Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 17 Sep 2004 11:22:58 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: OpenSSH privilege separation fails: connections starts to be dropped.
Message-ID: <20040917092258.GC9638@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <179199034656 DOT 20040916221736 AT tortrade DOT ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <179199034656.20040916221736@tortrade.ru>
User-Agent: Mutt/1.4.2i

On Sep 16 22:17, Konstantin Andreev wrote:
> 
> In the first place, OpenSSH daemon works fine for me, if
> "UsePrivilegeSeparation" feature is disabled.
> 
> I enabled "UsePrivilegeSeparation" and properly configured my system
> for use of this feature: set up account "sshd" and set up permissions
> for /var/empty.
> 
> In this configuration OpenSSH daemon starts without complains, but
> drops incoming connections immediately after connect.
> 
> The appropriate debug output of SSH daemon (debug level 3) is:
> 
> ------------------- cut here --------------------------------
> ...
> debug2: Network child is on pid 1000
> debug3: privsep user:group 1004:100ed
> debug1: permanently_set_uid: 1004/100
> permanently_set_uid: was able to restore old [e]gid
> ------------------- cut here --------------------------------
> 
> The last line has severity "fatal", and is sent to Event Log.

I know this problem with a slightly different text:

  permanently_set_uid: was able to restore old [e]uid

Note "uid" instead of "gid".  But that problem has been solved already
about a year ago.  I'm a bit surprised to see the above message and I'm
unable to reproduce that problem.

While it's easy to workaround it in OpenSSH, I'd like to understand
why that happens, first.

Could you please send your /etc/passwd and /etc/group files, as well
as the information on which system this is running?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/