Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <415A98AC.B1140D40@dessent.net>
Date: Wed, 29 Sep 2004 04:12:44 -0700
From: Brian Dessent <brian AT dessent DOT net>
Organization: My own little world...
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh-host-config requires cygminires.dll
References: <415975F6 DOT 5030403 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281059050 DOT 4120 AT slinky DOT cs DOT nyu DOT edu> <415983C7 DOT 9010101 AT swipnet DOT se> <Pine DOT GSO DOT 4 DOT 61 DOT 0409281328350 DOT 4220 AT slinky DOT cs DOT nyu DOT edu> <415A73B6 DOT 2030306 AT swipnet DOT se> <415A7C82 DOT 99C307BE AT dessent DOT net> <415A8259 DOT 909 AT swipnet DOT se>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com

a12 wrote:

> /usr/share/doc/Cygwin/openssh.README states:
> If you start sshd as deamon via cygrunsrv.exe you MUST give the
> "-D" option to sshd. Otherwise the service can't get started at all.

That isn't telling to you use -D on the cygrunsrv command line
directly.  It means that the sshd arguments should contain that
parameter.  I.e. you must include -D in the setting of the -a parameter,
such as "cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D"  -D
is not a cygrunsrv option, it is the predicate of the -a option.

> ssh_host_*_key.pub are owned by the user that has run ssh-host-config
> Is it OK ?

If you ran the above commands they should be owned by SYSTEM.  The idea
here is that those files contain the private half of the host's
public/private keypair, and this is sensitive data.  So the file should
be readable only by the account that runs the ssh daemon.  If you are
the only local user then it doesn't really matter much as you can be
trusted, but on an actual multiuser posix system you would want to
restrict the host key files accordingly.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/