Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs Date: Tue, 23 Mar 2004 14:45:11 -0500 (EST) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: Ian Brandt cc: cygwin AT cygwin DOT com Subject: Re: Definitely no sshd on FAT32? In-Reply-To: <40608855.8080605@ianbrandt.com> Message-ID: References: <40608855 DOT 8080605 AT ianbrandt DOT com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.39 On Tue, 23 Mar 2004, Ian Brandt wrote: > Hi, > > I've been going through the archives and elsewhere, but just want to > verify that I'm not missing anything. Is it definitely *not* possible to > run sshd with cygwin installed on FAT32? It is, but it won't be as secure. See below. > I set CYGWIN to just "tty" when installing the service with > ssh-host-config, since according to the Cygwin docs "ntsec" is ignored > on FAT32 volumes. FYI, "ntsec" is only ignored for the *disk* volumes, but it is used for a bunch of other NT-enabled features that have nothing to do with disks (e.g., user context switching). However, "ntsec" is on by default now, so you aren't losing this functionality by omitting it. > I'm getting the following in /var/log/sshd.log when trying to start... > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_key > Could not load host key: /etc/ssh_host_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_rsa_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_rsa_key > Could not load host key: /etc/ssh_host_rsa_key > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Permissions 0644 for '/etc/ssh_host_dsa_key' are too open. > It is recommended that your private key files are NOT accessible by others. > This private key will be ignored. > bad permissions: ignore key: /etc/ssh_host_dsa_key > Could not load host key: /etc/ssh_host_dsa_key > Disabling protocol version 1. Could not load host key > Disabling protocol version 2. Could not load host key > sshd: no hostkeys available -- exiting. Try turning off "StrictModes" in your sshd_config. HTH, Igor > I tried chmod on the keys, but in accordance with the Cygwin docs it > silently does nothing... > > /etc$ chmod go-r ssh*key > /etc$ ls -al ssh*key > -rw-r--r-- 1 ibrandt None 672 Mar 23 09:23 ssh_host_dsa_key > -rw-r--r-- 1 ibrandt None 536 Mar 23 09:23 ssh_host_key > -rw-r--r-- 1 ibrandt None 887 Mar 23 09:23 ssh_host_rsa_key > > Thanks, > Ian -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "I have since come to realize that being between your mentor and his route to the bathroom is a major career booster." -- Patrick Naughton -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/