Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: ssh service staring problem "bad owner /var/empty" but not fixed Date: Wed, 9 Oct 2002 14:03:13 -0400 Message-ID: <7BFCE5F1EF28D64198522688F5449D5AC1E296@xchangeserver2.storigen.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Scott Prive" To: "Elfyn" , "cygml" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id g99I3tS02664 Looks like our problems are somewhat related. I wonder if anyone else has ideas... > -----Original Message----- > From: Elfyn [mailto:emcb_exposure AT hotmail DOT com] > Sent: Wednesday, October 09, 2002 1:44 PM > To: cygml; Scott Prive > Subject: Re: ssh service staring problem "bad owner > /var/empty" but not > fixed > > > Hey, > > What i meant by shared-server is that more than one person > (other than you) > would be accessing the server. So if it is a shared > environment you might > want to tighten security. > > In general you should run things like crond,sshd etc. as the > SYSTEM user as > Administrator doesnt have the required run as service tokens > and others > needed for a run-as-user service unless youve added them in > [domain|local] > security policy(s) thingys in Administrative tools. > > I dont know whats going on. I just had to stop sshd so i > could so i could > get rid of an ssh process that wouldnt go away, went away > when the service > stopped but now i cant restart it. I get these errors in the > eventlog... > > Event Type: Error > Event Source: sshd > Event Category: None > Event ID: 0 > Date: 09/10/2002 > Time: 17:57:14 > User: NT AUTHORITY\SYSTEM > Computer: W3 > Description: > The description for Event ID ( 0 ) in Source ( sshd ) cannot > be found. The > local computer may not have the necessary registry > information or message > DLL files to display messages from a remote computer. The following > information is part of the event: sshd : Win32 Process Id = > 0xCA8 : Cygwin > Process Id = 0xCA8 : starting service `sshd' failed: execv: > 1, Operation not > permitted. YES! I get exactly this message in Event Viewer, except execv=255 error=255 > > Event Type: Error > Event Source: sshd > Event Category: None > Event ID: 0 > Date: 09/10/2002 > Time: 17:57:13 > User: NT AUTHORITY\SYSTEM > Computer: W3 > Description: > The description for Event ID ( 0 ) in Source ( sshd ) cannot > be found. The > local computer may not have the necessary registry > information or message > DLL files to display messages from a remote computer. The following > information is part of the event: sshd : Win32 Process Id = > 0x950 : Cygwin > Process Id = 0x950 : starting service `l' failed: > redirect_fd: open (1, > /var/log/sshd.log): 22, Invalid argument. > I don't get this one exactly. The second error I get is line-for-line identical with the first event, minus the bit about "execv=255" (not a different error number... just not there at all). > are you getting anything similar? > > Elfyn > > > ----- Original Message ----- > From: "Scott Prive" > To: "Elfyn" ; "cygml" > Sent: Wednesday, October 09, 2002 6:23 PM > Subject: RE: ssh service staring problem "bad owner > /var/empty" but not > fixed > > > > > > -----Original Message----- > > From: Elfyn [mailto:emcb_exposure AT hotmail DOT com] > > Sent: Wednesday, October 09, 2002 12:02 PM > > To: cygml > > Subject: Re: ssh service staring problem "bad owner > > /var/empty" but not > > fixed > > > > > > Hi, > > > > I had that when i first installed it... i take it the > > permissions on files > > like /etc/sshd* /etc/ssh_host* are exclusive to the SYSTEM > > account (if your > > running a shared-style server) and the service is running as > > SYSTEM. > > Let's see...: > $ ls -l /etc/ssh* > -rw-r--r-- 1 Administ None 1049 Sep 5 15:59 > /etc/ssh_config > -rw-r--r-- 1 Administ None 668 Sep 5 15:19 > /etc/ssh_host_dsa_key > -rw-r--r-- 1 Administ None 614 Sep 5 15:19 > /etc/ssh_host_dsa_key.pub > -rw-r--r-- 1 Administ None 539 Sep 5 15:19 > /etc/ssh_host_key > -rw-r--r-- 1 Administ None 343 Sep 5 15:19 > /etc/ssh_host_key.pub > -rw-r--r-- 1 Administ None 883 Sep 5 15:19 > /etc/ssh_host_rsa_key > -rw-r--r-- 1 Administ None 234 Sep 5 15:19 > /etc/ssh_host_rsa_key.pub > -rw-r--r-- 1 Administ None 2041 Sep 5 15:59 > /etc/sshd_config > > Is "Administrator" here perfectly synonymous with "SYSTEM"? > Also, I'm not sure what you mean by "shared style server", > how to verify if > that is my case, or how this would affect things. > > The service in MMC shows it logs on as "Local System > Account", "interact > with desktop" NOT