Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Thu, 10 Oct 2002 16:04:32 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: lhall AT rfk DOT com
cc: cygwin AT cygwin DOT com, <david AT purplebear DOT net>
Subject: Re: sshd problems
In-Reply-To: <165230-2200210410195418189@M2W070.mail2web.com>
Message-ID: <Pine.GSO.4.44.0210101602030.21331-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Oops, wouldn't want it to come out that way...  I was suggesting this as
a way of diagnosing the problem, not as a way of permanently fixing it.

However, if mounts did somehow get created for .DEFAULT or SYSTEM, I
wouldn't know of any way to manipulate them using the mount command unless
you su'd to SYSTEM, and you'd need sshd running for that.  Catch-22...
	Igor

On Thu, 10 Oct 2002, lhall AT pop DOT ma DOT ultranet DOT com wrote:

> True, but I'd just like to reiterate that manipulating mount points via
> the registry is a completely unsupported and unecessary.  mount can do
> everything that you can do via regedit/regtool w.r.t. mounting.  Anyone
> that relies on registry tweaking to fix their mount problems will have
> problems sometime in the future when this mechanism changes.  Use 'mount'
> to inspect, create, remove, and edit mount point in Cygwin.  'mount' will
> always work.
>
> Larry
>
> Original Message:
> -----------------
> From: Igor Pechtchanski pechtcha AT cs DOT nyu DOT edu
> Date: Thu, 10 Oct 2002 15:41:17 -0400 (EDT)
> To: david AT purplebear DOT net, cygwin AT cygwin DOT com
> Subject: Re: sshd problems
>
>
> David,
>
> In Windows, do Start->Run, type 'regedit'.  In regedit, Edit->Find, type
> 'mounts v2', leave only the 'Keys' box checked, then keep pressing "Find
> Next".  See if somehow there are mounts created for the user 'SYSTEM'
> (which would actually be some long id, but that's ok) or ".DEFAULT".  The
> mounts will show as subkeys of the 'mounts v2' key for that user.  See if
> the '/' subkey points to "c:/".  If it is, you should be able to at least
> rename the 'mounts v2' key to something else temporarily and see if it
> fixes your problem (or delete it if you feel lucky).
> 	Igor
> P.S. There should be a way to do this with regtool as well, but I can't
> think of one offhand.
>
> On Thu, 10 Oct 2002, David Monk wrote:
>
> > A further update on this issue. If I do some forcing, ie. using an
> alternate
> > key and chowning /var/empty to myself, I _can_ get sshd to run. I can't
> > login, but it does run.
> > Keeping in mind the weird c:\var\log\sshd.log file appearance, I tested it
> > out. I deleted c:\var. I started sshd from the shell as /usr/sbin/sshd -h
> > /home/dmonk/ssh_host_rsa_key -d -d -d. It ran and no c:\var\log\sshd.log
> was
> > created. However, when I tried to start the service, the
> c:\var\log\sshd.log
> > was created. Somehow, when it runs as LocalSystem, it does not have the
> > proper cygwin mount points available. This may be the root of the issue.
> How
> > can this be fixed?
> >
> > David
> >
> > ----- Original Message -----
> > From: "David Monk" <david AT purplebear DOT net>
> > To: "Harig, Mark A." <maharig AT idirect DOT net>; "Len Giambrone"
> <frodo AT mit DOT edu>
> > Cc: <cygwin AT cygwin DOT com>
> > Sent: Thursday, October 10, 2002 1:53 PM
> > Subject: Re: sshd problems
> >
> >
> > > >From the default installation, then ssh-host-config perspective of this
> > now,
> > > my /var/empty looked like this immediately following ssh-host-config:
> > >
> > > drwxrwxrwx    2 system   system          0 Oct 10 13:18 /var/empty
> > >
> > > Well, the date was different, as I have deleted and recreated it
> manually
> > a
> > > couple times trying to get this working.
> > > Changing it to what you show:
> > >
> > > drwxr-xr-x    2 system   system          0 Oct 10 13:18 /var/empty
> > >
> > > gives the following, using a separate key to even get sshd to run:
> > >
> > > $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> > > debug1: sshd version OpenSSH_3.4p1
> > > debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> > > debug1: read PEM private key done: type RSA
> > > debug1: private host key: #0 type 1 RSA
> > > Disabling protocol version 1. Could not load host key
