Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Ross Smith II" <ross AT smithii DOT com>
To: <cygwin AT cygwin DOT com>
Cc: <cygwin-apps AT cygwin DOT com>
Subject: ssh patches to fix installation issues
Date: Wed, 23 Oct 2002 16:41:06 -0700
Message-ID: <NDBBJINIMKJKPGEBBJLKCEIFFBAA.ross@smithii.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0000_01C27AB2.FBF24080"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - erie.vervehosting.com
X-AntiAbuse: Original Domain - cygwin.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - smithii.com
Note-from-DJ: This may be spam

------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Attached are three small patches to the following files:

/bin/ssh-host-config
/bin/ssh-user-config
/usr/doc/Cygwin/openssh-3.4p1-5.README

to fix some installation issues and better explain using sshd in Windows.

The ssh-user-config changes are due to the fact that the default cygwin
umask is 000. Maybe a .bash_profile could be created containing umask 022
when the user's home directory is first created.  Just a thought.

This is the culmination of 6 hours of list perusing, and hair pulling, so
it's definitely "field tested".

Hope this helps,

Ross Smith

--- ssh-host-config.orig	2002-07-07 03:07:12.000000000 -0700
+++ ssh-host-config	2002-10-23 16:11:12.000000000 -0700
@@ -164,6 +164,7 @@
   if [ $_nt -gt 0 ]
   then
     chown system.system /var/empty
+    chmod 755 /var/empty
   fi
 fi

--- ssh-user-config.orig	2002-06-21 13:32:33.000000000 -0700
+++ ssh-user-config	2002-10-23 16:15:24.000000000 -0700
@@ -123,6 +123,8 @@
   fi
 fi

+chown `whoami` ${pwdhome}
+
 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
 then
   echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user
identity files."
@@ -139,6 +141,8 @@
   fi
 fi

+chmod 755 ${pwdhome}/.ssh
+
 if [ ! -f "${pwdhome}/.ssh/identity" ]
 then
   if request "Shall I create an SSH1 RSA identity file for you?"
@@ -196,5 +200,8 @@
   fi
 fi

+chmod 600 ${pwdhome}/.ssh/*
+chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys?
+
 echo
 echo "Configuration finished. Have fun!"

--- openssh-3.4p1-5.README.orig	2002-10-23 15:20:39.000000000 -0700
+++ openssh-3.4p1-5.README	2002-10-23 16:23:03.000000000 -0700
@@ -123,12 +123,53 @@

 - If you want to authenticate via RSA and you want to login to that
   machine to exactly one user account you can do so by running sshd
-  under that user account. You must change /etc/sshd_config
-  to contain the following:
+  under that user account.
+
+  * Change /etc/sshd_config to contain

   RSAAuthentication yes

-  Moreover it's possible to use rhosts and/or rhosts with
+  * Make sure you have executed the following:
+
+    $ ssh-host-config
+    $ ssh-user-config
+
+  * Due to the fact that cygwin's default umask is 0000, you will need
+    to execute the following (substituting your user name for USERNAME):
+
+	chown USERNAME ~
+	chmod 755 ~ ~/.ssh
+	chmod 600 ~/.ssh/*
+	chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys?
+
+  * Reinstall the ssh daemon to run as the user. Execute the following
+    (substituting your user name for USERNAME, and your password for
PASSWORD):
+
+	chmod 666 /var/log/sshd.log /var/empty
+	rm -fr /var/log/sshd.log /var/empty
+	touch /var/log/sshd.log
+	chmod 644 /var/log/sshd.log
+	chmod 755 /var/empty
+	chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log
+	cygrunsrv --stop sshd
+	cygrunsrv --remove sshd
+	cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \
+	   -u USERNAME \
+	   -w "PASSWORD" \
+	   -d "sshd" \
+	   -p /usr/sbin/sshd.exe \
+	   -1 /var/log/sshd.log \
+	   -2 /var/log/sshd.log \
+	   -a "-e -D"
+	cygrunsrv --start sshd
+
+  * NOTE: The user will not be able to login using their Windows password.
+    They will only be able to login using RSA authentication.
+
+    Therefore, you will need to copy your identity.pub and id_??a.pub
+    files into authorized_keys, and authorized_keys2, respectfully.
+
+  Moreover, it's possible to use rhosts and/or rhosts with
   RSA authentication by setting the following in sshd_config:

   RhostsAuthentication yes

------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
	name="ssh-host-config.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="ssh-host-config.diff"

