Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "Philippe Torche" To: Subject: RE: Take 2: Testers for new ssh-*-config scripts wanted! Date: Mon, 3 Nov 2003 18:51:04 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20031103162201.GF18706@cygbert.vinschen.de> Message-ID: X-OriginalArrivalTime: 03 Nov 2003 17:51:02.0552 (UTC) FILETIME=[0C0A0180:01C3A233] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id hA3HpETV031926 Hi, 1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin 2. If password complexity is enabled (yes per default) use a more complex password : length of 7 min (max 14 to avoid some warning about W2K), lower case and upper case letters. Good work, Philippe. > -----Message d'origine----- > De : cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] > De la part de Corinna Vinschen > Envoyé : lundi, 3. novembre 2003 17:22 > À : cygwin AT cygwin DOT com > Objet : Take 2: Testers for new ssh-*-config scripts wanted! > > Hi, > > I'd like to ask for more testing of the new ssh-host-config > and ssh-user-config scripts. > > The new thing here is, that the ssh-host-config script now > tries to figure out if the machine is a 2003 Server or newer > system. If so, the script asks, if it should create a new > account "sshd_server" > to use as account to run sshd as service under. If you say > "yes" at this point, a bunch of funny new activities is started: > > - The script creates a sshd_server account > > - It adds that account to the administrators group *iff* it's able > to figure out the name of that group from the /etc/group file. > This means, you must not change the name of the administrators > group in /etc/group and the SID (S-1-5-32-544) must be available > in that entry. > > - It uses the new editrights utility to add the necessary user rights > to the new sshd_server account. > These rights also explicitely deny logon locally and over network > and allow logon only as service for security reasons. > > The ssh-user-config script has also been changed. It tries > to figure out if the machine is a 2003 Server or newer and if > so, it sets the permissions of the users ~/.ssh directory and > the users ~/ssh/authorized_keys file so that the sshd_server > account has read permissions on both. If it's an older > system, it does the same for the SYSTEM account. > > Also on 2003, the sshd_server account is used for ownership > of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log). > > Further changes: > - Require bash for both scripts. > - Use `read -e' in both scripts to enable readline support. > > So, I'd like to ask especially users of a 2003 Server system > to test that script. Users of other systems are of course > also welcome since I want to be sure that I haven't broken > these systems. > > Attached are both scripts plus the vanilla ssh_config and > sshd_config file. The latter two have to be copied to > /etc/defaults/etc. Please not that the "editrights" tool has > to be installed on your system. > You can find it in the Base category when updating with setup.exe. > > Thanks in advance, > Corinna > > -- > Corinna Vinschen Please, send mails > regarding Cygwin to > Cygwin Developer > mailto:cygwin AT cygwin DOT com > Red Hat, Inc. > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/