishing on ftp.franken.de?

From your README:
> - If you are installing OpenSSH the first time, you can generate
>   server keys and your own user keys by running
>        
>          /usr/local/bin/ssh-config

Actually, it's not the first time; but it wasn't working before. I
removed /usr/local/etc/ssh_host* files, renamed my ~/.ssh, and ran
ssh-config. BTW, it would be nice if ssh-config created ~/.ssh if it
didn't exist.

--- ssh-config.orig     Tue Aug  1 14:14:41 2000
+++ ssh-config  Wed Aug  2 08:41:15 2000
@@ -38,6 +38,11 @@
   exit 1
 fi
 
+if [ ! -d "${HOME}/.ssh" ]
+then
+  echo 'Creating $HOME/.ssh.'
+fi
+
 if [ ! -f "${HOME}/.ssh/identity" ]
 then
   while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]

> - Install sshd as daemon via SRVANY.EXE, via inetd or from the command
>   line.

I chose inetd.

> - if starting via inetd, copy sshd to eg. /usr/local/libexec/in.sshd

mkdir /usr/local/libexec
cp /usr/local/sbin/sshd.exe /usr/local/libexec/in.sshd.exe

>   and add the following line to your inetd.conf file:
> 
>   sshd stream tcp nowait root /usr/local/libexec/in.sshd sshd -i

Added
  sshd stream tcp nowait root /usr/local/libexec/in.sshd in.sshd -i

>   Moreover you'll have to add the following line to your
>   ${SYSTEMROOT}/system32/drivers/etc/services file:
> 
>   sshd         22/tcp          #SSH daemon

Done.

> - Authentication to sshd is possible in one of two ways. You'll have
>   to decide before starting sshd!

I am attempting to use NT authentication.

> - If you want to be able to login to different user accounts you'll
>   have to start sshd under system account or any other account that
>   is able to switch user context. Note that administrators are _not_
>   able to do that by default! You'll have to give the following
>   special user rights to the user:
>          "Act as part of the operating system"
>          "Replace process level token"
>          "Increase quotas"
>   and if used via service manager
>          "Logon as a service".

inetd runs as the SYSTEM account. Your note (and my knowledge of NT) is
not clear if SYSTEM already has the necessary permissions or not. I
granted the Administrators group all these rights.

>   Unfortunately, if you choose that way, you can only logon with NT
>   password authentification and you should change
>   /usr/local/etc/sshd_config to contain the following:
> 
>          PasswordAuthentication yes
>          RhostsAuthentication no
>          RhostsRSAAuthentication no
>          RSAAuthentication no
> 

Done.

> - You may use all features of the CYGWIN=ntsec setting the same
>   way as they are used by the `login' port on sources.redhat.com:

Via Control Panel, System, Environment, I have the global CYGWIN set to
tty ntea ntsec.

/etc/passwd has S- fields but now U- fields (isn't not part of a
domain).

When I try to ssh to itself, I get
  bash-2.04$ ssh -v row2pc
  SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
  Compiled with SSL (0x00905100).
  debug: Reading configuration data /usr/local/etc/ssh_config
  debug: Applying options for *
  debug: Seeding random number generator
  debug: ssh_connect: getuid 500 geteuid 500 anon 1
  debug: Connecting to row2pc [138.85.206.115] port 22.
  debug: Connection established.
  debug: ssh_exchange_identification: sshd: no hostkeys available --
         exiting.

  ssh_exchange_identification: Connection closed by remote host
  debug: Calling cleanup 0x41319c(0x0)

I also tried installing a ssh_known_hosts for our network (both in
/usr/local/etc and /etc), but this didn't make a difference.

-- 
James Dumser  dumser AT bigfoot DOT com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com