Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "Mikkel Rostock" To: Subject: RE: Windows hardening and system paths Date: Thu, 18 Aug 2005 23:55:09 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit In-Reply-To: <43045936.D69BBC8D@dessent.net> Hello again, I installed Cygwin using the installer, and after installing the packages - as I have done at least 10 times before - I ran the ssh-host-config -y (yes to all). This usually generates the host-keys automatically, and as you correctly state; it also sets the right permissions per default. I installed the exact same package on another machine running Windows XP - to eliminate the possibility of differences in package versions being the issue here. However, the package that I installed on Windows XP - using the exact same installation and configuration procedures - started the service straight away - without any problems and without creating special user accounts. Maybe I should try and create a special user account, since I am trying to install on Windows Server 2003 and not XP where it works fine. Therefore my conclusion is that something must be configured wrong on this particular Windows Server 2003 - as you hopefully could make from the logs. By the way - how do I generate the host keys? This might be the issue since sshd terminates because of this. Sorry for all the questions, but I am out of my depths here - I usually have no problems with Cygwin on any Windows platform... Maybe I'm on my own... Best Regards Mikkel Rostock -----Original Message----- From: Brian Dessent [mailto:brian AT dessent DOT net] Sent: 18. august 2005 11:48 To: cygwin AT cygwin DOT com Subject: Re: Windows hardening and system paths Mikkel Rostock wrote: > > whether you set the permissions and ownership of files correctly > I haven't changed permissions for any files, since usually when I install it > on Windows XP this is not necessary. > > > created the proper user accounts > The service is set to use LocalSystem account This will not work. Under 2k3 you need to create a special user account and give it extra permissions. This is explained in /usr/share/doc/Cygwin/openssh.README. However, the details are not important because all the user-creation and permission-setting is done for you with the ssh-host-config script which I recommend you use. Trying to do this by hand can be difficult. > ---------------------------------------------------------------------------- > Could not load host key: /etc/ssh_host_key > Could not load host key: /etc/ssh_host_rsa_key > Could not load host key: /etc/ssh_host_dsa_key > Disabling protocol version 1. Could not load host key > Disabling protocol version 2. Could not load host key > sshd: no hostkeys available -- exiting. > ---------------------------------------------------------------------------- You have not created the host keys. This is another task that ssh-host-config will automate for you. You probably don't have a /etc/sshd_config file either. I recommend that you remove all traces of whatever you've done by hand to install the sshd service and instead run the script. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/