> > > Bad owner or mode for /var/empty
> > >
> > >
> > > Looking through the archives shows there have been a lot of recent
> > problems
> > > with sshd. My current question is, does anyone now have sshd running as
> a
> > > service, using privsep on Windows 2000 with an NTFS filesystem? I am
> > > beginning to wonder if it could be due to service pack 3. That was a
> > recent
> > > update to this system. Unfortunately, I only use sshd on this system
> when
> > I
> > > need to do things from home, so I can not pinpoint exactly when this
> issue
> > > appeared.
> > >
> > > David
> > >
> > >
> > > ----- Original Message -----
> > > From: "Harig, Mark A." <maharig AT idirect DOT net>
> > > To: "David Monk" <david AT purplebear DOT net>; "Len Giambrone" <frodo AT mit DOT edu>
> > > Cc: <cygwin AT cygwin DOT com>
> > > Sent: Thursday, October 10, 2002 1:41 PM
> > > Subject: RE: sshd problems
> > >
> > >
> > > According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
> > >
> > > >The new ssh-host-config script also adds the /var/empty directory
> > > >needed by privilege separation.  When creating the /var/empty directory
> > > >by yourself, please note that in contrast to the README.privsep
> > > document
> > > >the owner sshould not be "root" but the user which is running sshd.
> > > So,
> > > >in the standard configuration this is SYSTEM.  The ssh-host-config
> > > script
> > > >chowns /var/empty accordingly.
> > >
> > > In /usr/bin/ssh-host-config is the following code:
> > >
> > > ># Create /var/empty file used as chroot jail for privilege separation
> > > >if [ -f /var/empty ]
> > > >then
> > > >  echo "Creating /var/empty failed\!"
> > > >else
> > > >  mkdir -p /var/empty
> > > >  # On NT change ownership of that dir to user "system"
> > > >  if [ $_nt -gt 0 ]
> > > >  then
> > > >    chown system.system /var/empty
> > > >  fi
> > > >fi
> > >
> > > For me, I have the following permissions:
> > >
> > >   $ ls -ld /var/empty
> > >   drwxr-xr-x    2 SYSTEM   SYSTEM          0 Jul 24 11:39 /var/empty
> > >
> > > > -----Original Message-----
> > > > From: David Monk [mailto:david AT purplebear DOT net]
> > > > Sent: Thursday, October 10, 2002 2:31 PM
> > > > To: Len Giambrone
> > > > Cc: cygwin AT cygwin DOT com
> > > > Subject: Re: sshd problems
> > > >
> > > >
> > > > Generating a new key worked, as far as finding the key goes. Then it
> > > > presented me with a /var/empty ownership or permissions
> > > > issue. So, thinking
> > > > along the same lines, I chaned owner of that dir to myself.
> > > > Finally, sshd
> > > > runs. Not as a service unfortunately, but it does run. Also
> > > > unfortunately, I
> > > > can not log in under these circumstances. I get a password
> > > > prompt, but it
> > > > never accepts it. I can only guess this has something to do
> > > > with privlege
> > > > separation.
> > > >
> > > > Anyway, the main problem here, from the beginning of this
> > > > thread, is that
> > > > openssh was working fine, running as a service, using
> > > > privlege separation
> > > > until approx 2 weeks ago. The only thing I could have
> > > > possibly done to break
> > > > that was updating packages. So, somewhere, something in
> > > > cygwin changed.
> > > > Either specifically with the openssh package or with the some
> > > > other aspect,
> > > > but something has definitely changed. Again, this was working
> > > > beautifully I
> > > > know for absolute certainty 3 weeks ago, the server running
> > > > as a service via
> > > > cygrunsrv, utilizing the privlege separation. The only things
> > > > that have been
> > > > done to this system over the last few months has been regular
> > > > virus updates,
> > > > updates for Windows and cygwin updates. I have not messed with any
> > > > configuration files, nor have I changed any file permissions
> > > > within cygwin
> > > > of it's file tree to cause this.
> > > >
> > > > David
> > >
> > > (a huge amount of text deleted)

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Water molecules expand as they grow warmer" (C) Popular Science, Oct'02, p.51


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/