Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Mon, 13 May 2002 07:46:32 -0400 (EDT) From: Prentis Brooks To: Zeus =?ISO-8859-1?Q?G=F3mez?= Marmolejo cc: cygwin AT cygwin DOT com Subject: Re: Problem with SSHD In-Reply-To: <3CDF718B.5040507@fib.upc.es> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by delorie.com id g4DBnHn04399 Just a quick question, is CYGWIN sent globally in your environment. I have seen this problem when CYGWIN is not in SYSTEM's environment with ntsec enabled. Probably not your problem, but at least something to verify. On Mon, 13 May 2002, Zeus [ISO-8859-1] Gómez Marmolejo wrote: > Hi all, > > I've searched all the historical messages of the list but I haven't find > any solution to my problem. Any help would be appreciated. I've > installed cygwin sshd in a W2k server box but I can't manage to start > it. When I run it as a service, I get the following error: > > $ cygrunsrv -S sshd > cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: > The service has not been started. > > Viewing the logs, there's a couple of errors: > $ cat /var/log/sshd.log > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_key > Could not load host key: /etc/ssh_host_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_rsa_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_rsa_key > Could not load host key: /etc/ssh_host_rsa_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_dsa_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_dsa_key > Could not load host key: /etc/ssh_host_dsa_key > Disabling protocol version 1. Could not load host key > Disabling protocol version 2. Could not load host key > sshd: no hostkeys available -- exiting. > > But, in this case when I do an ls of the /etc/ directory I get the > following: > $ ls -las /etc > total 139 > 4 drwxrwxrwx 5 Administ None 4096 May 12 10:22 . > 4 drwxrwxrwx 10 Administ None 4096 May 9 12:44 .. > 1 -rwxrwxrwx 1 Administ None 280 May 9 12:44 group > 86 -rwxrwxrwx 1 Administ None 88039 Mar 7 16:50 moduli > 1 -rwxrwxrwx 1 Administ None 966 May 12 10:09 passwd > 4 drwxrwxrwx 2 Administ None 4096 May 9 12:44 postinstall > 0 -rw-r--r-- 1 Administ None 0 May 12 10:21 primes > 1 -rwxrwxrwx 1 Administ None 386 May 9 12:44 profile > 0 drwxrwxrwx 2 Administ None 0 May 9 12:42 profile.d > 16 drwxrwxrwx 2 Administ None 16384 May 9 12:43 setup > 1 -rw-rw-rw- 1 Administ Administ 955 May 9 12:45 ssh_config > 1 -rw------- 1 SYSTEM SYSTEM 668 May 9 12:45 > ssh_host_dsa_key > 1 -rw-r--r-- 1 Administ Administ 612 May 9 12:45 > ssh_host_dsa_key.pub > 1 -rw------- 1 SYSTEM SYSTEM 537 May 9 12:44 ssh_host_key > 1 -rw-r--r-- 1 Administ Administ 341 May 9 12:44 > ssh_host_key.pub > 1 -rw------- 1 SYSTEM SYSTEM 887 May 9 12:45 > ssh_host_rsa_key > 1 -rw-r--r-- 1 Administ Administ 232 May 9 12:45 > ssh_host_rsa_key.pub > 2 -rw-rw-rw- 1 Administ Administ 1562 May 12 10:22 sshd_config > 13 -rwxrwxrwx 1 Administ None 12306 Apr 3 17:11 termcap > > The ssh_host*_key files have 0600 permissions and the logs are > incorrect. I have tried to change the owner of these files to > Administrator and run the service in the command line (as Administrator): > $ /usr/sbin/sshd -D > > The command succeeds but when I try to login, passwords doesn't match (I > suppose that sshd has to be run as SYSTEM account to authenticate > users). How can I solve this problem? > > Windows 2000 acls shows that /etc/ssh_host*_key has the Everyone user > but no permissions with it. Can be this problem? I can't remove the > 'Everyone' user of the acl because the owner is SYSTEM and I would be > changing the ownership of the files... What should I do? > > CYGWIN is set to "ntsec tty". Any thanks in advance. > > > Zeus Gómez. > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > -- Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisBrooks Senior System Administrator - Web Infrastructure & Security A knight is sworn to valor. His heart knows only virtue. His blade defends the helpless. His word speaks only truth. His wrath undoes the wicked. - the old code of Bowen, last of the dragonslayers -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/