checked. Should this instead be running as > sshd user or > Administrator? > > I personally prefer to get things running "the right way" and > not blow holes > through local security. That said, this is a test lab system > and I'd go the > "hack" way to Make It Work... if I knew what to do next. > > >I got > > around that problem my making the system user the owner of > > /var/empty with > > exclusive rwx permissions and group/other with none. if youre > > not running > > the svc as SYSTEM just adjust the owner to your user. > > I've already `chmod 700 /var/empty`. Not sure what you mean > about ownership > of the service. I'm not sure this was the correct thing to > do, but I tried > setting CYGWIN sshd to log on as Administrator, set the > password, and now it > returns "Error 1069: Logon failure" (the password IS correct). > > > > Have you had problems with ssh when logging in at all? > > I can't even get the service to START. > > >my sshd has for some > > reason been denying access to anyone that trys to login to my > > CYGWIN server > > with a permission/access denied message. nothing in sshd.log > > but event-log > > shows a badpw error (very weird). i know the password is > > correct bacause im > > using terminal services to login to the server right now... > > > > hope the first bit helps, sorry to bore you with the latter :) > > No problem. :-D I've been reading everything I can on the subject. > > There might be enough demand for a Cygwin book; I'd buy one > in a heartbeat. > With problems like this you get the complexity UNIX is known > for, with NT's > lack of decent error reporting. When you're DONE, of course, you get > powerful UNIX tools, with Win2K's good points (good points? A > free PC in > every box of MS Outlook) :-) > > I'm still stuck, if anyone else has ideas. > > > > > Elfyn > > > > ----- Original Message ----- > > From: "Scott Prive" > > To: "Cygwin" > > Sent: Wednesday, October 09, 2002 4:12 PM > > Subject: ssh service staring problem "bad owner /var/empty" > > but not fixed > > > > > > Hello, > > > > I understand the problem I am about to ask is not uncommon, > > and I have made > > considerable effort to look for the answers in the archive... > > > > On an up-to-date (today) Cygwin install, sshd refuses to > start (the MS > > Management console gives a useless error). On other systems, I have > > installed Cygwin sshd and it worked fine (I have not done > > this "recently" > > though and I understand there have been changes to ssd of sorts). > > > > When I first attempted this install some weeks back, I > > followed the guide at > > http://tech.erdelynet.com/cygwin-sshd.html > > > > I didn't actually "run the permissions script" as the author > > had just days > > before, pulled down the script. I'm not sure if the other > > steps on this page > > complicate my problem, so I'll mention it. > > > > The first thing I check is /var/log/sshd.log, and it's "bad > > owner or mode > > for /var/empty". OK, it's some sort of NT permissions issue. > > A Google search > > tells me /var/empty should be chmod 700 or 755 (it's 755). > > > > grep /etc/passwd ssh shows ssh account is 1000:513, sshd > > privsep, home of > > /var/empty and shell of /bin/false > > > > I've also tried chowning the directory as SYSTEM:SYSTEM (or 18:18). > > > > I did notice in the MMC Groups panel, there is no VISIBLE > > group for "sshd", > > but there is a sshd user. My Google searches tell me there > should be a > > group, so I attempt to add the group "sshd" and make "sshd" > > user a member. I > > get the error: "while attempting to create the group sshd > on computer > > QA2000TEST: The account already exists". I get this error if > > I attempt to > > create the group "sshd" with or with-out the member "sshd". > > > > I've Reinstalled openssh, and even selected Unininstall > > followed by Install > > in case there was a difference. The version of openssh I have > > is 3.4p1-5 > > > > I appreciate any help. I hope I have checked all of the > > obvious "gotchas" so > > I don't waste anyone's time. Thanks. > > > > -Scott > > > > -- > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > Bug reporting: http://cygwin.com/bugs.html > > Documentation: http://cygwin.com/docs.html > > FAQ: http://cygwin.com/faq/ > > > > -- > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > Bug reporting: http://cygwin.com/bugs.html > > Documentation: http://cygwin.com/docs.html > > FAQ: http://cygwin.com/faq/ > > > > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/