--- ssh-host-config.orig	2002-07-07 03:07:12.000000000 -0700=0A=
+++ ssh-host-config	2002-10-23 16:11:12.000000000 -0700=0A=
@@ -164,6 +164,7 @@=0A=
   if [ $_nt -gt 0 ]=0A=
   then=0A=
     chown system.system /var/empty=0A=
+    chmod 755 /var/empty=0A=
   fi=0A=
 fi=0A=
 =0A=

------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
	name="ssh-user-config.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="ssh-user-config.diff"

--- ssh-user-config.orig	2002-06-21 13:32:33.000000000 -0700=0A=
+++ ssh-user-config	2002-10-23 16:15:24.000000000 -0700=0A=
@@ -123,6 +123,8 @@=0A=
   fi=0A=
 fi=0A=
 =0A=
+chown `whoami` ${pwdhome}=0A=
+=0A=
 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]=0A=
 then=0A=
   echo "${pwdhome}/.ssh is existant but not a directory. Cannot create =
user identity files."=0A=
@@ -139,6 +141,8 @@=0A=
   fi=0A=
 fi=0A=
 =0A=
+chmod 755 ${pwdhome}/.ssh=0A=
+=0A=
 if [ ! -f "${pwdhome}/.ssh/identity" ]=0A=
 then=0A=
   if request "Shall I create an SSH1 RSA identity file for you?"=0A=
@@ -196,5 +200,8 @@=0A=
   fi=0A=
 fi=0A=
 =0A=
+chmod 600 ${pwdhome}/.ssh/*=0A=
+chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys?=0A=
+=0A=
 echo=0A=
 echo "Configuration finished. Have fun!"=0A=

------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: application/octet-stream;
	name="openssh-3.4p1-5.README.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="openssh-3.4p1-5.README.diff"

--- openssh-3.4p1-5.README.orig	2002-10-23 15:20:39.000000000 -0700=0A=
+++ openssh-3.4p1-5.README	2002-10-23 16:23:03.000000000 -0700=0A=
@@ -123,12 +123,53 @@=0A=
 =0A=
 - If you want to authenticate via RSA and you want to login to that=0A=
   machine to exactly one user account you can do so by running sshd=0A=
-  under that user account. You must change /etc/sshd_config=0A=
-  to contain the following:=0A=
+  under that user account.=0A=
+  =0A=
+  * Change /etc/sshd_config to contain=0A=
 =0A=
   RSAAuthentication yes=0A=
 =0A=
-  Moreover it's possible to use rhosts and/or rhosts with=0A=
+  * Make sure you have executed the following:=0A=
+  =0A=
+    $ ssh-host-config=0A=
+    $ ssh-user-config=0A=
+=0A=
+  * Due to the fact that cygwin's default umask is 0000, you will need=0A=
+    to execute the following (substituting your user name for USERNAME):=0A=
+    =0A=
+	chown USERNAME ~=0A=
+	chmod 755 ~ ~/.ssh=0A=
+	chmod 600 ~/.ssh/*=0A=
+	chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys?=0A=
+=0A=
+  * Reinstall the ssh daemon to run as the user. Execute the following=0A=
+    (substituting your user name for USERNAME, and your password for =
PASSWORD):=0A=
+  =0A=
+	chmod 666 /var/log/sshd.log /var/empty=0A=
+	rm -fr /var/log/sshd.log /var/empty=0A=
+	touch /var/log/sshd.log=0A=
+	chmod 644 /var/log/sshd.log=0A=
+	chmod 755 /var/empty=0A=
+	chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log =0A=
+	cygrunsrv --stop sshd=0A=
+	cygrunsrv --remove sshd=0A=
+	cygrunsrv --install sshd -e "CYGWIN=3Dglob ntsec binmode" \=0A=
+	   -u USERNAME \=0A=
+	   -w "PASSWORD" \=0A=
+	   -d "sshd" \=0A=
+	   -p /usr/sbin/sshd.exe \=0A=
+	   -1 /var/log/sshd.log \=0A=
+	   -2 /var/log/sshd.log \=0A=
+	   -a "-e -D"=0A=
+	cygrunsrv --start sshd=0A=
+=0A=
+  * NOTE: The user will not be able to login using their Windows =
password.=0A=
+    They will only be able to login using RSA authentication.=0A=
+  =0A=
+    Therefore, you will need to copy your identity.pub and id_??a.pub=0A=
+    files into authorized_keys, and authorized_keys2, respectfully.=0A=
+=0A=
+  Moreover, it's possible to use rhosts and/or rhosts with=0A=
   RSA authentication by setting the following in sshd_config:=0A=
 =0A=
   RhostsAuthentication yes=0A=


------=_NextPart_000_0000_01C27AB2.FBF24080
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
------=_NextPart_000_0000_01C27AB2.FBF24080--