Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: Cygwin List Message-Id: <6.2.0.14.0.20050104130617.04d93cb0@pop.prospeed.net> Date: Tue, 04 Jan 2005 13:06:59 -0500 To: "pedal2metal" , From: Larry Hall Subject: Re: Installing sshd w/Cygwin under Win2K/SP4 In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Thanks for this record. It should be useful for others. Larry At 10:37 AM 1/4/2005, you wrote: >Hi Folks, > Here's the conclusion to my sshd journey. Larry was correct. >When installed properly, sshd should "just work", even using keys & with >multiple users. >Here's an exact record of the process I used for those considering embarking >on this journey >for themselves. :-) > >thanks & best regards, >eric > >LOG: >0. Format Hard Drive w/NTFS. >1. Windows 2K, SP4 Fresh Install. Install all critical updates. >2. Install Cygwin. Make sure openSSH package is selected as it is not >selected by Default. >3. Set CYGWIN=ntsec tty in System Environment Variables via >Settings->Control Panel->System->Advanced->Environment Variables->System >Variables New Button. >4. Restart Win2K/SP4 machine. >5. Check SYSTEM user rights. Check myself and a non-existent user as >references. > Eric@ ~ > $ ./testrights.csh SYSTEM > SeAssignPrimaryTokenPrivilege 2 > SeCreateTokenPrivilege 2 > SeDenyInteractiveLogonRight 2 > SeDenyNetworkLogonRight 2 > SeDenyRemoteInteractiveLogonRight 2 > SeIncreaseQuotaPrivilege 2 > SeServiceLogonRight 2 > > Eric@ ~ > $ ./testrights.csh Eric > SeAssignPrimaryTokenPrivilege 2 > SeCreateTokenPrivilege 2 > SeDenyInteractiveLogonRight 2 > SeDenyNetworkLogonRight 2 > SeDenyRemoteInteractiveLogonRight 2 > SeIncreaseQuotaPrivilege 0 > SeServiceLogonRight 2 > > Eric@ ~ > $ > > Eric@ ~ > $ ./testrights.csh Dummy > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeAssignPrimaryTokenPrivilege 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeCreateTokenPrivilege 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeDenyInteractiveLogonRight 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeDenyNetworkLogonRight 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeDenyRemoteInteractiveLogonRight 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeIncreaseQuotaPrivilege 1 > Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)! > > SeServiceLogonRight 1 > > Eric@ ~ > $ >6. Execute ssh-host-config. > Eric@ ~ > $ ssh-host-config -p -c 'ntsec tty' > Generating /etc/ssh_host_key > Generating /etc/ssh_host_rsa_key > Generating /etc/ssh_host_dsa_key > Generating /etc/ssh_config file > Privilege separation is set to yes by default since OpenSSH 3.3. > However, this requires a non-privileged account called 'sshd'. > For more info on privilege separation read >/usr/share/doc/openssh/README.privsep. > > Should privilege separation be used? (yes/no) yes > Warning: The following function requires administrator privileges! > Should this script create a local user 'sshd' on this machine? (yes/no) >yes > Generating /etc/sshd_config file > Added ssh to C:\WINNT\system32\drivers\etc\services > Added ssh to /etc/inetd.conf > > > Warning: The following functions require administrator privileges! > > Do you want to install sshd as service? > (Say "no" if it's already installed as service) (yes/no) yes > > The service has been installed under LocalSystem account. > To start the service, call `net start sshd' or `cygrunsrv -S sshd'. > > Host configuration finished. Have fun! > > Eric@ ~ > $ >7. Execute ssh-user-config. > Eric@ ~ > $ ssh-user-config > > WARNING: group and other have been revoked write permission to your home > directory /home/Eric. > This is required by OpenSSH to allow public key authentication >using > the key files stored in your .ssh subdirectory. > Revert this change ONLY if you know what you are doing! > > Shall I create an SSH1 RSA identity file for you? (yes/no) no > Shall I create an SSH2 RSA identity file for you? (yes/no) (yes/no) yes > Generating /home/Eric/.ssh/id_rsa > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Do you want to use this identity to login to this machine? (yes/no) yes > Adding to /home/Eric/.ssh/authorized_keys > Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) no > > Configuration finished. Have fun! > > Eric@ ~ > $ >8. Restart Win2K/SP4 machine. >9. Confirm cygrunsrv/sshd processes are running via Windows Task Manager. >10. Execute 'ssh -p 127.0.0.1'. > Eric@ ~ > $ ssh -p 127.0.0.1 > The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. > RSA key fingerprint is 67:8b:8e:2e:2c:93:a3:85:70:15:a6:ef:11:20:d9:f3. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts. > Fanfare!!! > You are successfully logged in to this server!!! > > Eric@ ~ > $ > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/