Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 11 Oct 2004 13:43:28 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: SSHD installation defaults / security
Message-ID: <20041011114328.GN6702@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <001801c4af85$87bb3280$3300a8c0 AT heroldy>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001801c4af85$87bb3280$3300a8c0@heroldy>
User-Agent: Mutt/1.4.2i

On Oct 11 13:29, Jochen Wezel wrote:
> Hi!
> 
> I've installed today the current release of cygwin (1.5.11-1) with OpenSSH
> package.
> 
> There are 2 issues:
> 
> 1. This package (or at least the ssh-host-config script) depends on
> cygserver

Neither the package nor ssh-host-config depend on cygserver.  Dunno how
you get the idea.  Do you mean cygrunsrv?  Yes, the ssh-host-config script
depends on it *iff* you answer the question to install sshd as a service.

I'm not sure if the package should require cygrunsrv, though.  The
/usr/share/doc/Cygwin/openssh.README file mentions that cygrunsrv is
required to install sshd as service on NT systems.

> 2. After installation, the /etc/sshd_config file allows SSH protocol 1 by
> default. Since this protocol 1 has a coneceptual security hole, it should
> not be available after standard setup. If somebody requires it, he had to
> manually configure the sshd_config. That's why I suggest to change that file
> to:
> 
> Port 22
> Protocol 2 #,1			# <-- activate protocol version 1 here, if
> you really require it
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> 
> Please can the developers do these changes?

The above installation of /etc/sshd_config is, except for a small Cygwin
specific tweak, the same sshd_config file as you get it when building and
installing OpenSSH from scratch.  There's no reason to change that unless
the core developers of OpenSSH decide to install it differently.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/