Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Stephen Biggs" <yyyyy50 AT hotpop DOT com>
To: cygwin AT cygwin DOT com
Date: Sun, 14 Sep 2003 19:57:23 +0200
MIME-Version: 1.0
Subject: Re: SSHD and XP problems; setguid fails - FIXED!
Message-ID: <3F64C823.71.33A5BD@localhost>
In-reply-to: <3F6394F3.30173.58B133@localhost>
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body

Permission problems.

Once I created the right permissions for the user id directory that the 
remote was connecting to and made sure that SYSTEM.SYSTEM owned the host 
private keys and the /var/empty directory, then everything worked like a 
charm with the service.

The cygwin process for creating a home directory creates looser NTFS 
permissions than should be.  That is, the home directory should be full 
control by the user and Administrators only, perhaps with SYSTEM getting 
read access for things like ssh, but nothing and nobody else.  This is 
how it is in Unix.

NTFS permissions and the resulting Unix simulated permissions for the 
entire cygwin tree seem to be a bit of a mess.  

Maybe I'll create a patch.  Where should I look?  This is not simply a 
question of just changing the /etc/profile script, is it?

On 13 Sep 2003 at 22:06, Stephen Biggs wrote:

> Cygwin/SSHD on Windows XP SP1, all updated as of this evening.
> 
> I've seen some other posts on this issue but none really addresses what I 
> am seeing.
> 
> The output from running SSHD in debug mode:
> root AT localhost ~
> $ /usr/sbin/sshd -p 22 -D -d -d -d
> debug2: read_server_config: filename /etc/sshd_config
> debug1: sshd version OpenSSH_3.6.1p2
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> 
> .. After connection from another unprivileged cygwin prompt:
> steve AT localhost ~
> $ ssh localhost
> Read from socket failed: Connection reset by peer
> 
> The server outputs:
> debug1: Server will not fork when running in debugging mode.
> Connection from 127.0.0.1 port 1395
> debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2
> debug2: Network child is on pid 2228
> debug3: privsep user:group 1010:545
> debug3: preauth child monitor started
> setgid failed for 545
> debug3: mm_request_receive entering
> debug1: Calling cleanup 0x422880(0x0)
> 
> root AT localhost ~
> $
> 
> A verbose client run gives:
> steve AT localhost ~
> $ ssh -vvv localhost
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug2: key_type_from_name: unknown key type '----'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'Comment:'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '----'
> debug3: key_read: missing keytype
> debug1: identity file /home/steve/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/steve/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/steve/.ssh/id_rsa type 1
> debug1: identity file /home/steve/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
> debug1: SSH2_MSG_KEXINIT sent
> Read from socket failed: Connection reset by peer
> debug1: Calling cleanup 0x41b2e0(0x0)
> 
> steve AT localhost ~
> $
> 
> The relevant entries in /etc/passwd:
> Users:*:545:545:,S-1-5-32-545::
> sshd:unused_by_nt/2000/xp:1010:545:sshd privsep,U-YIYEH-BESEDER\sshd,S-1-5-21-527237240-1004336348-1417001333-1010:/var/empty:/bin/false
> 
> sshd is the only UID in /etc/passwd that belongs to Users.
> 
> /etc/group entry:
> Users:S-1-5-32-545:545:
> 
> /etc/passwd and /etc/group are world readable.
> 
> Can anybody point me in the right direction to find out how to get this 
> to work?  I haven't even got to the fun parts trying to get key 
> authentication working, yet.
> 
> Thanks for any assistance.
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 





--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/