Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <20000808094709.27967.qmail@nw175.netaddress.usa.net> Date: 8 Aug 00 03:47:09 MDT From: To: cygwin Subject: Re: [Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]] CC: vinschen AT cygnus DOT com X-Mailer: USANET web-mailer (34FM0700.1.03) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id FAA12640 Corinna Vinschen wrote: > norbert DOT bladt AT usa DOT net wrote: > > > Change your /etc/passwd file on the client box so that the > > > administrator (or your favorite admins member name) has uid 0. > > > This should allow that admin to use a privileged port when > > > starting ssh. > > Works ad advertised, i.e. after changing the uid of the > > administrator on the client side to 0 it works. > > Because that was the only change in /etc/passwd I did, > > the user on the server side is reported as "everyone" because > > this user is first in the /etc/passwd on the client side and > > has the uid 0 - as created by mkpasswd. > This prevents everyone one the server side machine to use privileged > ports, including the admin. But that's no problem anymore since I > updated the OpenSSH port on ftp.franken.de as announced yesterday. I think there is a misunderstanding here. My /etc/passwd on the client side contains (among other lines) the following lines in this order everyone:*:0:0 ... administrator:xyz:0:513: ... So the client reports to the server side that the remote (client) username is "everyone" instead of administrator. That's it. Removing the everyone from /etc/passwd on the client side will solve this small annoyance. > > Thanks for this "solution". > > I thought about the other "fix" you mentioned in your > > previous E-Mail. But this seems to be a better way of doing > > it, because we don't have to maintain another derivative of > > a derivative of a derivative of the original OpenBSD sources ;-) > I assume I missed the point here. There's only one port of > OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de. > I changed it yesterday to ignore the uid when trying to use an > explicit port and to fix a bug in scp. The last one is a more important > problem so I suggest using that 2.1.1p4-2 version, nevertheless. I was talking about a fix you announced on this mailing list wrt. rhosts but you didn't implement it, at that time. But now, it is in the official port done by you. > BTW: It has the "open pid file in binmode" fix as well... This is very much appreciated ! [...] > > Will this work for other users with uid 0, too ? > > I don't think so, but you know a lot more about NT > > security than me. > It works for each `normal' user on NT now since NT doesn't restrict > well known port access to a privileged sort of user. And it works > for each Cygwin uid now ;-) However, it doesn't work for me. How do you specify an "explicit" local port to use ? For me it looks like the same as yesterday, i.e. as soon as I use the uid 0 it allocates a port lower than 1024 but if I have the uid to 500 for the administrator it still uses a port above 1023 and the (new) sshd.exe still does reject the connection. I just replaced the ssh on the client side and the sshd on the server side. Is that sufficient for the test ? Or is there something else I need to do or I am doing wrong ? Thanks again for your support in bringing OpenSSH to NT. Norbert. ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com