Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "pedal2metal" <pedal2metal AT sbcglobal DOT net>
To: <cygwin AT cygwin DOT com>
Subject: Installing sshd w/Cygwin under Win2K/SP4
Date: Tue, 4 Jan 2005 09:37:27 -0600
Message-ID: <PAEPIHFAAGHOAEGKBEEPAEABCAAA.pedal2metal@sbcglobal.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi Folks,
   Here's the conclusion to my sshd journey.  Larry was correct.
When installed properly, sshd should "just work", even using keys & with
multiple users.
Here's an exact record of the process I used for those considering embarking
on this journey
for themselves.  :-)

thanks & best regards,
eric

LOG:
0.  Format Hard Drive w/NTFS.
1.  Windows 2K, SP4 Fresh Install.  Install all critical updates.
2.  Install Cygwin.  Make sure openSSH package is selected as it is not
selected by Default.
3.  Set CYGWIN=ntsec tty in System Environment Variables via
Settings->Control Panel->System->Advanced->Environment Variables->System
Variables New Button.
4.  Restart Win2K/SP4 machine.
5.  Check SYSTEM user rights.  Check myself and a non-existent user as
references.
    Eric@<HOSTNAME> ~
    $ ./testrights.csh SYSTEM
    SeAssignPrimaryTokenPrivilege 2
    SeCreateTokenPrivilege 2
    SeDenyInteractiveLogonRight 2
    SeDenyNetworkLogonRight 2
    SeDenyRemoteInteractiveLogonRight 2
    SeIncreaseQuotaPrivilege 2
    SeServiceLogonRight 2

    Eric@<HOSTNAME> ~
    $ ./testrights.csh Eric
    SeAssignPrimaryTokenPrivilege 2
    SeCreateTokenPrivilege 2
    SeDenyInteractiveLogonRight 2
    SeDenyNetworkLogonRight 2
    SeDenyRemoteInteractiveLogonRight 2
    SeIncreaseQuotaPrivilege 0
    SeServiceLogonRight 2

    Eric@<HOSTNAME> ~
    $

    Eric@<HOSTNAME> ~
    $ ./testrights.csh Dummy
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeAssignPrimaryTokenPrivilege 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeCreateTokenPrivilege 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeDenyInteractiveLogonRight 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeDenyNetworkLogonRight 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeDenyRemoteInteractiveLogonRight 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeIncreaseQuotaPrivilege 1
    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!

    SeServiceLogonRight 1

    Eric@<HOSTNAME> ~
    $
6.  Execute ssh-host-config.
    Eric@<HOSTNAME> ~
    $ ssh-host-config -p <PORT> -c 'ntsec tty'
    Generating /etc/ssh_host_key
    Generating /etc/ssh_host_rsa_key
    Generating /etc/ssh_host_dsa_key
    Generating /etc/ssh_config file
    Privilege separation is set to yes by default since OpenSSH 3.3.
    However, this requires a non-privileged account called 'sshd'.
    For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.

    Should privilege separation be used? (yes/no) yes
    Warning: The following function requires administrator privileges!
    Should this script create a local user 'sshd' on this machine? (yes/no)
yes
    Generating /etc/sshd_config file
    Added ssh to C:\WINNT\system32\drivers\etc\services
    Added ssh to /etc/inetd.conf


    Warning: The following functions require administrator privileges!

    Do you want to install sshd as service?
    (Say "no" if it's already installed as service) (yes/no) yes

    The service has been installed under LocalSystem account.
    To start the service, call `net start sshd' or `cygrunsrv -S sshd'.

    Host configuration finished. Have fun!

    Eric@<HOSTNAME> ~
    $
7.  Execute ssh-user-config.
    Eric@<HOSTNAME> ~
    $ ssh-user-config

    WARNING: group and other have been revoked write permission to your home
             directory /home/Eric.
             This is required by OpenSSH to allow public key authentication
using
             the key files stored in your .ssh subdirectory.
             Revert this change ONLY if you know what you are doing!

    Shall I create an SSH1 RSA identity file for you? (yes/no) no
    Shall I create an SSH2 RSA identity file for you? (yes/no)  (yes/no) yes
    Generating /home/Eric/.ssh/id_rsa
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Do you want to use this identity to login to this machine? (yes/no) yes
    Adding to /home/Eric/.ssh/authorized_keys
    Shall I create an SSH2 DSA identity file for you? (yes/no)  (yes/no) no

    Configuration finished. Have fun!

    Eric@<HOSTNAME> ~
    $
8.  Restart Win2K/SP4 machine.
9.  Confirm cygrunsrv/sshd processes are running via Windows Task Manager.
10. Execute 'ssh -p <PORT> 127.0.0.1'.
    Eric@<HOSTNAME> ~
    $ ssh -p <PORT> 127.0.0.1
    The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
    RSA key fingerprint is 67:8b:8e:2e:2c:93:a3:85:70:15:a6:ef:11:20:d9:f3.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
    Fanfare!!!
    You are successfully logged in to this server!!!

    Eric@<HOSTNAME> ~
    $


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/